Remarks
Claims 1-20 are pending.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Requirement for Information
Applicant and the assignee of this application are required under 37 CFR 1.105 to provide the following information that the examiner has determined is reasonably necessary to the examination of this application.  
Since one of the inventors has a piece of prior art that is being used as a 102 rejection for the majority of the claims that was not disclosed by Applicant, the Examiner hereby requests that Applicant provides citations and documents that were both written by the inventors/applicants and used by the inventors/applicants in developing the instant application’s invention(s).  
In response to this requirement, please provide copies of each publication which any of the applicants authored or co-authored and which describe the disclosed subject matter of the application and claims.  
In response to this requirement, please provide the title, citation and copy of each publication that any of the applicants relied upon to develop the disclosed subject matter that describes the applicant’s invention, particularly as to developing the claimed invention.  For each publication, please provide a concise explanation of the reliance placed on that publication in the development of the disclosed subject matter.  
This requirement is an attachment of the enclosed Office action.  A complete reply to the enclosed Office action must include a complete reply to this requirement.  The time period for reply to this requirement coincides with the time period for reply to the enclosed Office action.

Specification
The disclosure is objected to because of the following informalities: The specification has multiple different sets of paragraph numbers.  If Applicant desires to use paragraph numbers, they must be continuous.  
Appropriate correction is required.

Information Disclosure Statement
The listing of references in the specification is not a proper information disclosure statement.  37 CFR 1.98(b) requires a list of all patents, publications, or other information submitted for consideration by the Office, and MPEP § 609.04(a) states, "the list may not be incorporated into the specification but must be submitted in a separate paper."  Therefore, unless the references have been cited by the examiner on form PTO-892, they have not been considered.  
For example, paragraph 0019 of the specification incorporates a reference that is on no IDS.  

Claim Interpretation
The claims include subject matter that has no patentable weight.  For example, claim 1 starts each limitation with “responsive to”, but these responsive to conditional statements are not required to be performed or even be valid.  For example, if the system never monitors network communications of a network, then the first limitation will never occur.  If unauthorized communications are never needed, the second limitation will never occur, and then the third limitation will never occur either (as well as if the two factor authorization fails).  Furthermore, the claims attempt to define subject matter that occurs outside of the claims, such as “wherein each system utilizes the corresponding policies to allow or block communications”, which is not actually a step in claim 1 and provides no limitation on the medium thereof.  It appears as though none of claim 1 ever needs to occur and the medium may simply be blank as it currently stands.  All independent claims have similar issues and are rejected for the same reasons.  All dependent claims are rejected at least based on their dependencies.  

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 17-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims purport to be directed to “A cloud-based system” but includes no system components whatsoever, and only lists method steps.  
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) generating a model, policies, providing policies, and performing two-factor authorization. This judicial exception is not integrated into a practical application because this could all be done by a human using a pencil and paper.  No additional elements are present other than a generic non-transitory computer-readable storage medium in claim 1, which is a generic computer component that acts in a generic fashion (e.g., by having code stored thereon).  The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the non-transitory computer-readable storage medium only stores information, which is a well-understood, routine, conventional computer function as recognized by the court decisions listed in MPEP § 2106.05(d).  
Invitation to Participate in DSMER Pilot Program
The present application satisfies the criteria for participation set forth in the Federal Register Notice entitled “Deferred Subject Matter Eligibility Response (DSMER) Pilot Program.” Therefore, the examiner invites applicant to participate in the DSMER pilot program. 

An applicant who accepts the invitation to participate in this pilot program must still file a reply to every Office action mailed in this application, but may defer presenting arguments or amendments in response to subject matter eligibility (SME) rejection(s) until the earlier of final disposition of the application, or the withdrawal or obviation of all other outstanding non-SME rejections. A final disposition for purposes of this pilot program occurs upon the earliest of: mailing of a notice of allowance; mailing of a final Office action; filing of a notice of appeal; filing of a request for continued examination; or abandonment of the application. Other than applicant’s ability to defer responding to SME rejections, participation in the DSMER pilot program does not alter the normal examination process (e.g., as outlined in MPEP 700), and applicant must still respond to all non-SME rejections when replying to Office actions. 

