DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Applicant’s argument presented on 10/01/2021 are found to be persuasive, as a result this new non-final is issued with a new ground of rejection. Claim 20 is cancelled, claim 21 is new. Claims 1-19 and 21 have been examined and rejected.

Claim Rejections - 35 USC § 102
3.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


4.	Claims 1-3, 7-11 and 14-17 are rejected under AIA  35 U.S.C. 102(a)(1) as being anticipated by Dotan et al. (U.S. PGPub 2016/0301717).
As per claims 1, 10 and 16
Dotan teaches a method comprising
at run-time of an adaptive control entity (Dotan, see para 0183, 0187,0199, 0200 policy unification module 2200 of fig. 22 representing adaptive control entity using Policy engine 2206 create and implement a policy object model layer to tie network security device specific policies, native policies representing the local operation environment into the generic policy model  implemented as a JavaScript Object Notation or JSON file that ties generic network security policy and rule components/objects such as principal, context, action to Java classes that can enumerate the supported components/objects and validate the generic network security rules where the plug-ins  2210 to attach network security device specific attributes as operational environment specific attributes to object definitions, as shown in fig. 24  security policy model that follows an “if {Principal} tries to perform an {Action} on {Resource} within {Context} then {Result}” format, Entities contain multiple attributes, attributes are static or dynamic states of an entity and Context contains environmental attributes external to entities where both the attributes and context are a list of name value pair): 
programming a policy that is associated with a state of an operational environment of a system or process (Dotan see para 0233-0235, 0228-0229 as shown in fig. 26 management entity 110 maps the native rule parameters to PARCR rule components according to the PARCR model in the form: if {principal} tries to perform an {action} on {resource} within {context} then {result}, to generate the generic rule, using a policy model bridge as shown in fig. 25 that describes what types of entities 2515 can be referenced inside of network security policies where the network security policy is a set of rules composed of references to external entities representing the state of an environment of a system such as  bridge 2500 includes a “URL Category” entity that is expressed through a list of resources and also includes a time range entity, a WSA policy may express two custom time ranges, “Extended Business Hours” and is defined as being Monday through Friday 7 am to 6 pm and Saturday 10 am to 4 pm and  “Core Business Hours” Monday through Friday 10 am to 2 pm, where the bridge 2500 maps such time ranges into the PARCR rule );
programming at least one attribute to be used by the policy, the at least one attribute related to the state of the operational environment of the system or process (Dotan see para 0221, 0028, bridge 2500 includes “policies” 2510 with  “Rule mapper”—This object expresses native policy rules in the PARCR model by mapping native rule parameters) to the {principal}, {action}, {resource}, {context}, and {result} components of a PARCR rule, as shown in fig. 25 Contexts: has a value of IP protocol that is mapped from the native parameter, also the entities 2515 has  entities 2515, bridge 2500 includes a “URL Category” entity that is expressed through a list of resources);
programming at least one rule of the policy that references the at least one attribute(Dotan see para 0029, 0235, at step 2620, management entity 110 maps the generic rule components to native rule parameters expressed according to the corresponding native policy model to form native rules representative of the one or more generic network rules using the policy model bridge 2500 includes “Rule mapper” this object expresses native policy rules in the PARCR model by mapping native objects native rule parameters to the {principal}, {action}, {resource}, {context}, and {result} components of a PARCR rule, a WSA policy may express two custom time ranges, “Extended Business Hours” and is defined as being Monday through Friday 7 am to 6 pm and Saturday 10 am to 4 pm and  “Core Business Hours” Monday through Friday 10 am to 2 pm, where the bridge 2500 maps such time ranges into the PARCR rule);		and evaluating one or more data streams received by the adaptive control entity against the policy to determine an outcome (Dotan see para 0236, 0265, 0278, management entity 110 provides the multiple native security policies to the corresponding security devices to enable the security devices to implement the native security policies, as shown fig. 37, drawing an arrow 8300 between the icon 8010 and the icon 8040, a security policy is defined to enable the finance/accountant executive who is inside the corporate network to access capabilities of the business process service provider who is outside the corporate network, in defining this policy, to further require that the traffic between the actor and resource is monitored for indications of network security breaches, when the color of the arrow 8300 may be set to a particular color such as blue to indicate that monitoring of traffic and reporting to a network administrator or network management entity will occur for traffic between the actor and resource).  

As per claim 2
Dotan teaches the method of claim 1, wherein the programming the at least one attribute in the adaptive control entity is performed via an interface with an external entity (Dotan see para 0239, as shown in fig. 27, a user interface screen displayed by the management entity and through which the user has entered a policy sub-class name “Branch Allow Web Traffic” into a sub-class name field/option, and which also allows for selection of identical network security policy classifications, tasks are designed in a task design component, 512 and the tasks are constrained by metadata describing what context is available to the system, a policy authoring component 510 is constrained by the context that is defined as being available in the metadata and by the tasks that were designed in the task design component, 510).  

As per claims 3, 11 and 17
Dotan teaches the method of claim 1, wherein the at least one attribute is associated with an ephemeral condition of the operational environment of the system or process (Dotan, see para 0229 bridge 2500 also includes a time range entity, which indicates a time range to be mapped to the resources rule component of PARCR, a WSA policy may express two custom time ranges. The first one is “Extended Business Hours” and is defined as being Monday through Friday 7 am to 6 pm and Saturday 10 am to 4 pm. The second one is “Core Business Hours” and is defined as being Monday through Friday 10 am to 2 pm. Bridge 2500 maps such time ranges into the PARCR rule).

