DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to a filing dated 07/24/2020. Claims 1-19 are pending.

Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copies have been filed in the instant application. The earliest priority date claimed is 07/24/2019.

Information Disclosure Statement
No IDS has been filed to this date.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-19 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential steps, such omission amounting to a gap between the steps.  See MPEP § 2172.01.  The omitted steps are:  a method step for claims the relevance of “required data” to other claimed steps. This gap renders the scope of claim 1 indefinite.
Claims 2-10 are rejected based on indefiniteness of their corresponding parent claim(s).

Claim 11 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being incomplete for omitting essential elements, such omission amounting to a gap between the elements.  See MPEP § 2172.01.  The omitted elements are: the relevance of “required data” to other essential elements. This gap renders the scope of claim 11 indefinite.
Claims 12-19 are rejected based on indefiniteness of their corresponding parent claim(s).

For examination, “required data” is interpreted as “SF configuration message”.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-10 are rejected under 35 U.S.C. 101 because:
Per 2019 Revised PEG (Electrical Arts):
Although claim 1 is categorically directed to one of the four patent eligible subject mattes (step 1 of the analysis is satisfied), per step 2A: prong one, claim 1 recites limitations, i.e., the acts of receiving/reading…via a consumer-facing interface; comparing…; converting/mapping…. These limitations fall under “mental processing” abstract idea grouping. When continuing the analysis to step 2A: prong two, it is noted that claim 1 recites “transmitting, to a policy generator, required data…”, however, due to the outstanding 112(b) indefiniteness rejection explained above, this limitation nonetheless fails to clearly integrate the indicated abstract idea into a practical application of the abstract idea. 
As such, claim 1 is patent ineligible. Claims 2-10 are patent ineligible based on the same analysis indicated above per claim 1.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1 and 11 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 10 of U.S. Patent No. 11388197 (reference patent). Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1 and 10 of the reference patent respectively anticipate claims 1 and 11 of the instant application.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-2, 4, 11-12 and 14 are rejected under 35 U.S.C. 102 (a) (1) as being anticipated by Dunbar, US2016/0248860.

Per claim 1, Dunbar discloses a method for policy translation of a data converter in a security management system, the method comprising: 
receiving, from a data extractor, extracted data from a high-level security policy, that is received from an Interface to Network Security Functions (I2NSF) user via a consumer- facing interface (At step 1210, a service request message is received from a client, such as the service clients 180 and 280, requesting a service in the SC-enabled network and a policy for the service. The client's policy comprises service-oriented rules, such as high-level or abstract permission controls for traffic  – Dunbar: par. 0072 – Note: The method 1200 is implemented by a SF orchestrator 110 and the SF management system 210, as described in IETF draft documents draft-merged-I2NSF-framework-04.txt and draft-xia-I2NSF-capability-interface-im-04.txt, which are incorporated by reference – par. 0059); and
comparing the extracted data with a capability of registered Network Security Function (NSF) to search a target NSF (At step 1220, a determination is made that the service [being requested] is associated with the SF. For example, the SF orchestrator analyzes the request, selects the SF to satisfy the request – Dunbar: par. 0072 – Note: wherein the SF is associated with network security, and the SF management system 210 analyzes each request and selects SFs from the SF catalog DB to satisfy each request – par. 0046); 
converting the extracted data into a capability of the target NSF (At step 1240, a configuration is generated for the SF according to the [received] policy and indexed capability information of the SF indexed in the SF catalog DB – Dunbar: par. 0072 – Note: the SF management system 210 maps the received polices and profiles into suitable or implementable functional formats for configuring the SFs 251-253. The formats are defined according to a standardized information model and/or data model – par. 0045); and 
transmitting, to a policy generator, required data for the target NSF (At step 1250, a SF configuration message is sent to facilitate an execution of the SF instance according to the SF configuration message. For example, the SF configuration message comprises the classification policy and the forwarding policy – Dunbar: par. 0072).