Further information about the pilot program, including an explanation of the criteria for receiving an invitation, and the conditions of participation, is provided in the Federal Register Notice announcing the program, which is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response.

Applicant has two choices with respect to this invitation:
(1) Applicant may elect to participate in the DSMER pilot program. To effect this choice, applicant MUST accept this invitation by filing a completed request form PTO/SB/456 with a timely response to this Office action. The DSMER Pilot request form must be signed in accordance with 37 CFR § 1.33(b) by a person having authority to prosecute the application, and must be submitted via the USPTO’s patent electronic filing systems (EFS-Web or Patent Center). The form is available on the pilot program website https://www.uspto.gov/patents/initiatives/patent-application-initiatives/deferred-subject-matter-eligibility-response. If the form is properly completed and timely received, the application will be entered into the pilot program.

(2) Applicant may decline to participate in the pilot program. No action is required from applicant to effect this choice, because if applicant does not timely file a properly completed form PTO/SB/456, the application will not be entered into the pilot program.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 6-12, and 14-20 are rejected under 35 U.S.C. 102(a)(1) and/or 102(a)(2) as being anticipated by Smith (U.S. Patent Application Publication 2018/0234460).
Regarding Claim 1,
Smith discloses a non-transitory computer readable storage medium having computer readable code stored thereon for programming a microsegmentation system to perform steps of:
Responsive to monitoring network communications of a network, generating a network communication model that labels the network communications, and generating policies based on the network communication model, wherein the policies specify which applications are authorized to communicate with one another, providing corresponding policies to a plurality of systems in the network, wherein each system utilizes the corresponding policies to allow or block communications (Exemplary Citations: for example, Abstract, Paragraphs 12-28, 30-60, 62-77, and associated figures; this extremely broad limitation is met by any of the devices and components within Smith generating any metadata, policies, links, associations, logs, determinations, etc., based on any received communications, allowing/blocking, determinations to allow/block, creation of policies, modification of policies, etc., as examples);
Responsive to one or more unauthorized communications being needed, performing two factor authorization to determine if an exception is acceptable (Exemplary Citations: for example, Abstract, Paragraphs 18-28, 30-60, 63-66, 76, 77, and associated figures; this two factor authorization may be both a source and destination LSA authorizing the communications, PME and LSA, LSA and reconciliation engine, or even portions of these (e.g., source LSA allowing communications based on the source application and destination application), PME determining that communications should be authorized based on communications from source and destination LSAs, or the like, as examples); and
Responsive to the two factor authorization, providing temporary policies for the exception to allow the one or more unauthorized communications for a period of time (Exemplary Citations: for example, Abstract, Paragraphs 18-28, 30-60, 63-66, 76, 77, and associated figures; policies are only current for a particular time period, allowing for temporary communications until the reconciliation engine tells the LSA(s) to terminate communications, updating a policy for an indefinite time period, or the like, as examples).  
Regarding Claim 9,
Claim 9 is a method claim that corresponds to medium claim 1 and is rejected for the same reasons.  
Regarding Claim 17,
Claim 17 is a system claim that corresponds to medium claim 1 and is rejected for the same reasons.  
Regarding Claim 2,
Smith discloses subsequent to expiration of the period of time, the temporary policies revert back such that the one or more unauthorized communications are blocked (Exemplary Citations: for example, Abstract, Paragraphs 21-28, 31, 37, 38, 41, 43-45, 48, 49, 51, 53-55, 67, 76, and associated figures; policies are updated periodically, thereby resulting in a time period after which different policy rules may be in place, including those disallowing communications that were allowed before, current policies only being valid for a particular time period, waiting for a certain time period for a response from reconciliation engine and then terminating communications that were allowed during that time period, etc., as examples).  
Regarding Claim 10,
Claim 10 is a method claim that corresponds to medium claim 2 and is rejected for the same reasons.  
