Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The response of 03/24/22 was received and considered.  Claims 3 and 13 are canceled.  Claims 1-2, 4-12, and 14-20 are pending. 

Response to Arguments
Applicant’s arguments with respect to claims 1, 11, and 20 have been considered but are moot because the new ground of rejection made in view of Kumar, as set forth below.  Applicant argues claim 6 and 16, wherein Clark fails to teach “identifying one or more sequence changes for the sequence based on the usage associated with each firewall rule of the firewall rules and indicating the one or more sequence changes in the summary”.  The examiner respectfully disagrees.   Clark teaches, paragraph 0028, “ A firewall 102 typically inspects or analyzes each packet that travels through it and decide if it should allow the packet to pass through the firewall based on a sequence of rules pertaining to the values of the one or more fields in the packet.”  Paragraph 0040 teaches The operations of the flowchart of FIG. 5 may provide a summary of the behavior of the firewall that may be replicated to other firewall devices in the network.   Applicant argues the “remaining dependent claims depend on allowable independent claims”, however, applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-12, and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Clark et al. US 2014/0282855 further in view of Kumar et al., US 2018/0176185.

Regarding claim 1, Clark discloses a method comprising: 
identifying a sequence for applying firewall rules to communications in a computing network (0028: firewall 102 typically inspects or analyzes each packet that travels through it and decide if it should allow the packet to pass through the firewall based on a sequence of rules pertaining to the values of the one or more fields in the packet.); 
monitoring usage associated with each firewall rule of firewall rules in the computing network (0008: collecting the plurality of behavior rules into at least one behavior group.).
Clark lacks or does not expressly disclose at least a quantity of hits associated with each of the firewall rules on communications in the computing network.
However, Kumar teaches wherein the usage comprises at least a quantity of hits associated with each of the firewall rules on communications in the computing network  (paragraph 0051: block 602, hit count for each firewall rule in a firewall rule list is maintained. The hit counts for the firewall rules are collected by the distributed firewall manager 106 using the log records from each of the host computers 110 in the distributed computer system 100).  
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Clark with Kumar in order to determine at least a quantity of hits of each firewall rule on the communication in the computing network, in order to reorder the policies based on the number of hits to improve performance of the distributed firewall, as taught by Kumar, paragraph 0049.
Clark, as modified above, further discloses 
generating, for display, a summary to indicate the sequence of the firewall rules with the usage associated with each of the firewall rules, wherein the summary comprises a graph or chart (0008: creating the spanning graph configured to display a communication pathway comprising at least one of the one or more ingress ports, the at least one behavior group, and at least one egress port of the networking device and providing the spanning graph to a user of the network device.).

Regarding claim 2, Clark, as modified above, further discloses the method of claim 1 further comprising: identifying a selection of the firewall rules from a set of firewall rules; and generating the summary in response to the selection (Fig. 5 and 0024: converting one or more rules of the firewall function into a string of representative bits, creating a binary decision diagram or other decision diagram from the converted rules of the firewall policy, creating a spanning graph for the firewall or firewall policy and collapsing or simplifying the spanning graph to a behavior group that illustrates the pathways through the firewall for a communication packet.).  

Regarding claim 3, Clark, as modified above, further discloses the method of claim 1, wherein the usage comprises a quantity of hits associated with each firewall rule of the firewall rules (Paragraph 0047: reduce the number of duplicated behavior groups and paths).  

Regarding claim 4, Clark, as modified above, further discloses the method of claim 1, wherein the usage comprises a ratio of hits in relation to a total quantity of hits (Paragraph 0062: formulation of behavior groups in a spanning graph, the processing time may now be bound to the number of decisions that must be made as opposed to the number of behavior rules.).   

Regarding claim 5, Clark, as modified above, further discloses the method of claim 1 further comprising: identifying one or more firewall rules of the firewall rules with usage that satisfies at least one usage criterion; and promoting the one or more firewall rules in the summary over remaining firewall rules of the firewall rules (0029: rules are processed in order until the firewall finds a match and takes the appropriate action identified by the decision portion of the rule.).  

Regarding claim 6, Clark, as modified above, further discloses the method of claim 1 further comprising: identifying one or more sequence changes for the sequence based on the usage associated with each firewall rule of the firewall rules; and indicating the one or more sequence changes in the summary (0046: the system may also simplify the spanning graph where applicable. For example, the spanning graph may include one or more interface switches that operate to reduce the number of paths through the spanning graph).  

Regarding claim 7, Clark, as modified above, further discloses the method of claim 1 further comprising displaying the summary or communicating the summary to a client device for display by the client device (0008: the spanning graph configured to display a communication pathway comprising at least one of the one or more ingress ports, the at least one behavior group, and at least one egress port of the networking device and providing the spanning graph to a user of the network device.).  

Regarding claim 8, Clark, as modified above, further discloses the method of claim 1 further comprising: identifying one or more sequence changes for the sequence based on the usage associated with each firewall rule of the firewall rules; and implementing the one or more sequence changes to the sequence (0046: the system may also simplify the spanning graph where applicable. For example, the spanning graph may include one or more interface switches that operate to reduce the number of paths through the spanning graph).    

Regarding claim 9, Clark, as modified above, further discloses the method of claim 1, wherein the summary comprises a bar chart, wherein each bar of the bar chart corresponds to a firewall rule of the firewall rules, wherein the bars are organized to indicate the sequence of the firewall rules, and wherein the height or length of each of the bars corresponds to the usage of a firewall rule represented by the bar (paragraph 0060: operation 1006, the BDD graph of the potential traffic space is used to walk through the spanning graph illustrating the firewall device.).  

Regarding claim 10, Clark, as modified above, further discloses the method of claim 1, wherein the summary further indicates attributes associated with one or more of the firewall rules, wherein the attributes may comprise a firewall rule identifier, a source identifier, or a destination identifier (0031: FIG. 2 includes five rules, numbered in the far right column 202 of the table. Column 204 indicates the action taken for each of the rules when the conditions of the rules are met and columns 206-216 provide the identifiers or portions of the packet that define the packet for each individual rule, otherwise known as the predicate of the rule.).  

As per claims 11-20, this is an apparatus version of the claimed method discussed above in claims 1-10 wherein all claimed limitations have also been addressed and/or cited as set forth above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2020/0329011 to Cai et al. teaches process 422 generates a US describing the usage metrics for firewall rules (426). In some implementations, the usage metrics may be detailed in list that shows, for each firewall rule, the firewall rule name, a hit count specifying the number of times the firewall has been hit over a period of time (e.g., the last 30, 60 or 90 days), and the last time the firewall rule was hit. In some implementations, each list entry is selectable, and clicking on the firewall rule name surfaces a firewall rule details page of the particular firewall rule, which provides more detailed information, such as rule parameters, owner, and the like.
US 7,143,442 to Scarfe et al. teaches configures the rules associated with the predetermined sequences, and a firewall operator reviews any associated alerts displayed on displaying means 113. These rules often err on the side of extreme vigilance, and can result in a vast number of alert messages being generated. This can create a cognitive overload on the firewall operator, who cannot efficiently follow up, or even be aware all of the alert messages displayed to him.
US 2008/0115190 to Aaaron teaches The database 16 contains analysis rules, analysis-relevant data, firewall policy group selection rules, user profile data for network users of devices 50, and various other parameters and data. The database 16 may also be used to log information about firewall policy groups, etc. For example, the database 16 may be configured to store information about firewall policy group structures (e.g., the hierarchical firewall policy group structure of FIG. 1) and may be configured to display a firewall policy group structure, including information thereabout, to requesting users.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AUBREY H WYSZYNSKI/Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434