As per claims 7 and 14
Dotan teaches the method of claim 1, wherein the policy is based on a source of the one or more data streams, a destination of the one or more data streams, a process state associated with the one or more data streams, an application of the system or process, and one or more conditions related to the state or operational environment (Dotan see 0101, security rule typically permits or denies network access based on, source and destination addresses, network protocols, device ports, time of day, the network security rule include the following parameters/points of comparison: name of rule group “inside-in” vs. “inside-out”; permit/deny; protocol IP, TCP, UDP, ICMP; source address vs. source address; destination address vs. destination address) source vs. destination; device/service ports; interfaces; context as a deny rule surrounded by other deny rules; and config context the rule appears on a branch config).

As per claims 8 and 15
Dotan teaches the method of claim 7, wherein the one or more data streams is network traffic and the process state is based on a network transport protocol (Dotan see para 0123,   management entity 110 connects with and imports network security policies from network security devices 130, each network security policy includes network security rules with rule parameters to cause the corresponding network security device to permit or deny network access based on a network protocol, source and destination addresses, and a device port).

As per claim 9
Dotan teaches the method of claim 7, wherein the one or data streams originate from an external entity (Dotan see para 0255  Bridge 2500 also describes what types of entities 2515 can be referenced inside of network security policies. In other words, the network security policy is a set of rules composed of references to external entities. Sometimes the types of these entities will be defined within a namespace (e.g. plug-in), which means the entity is specific to the native device).

As per claim 21
Dotan teaches the method of claim 1, wherein programming the at least one attribute to be used by the policy includes: programming at least one attribute not predefined in the adaptive control entity (Dotan see para 0218, normalizing native security policies based on native policy models to generic security policies based on a common generic policy model as described above, it is desirable to “bridge” between the generic  and native models through corresponding data elements associated with the native and generic policies, a policy data-driven “policy model bridge” that describes or defines native policies in terms of the PARCR model may be used to map the native policies to PARCR rule components which are not predefined).

Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

6.	Claims 4-6, 12, 13, 18-19 and 21 are rejected under AIA  35 U.S.C. 103 as being unpatentable over Dotan et al. (U.S. PGPub 2016/0301717) in view of Pignataro et. al. (U.S. PGPub 2016/0105305).
As per claims 4, 12 and 18
Dotan teaches the method of claim 1, yet fails to teach wherein the policy is defined by a data model for a set of attributes.
In a similar field of endeavor Pignataro teaches wherein the policy is defined by a data model for a set of attributes (Pignataro see para 0028, 0029, 0037, 0038, 0039, table 1 shows the information model using attributes of the network connected devices where data is produced and where data is received, the process is one in which the creation software inspects the database of network-connected devices and creates a modeled policy. At this point one or more communities are defined by way of the policy, this policy is then pushed down to fog devices (routers and servers at the fog layer, and the fog devices are thereby instructed to identify community members and then inform the server or another fog device operating as the central hub or controller).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the code provisioning system of Dotan with the teaching of Pignataro, as doing so would provide an efficient method for identifying one or more of a plurality of network-connected devices based on one or more policies that define one or more communities of network-connected devices that share common functional, physical or relational attributes (Pignataro see para 0014).

As per claims 5 and 19
Dotan teaches the method of claim 4, further comprising, at run-time of the adaptive control entity: programming one or more new attributes to be used as part of the data model (Pignataro, see para 0028, 0029, policies 60 are used to automatically create communities of network-connected devices, a community of network-connected devices is a subset of network-connected devices that share common functional, physical or relational attributes, as well as policy-defined attributes, policy descriptors 70 define the one or more communities of IoT devices, community membership database 72 that stores the identities of network-connected devices that are in each community, as well as any relationships between network-connected devices. Prior to assignment to a community, the community membership database 72 stores information representing identities and attributes of network-connected devices that are connected to the fog devices 30(1)-30(N).).  
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the code provisioning system of Dotan with the teaching of Pignataro for the same motivation as described above in relation to claims 4, 12 and 18.

As per claims 6, 13 and 20
Dotan in view of Pignataro teaches the method of claim 4, further comprising, at run-time of the adaptive control entity: programming a script that performs one or more functions mapped to the set of attributes when evaluating the one or more data streams against the policy (Pignataro see para 0035, policy contains policy elements, which are functional abstractions, these abstractions is represented in a policy language that is pushed down to fog devices via Extensible Markup Language (XML), JavaScript Object Notation (JSON), or other structured syntax. The policy-set contains a tree of policy elements. Importantly, the policy elements also contain policy triggers).
It would have been obvious to one of ordinary skill in the art to before the effective filling date of the claimed invention to combine the code provisioning system of Dotan with the teaching of Pignataro for the same motivation as described above in relation to claims 4, 12 and 18.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to examiner Sanjoy Roy, whose telephone number is 571- 270-0675.   The examiner can normally be reached on Mon-Fri, 8am.-5pm. (EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SANJOY ROY/
Examiner, Art Unit 2443


/NICHOLAS R TAYLOR/Supervisory Patent Examiner, Art Unit 2443