Regarding Claim 18,
Claim 18 is a system claim that corresponds to medium claim 2 and is rejected for the same reasons.  
Regarding Claim 3,
Smith discloses that the one or more unauthorized communications are between a source application and a destination application (Exemplary Citations: for example, Abstract, Paragraphs 18-28, 30-60, 63-66, 76, 77, and associated figures).  
Regarding Claim 11,
Claim 11 is a method claim that corresponds to medium claim 3 and is rejected for the same reasons.  
Regarding Claim 19,
Claim 19 is a system claim that corresponds to medium claim 3 and is rejected for the same reasons.  
Regarding Claim 4,
Smith discloses that the one or more unauthorized communications are between a plurality of applications (Exemplary Citations: for example, Abstract, Paragraphs 18-28, 30-60, 63-66, 76, 77, and associated figures).  
Regarding Claim 12,
Claim 12 is a method claim that corresponds to medium claim 4 and is rejected for the same reasons.  
Regarding Claim 20,
Claim 20 is a system claim that corresponds to medium claim 4 and is rejected for the same reasons.  
Regarding Claim 6,
Smith discloses that the one or more unauthorized communications are predetermined based on any of update, upkeep, repairs, and maintenance (Exemplary Citations: for example, Abstract, Paragraphs 18-28, 30-60, 63-66, 76, 77, and associated figures; policies being updated, constant determinations as to whether communications are authorized, and the like, as described above, fit within being based on at least one of update, upkeep, repairs, and maintenance, for example).  
Regarding Claim 14,
Claim 14 is a method claim that corresponds to medium claim 6 and is rejected for the same reasons.  
Regarding Claim 7,
Smith discloses that the one or more unauthorized communications are automatically detected by the microsegmentation system as unusual communication activity (Exemplary Citations: for example, Abstract, Paragraphs 18-28, 30-60, 63-66, 76, 77, and associated figures; unusual may be if no policy exists, if pessimistic mode is set, or the like, as examples).  
Regarding Claim 15,
Claim 15 is a method claim that corresponds to medium claim 7 and is rejected for the same reasons.  
Regarding Claim 8,
Smith discloses that the one or more unauthorized communications include an application that is unauthorized (Exemplary Citations: for example, Abstract, Paragraphs 7, 12-28, 30-60, 62-77, and associated figures; imposter application, unauthorized application, application that is not authorized to communicate with another specific application, or the like, as examples).  
Regarding Claim 16,
Claim 16 is a method claim that corresponds to medium claim 8 and is rejected for the same reasons.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Smith in view of Yin (U.S. Patent Application Publication 2015/0372977).
Regarding Claim 5,
Smith discloses that the two factor authorization includes approval via an interface for the microsegmentation system and a secondary communication channel for verification (Exemplary Citations: for example, Abstract, Paragraphs 18-28, 30-60, 63-66, 76, 77, and associated figures);
But does not explicitly disclose that the interface is a user interface.  
Yin, however, discloses that the two factor authorization includes approval via a user interface for the microsegmentation system and a secondary communication channel for verification (Exemplary Citations: Figures 2, 3, 5-10, and associated written description; user interface that an administrator can use to allow, block, temporarily allow/block, change policies, etc., as well as communication paths between admin machine and firewall, firewall and other devices, etc., as examples).  It would have been obvious to one of ordinary skill in the art at the time of applicant’s invention, which is before any effective filing date of the claimed invention, to incorporate the policy management techniques of Yin into the policy enforcement system of Smith in order to allow administrators to set policies manually, to allow for overriding of previous policies when determined to be necessary by administrators, to provide for both automatic and manual authorization determinations, and/or to increase security in the system.  
Regarding Claim 13,
Claim 13 is a method claim that corresponds to medium claim 5 and is rejected for the same reasons.  

Conclusion
This Office action has an attached requirement for information under 37 CFR 1.105.  A complete reply to this Office action must include a complete reply to the attached requirement for information.  The time period for reply to the attached requirement coincides with the time period for reply to this Office action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeffrey D Popham whose telephone number is (571)272-7215. The examiner can normally be reached Monday through Friday 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Jeffrey D. Popham/Primary Examiner, Art Unit 2432