DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with applicants representative Andrew Weaver on  May 27, 2022.

Claims 1, 8 and 15 has been amended as follows:

1. ( Currently Amended) A computer-implemented method comprising: 
first obtaining reference concrete level rules for a node in a network, comprising
second obtaining a local logical model for [[a]] the node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network;
creating the reference concrete level rules for the node from the local logical model and software parameters of the node;
third obtaining, from the node in the network, implemented concrete level rules for the node;
 comparing the reference concrete level rules with the implemented concrete level rules;
and determining that the implemented concrete level rules are not appropriately configured based on the comparing; 
wherein the reference concrete level rules are specific to expected operability of the node, and the implemented concrete level rules are specific to actual operability of the node.  

8. ( Currently Amended) A system comprising: 
one or more processors; and
at least one computer-readable storage medium having stored therein instructions which, when executed by the one or more processors, cause the system to perform operations comprising:
 	first obtaining reference concrete level rules for a node in a network, comprising:
second obtaining a local logical model for [[a]] the node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network;
creating the reference concrete level rules for the node from the local logical model and software parameters of the node;
 third obtaining, from the node in the network, implemented concrete level rules for the node;

comparing the reference concrete level rules with the implemented concrete level rules;57Docket No.: 085115-645296 (1012448-US.03) and
determining that the implemented concrete level rules are not appropriately configured based on the comparing;
wherein the reference concrete level rules are specific to expected operability of the node, and the implemented concrete level rules are specific to actual operability of the node.  

15. (Currently Amended) A non-transitory computer-readable storage medium having stored therein instructions which, when executed, cause a system to perform operations comprising:
first obtaining reference concrete level rules for a node in a network, comprising:
58Docket No.: 085115-645296 (1012448-US.03) 	second obtaining a local logical model for [[a]] the node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network;
creating the reference concrete level rules for the node from the local logical model and software parameters of the node;
third obtaining, from the node in the network, implemented concrete level rules for the node;
comparing the reference concrete level rules with the implemented concrete level rules; and
determining that the implemented concrete level rules are not appropriately configured based on the comparing;
wherein the reference concrete level rules are specific to expected operability of the node, and the implemented concrete level rules are specific to actual operability of the node.  
Allowable Subject Matter

Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 

The prior art of record, considered individually or in any reasonable combination fail to fairly show or suggest a claimed invention comprising, among other limitations, obtaining a local logical model for the node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network; creating the reference concrete level rules for the node from the local logical model and software parameters of the node; third obtaining, from the node in the network, implemented concrete level rules for the node;  comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing, as substantially described in independent claims 1, 8 and 15. These limitations, in combination with the remaining limitations of claims 1, 8 and 15, are not taught nor suggested by the prior art of record. Claims 2-7, 9-14 and 16-20 depend from allowed claim and therefore allowed for the same reasons.


The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Singh et al (US 2016/0112246 A1) teaches( see [0038], [0039], [0045], [0064]-[0068] and Figs 2, 4 and 6) , a system for identifying inconsistency in edge based software, which comprises a verification server for receiving controller network configuration data from a controller of an edge-based and end-host network configuration data from end-host. The verification server parsing the controller network configuration data into a network state representation and the end-host network configuration data into the network state representation. Comparing the network state representation of the controller network configuration data and the end-host network configuration data to identify state inconsistency in SDN.
Bartholomy et al(US 2008/0148382 A1) teaches(see [0018],  [0020]-[0023] and Figs. 2-3) teaches, identifying  first rule stored on a firewall, wherein the first rule identifies permitted IP address, identifying a second rule,  the second rule specifies a permitted message flow through the firewall to or from an IP address corresponding to the network. Delete the first rule from the firewall based on the identification of the second rule.
Anderson et al( US 2006/0041936 A1) teaches([0043], [0044], [0055], [0056] and Figs. 5-7) ,  a method of determining data flow misconfigurations such as when two or more firewall rules contradict each other, two or more firewall rules are redundant of each other or when a firewall rule specifies a source zone or destination zone that is not consistent with the interfaces of the firewall by reading the contents of data flow checking table which contains each rule in the ruleset for firewall  with its interface and respective zones.


Singh, Bartholomy and Anderson individually or in any reasonable combination fail to fairly show or suggest “ obtaining a local logical model for the node from a global logical model, the global logical model containing instructions on how endpoints connected to the network communicate within the network, and the local logical model being a device specific portion of the global logical model that is specific to how the node communicates to the network; creating the reference concrete level rules for the node from the local logical model and software parameters of the node; third obtaining, from the node in the network, implemented concrete level rules for the node;  comparing the reference concrete level rules with the implemented concrete level rules; and determining that the implemented concrete level rules are not appropriately configured based on the comparing”

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AWET A HAILE whose telephone number is (571)270-3114. The examiner can normally be reached Monday through Friday 8:30 AM - 4:30 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Michael Thier can be reached on (571)272-2832. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/AWET HAILE/            Primary Examiner, Art Unit 2474