Per claim 11, Dunbar discloses a security controller for policy translation in a security management system, the security controller comprising: 
a data extractor (SF orchestrator 110) configured to receive a high-level security policy from an Interface to Network Security Functions (I2NSF) user via a consumer-facing interface and transmit extracted data from the high-level security policy to a data converter (At step 1210, a service request message is received from a client, such as the service clients 180 and 280, requesting a service in the SC-enabled network and a policy for the service. The client's policy comprises service-oriented rules, such as high-level or abstract permission controls for traffic  – Dunbar: par. 0072 – Note: The method 1200 is implemented by a SF orchestrator 110 and the SF management system 210, as described in IETF draft documents draft-merged-I2NSF-framework-04.txt and draft-xia-I2NSF-capability-interface-im-04.txt, which are incorporated by reference – par. 0059) 
the data converter (SF management system 210) configured to compare the extracted data with a capability of registered Network Security Function (NSF) to search a target NSF (At step 1220, a determination is made that the service [being requested] is associated with the SF. For example, the SF orchestrator analyzes the request, selects the SF to satisfy the request – Dunbar: par. 0072 – Note: The SF management system 210 analyzes each request and selects SFs from the SF catalog DB to satisfy each request – par. 0046), convert the extracted data into a capability of the target NSF (At step 1240, a configuration is generated for the SF according to the [received] policy and indexed capability information of the SF indexed in the SF catalog DB – Dunbar: par. 0072 – Note: the SF management system 210 maps the received polices and profiles into suitable or implementable functional formats for configuring the SFs 251-253. The formats are defined according to a standardized information model and/or data model – par. 0045), and transmit required data for the target NSF to a policy generator (At step 1250, a SF configuration message is sent to facilitate an execution of the SF instance according to the SF configuration message – Dunbar: par. 0072); and 
the policy generator configured to receive the required data from the data converter and generate a low-level security policy (For example, the SF configuration message comprises the classification policy and the forwarding policy …For example, the first SF instance is controlled by a sub-controller, such as the sub-controllers 320 [are] controlled by the VNF controller. At step 1610, location information of the SF instance is received from a sub-controller. At step 1620, a SF instance location message is sent to the network controller indicating location information associated with the first SF instance to enable forwarding of traffic associated with the service flow towards the first SF instance – Dunbar: par. 0072 and 0076).

Per claims 2 and 12, Dunbar discloses features of claims 1 and 11, wherein the extracted data is extracted through a first state indicating a start or an end of the high-level security policy, a second state for determining a type of the extracted data, and a third state extracting data (Many flow-based SFs, such as FW, intrusion detection system (IDS), operate based on packet headers and/or payloads. For example, a FW analyzes packet headers and enforces policy-based on a protocol type, a source address, a destination address, a source port, a destination port, and/or other packet header attributes – Dunbar: par. 0059).

Per claims 4 and 14, Dunbar discloses features of claims 1 and 11, wherein the converting into the capability of the target NSF is performed through an NSF database including endpoint information, NSF capability information, and field information (FIG. 9 is a schematic diagram of an embodiment of a portion of a SF catalog DB 900, such as the SF DBs 435. ..The DB 900 comprises a vendor name category 910, a SF name category 920, a SF type category 930, a supported policy category 940, and an action category 950. The vendor name category 910 stores vendor names (e.g., X and Y) of vendors that provide the SFs. The SF name category 920 stores SF names (e.g., A, B, C, and D) of the SFs. The SF type category 930 stores SF types (e.g., FW, IPS, IDS, and web filter) of the SF. The policy category 940 stores polices supported by the SFs, corresponding to the subject category 732 and the context category 733 of the model 700. The action category 950 stores actions supported by the SFs, corresponding to the action category 734 of the model 700 – Dunbar: par. 0069).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claim(s) 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Dunbar, US2016/0248860 in view of Kang, US2019/0068598.

Per claims 3 and 13, Dunbar discloses features of claims 2 and 12.
Dunbar is not relied on to explicitly disclose but Kang discloses wherein the first state, the second state, and the third state are transitioned based on a tag character included in the high-level security policy (The state transitions between a normal state and a quarantined state can be determined by the SDN application…Accordingly, in FIG. 2C, DNS traffic 225 from network nodes in a normal state 222 can be forwarded to DNS server 226 through a DPI service function 224, On the other hand, once a network node is marked as quarantined, traffic from the network node in a quarantined state 228 are forwarded to a remedy service 229 at the remedy servers – Kang: par. 0032 – Note: forwarding based on state (normal or quarantined) anticipates presence of state metadata/tag in high-level security policy from which a low-level forwarding policy dependent on the identified state is deduced).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Dunbar in view of Kang to include wherein the first state, the second state, and the third state are transitioned based on a tag character included in the high-level security policy.
One of ordinary skill in the art would have been motivated because it would allow “proactive, automatic composition of individual policies before deploying the policies into the network”, wherein using graph-based structure of Policy Graph Abstraction (PGA) would further allow to “automatically detect and resolve policy conflicts in intent-based management systems” – Kang: par. 0010 – Note: Intent-based management systems provide high-level abstraction for managing complex target infrastructure by focusing on what to do, e.g., service function.

2.	Claim(s) 5-6 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Dunbar, US2016/0248860 in view of Jeong, KR2019-0049579 (published 05/09/2019).

Per claims 5 and 15, Dunbar discloses features of claims 4 and 14, wherein the NSF capability information is acquired from a developer's management system through a registration interface data model (The SF instance catalog manager 112 communicates with the vendor-specific SF managers 160 via a SF registration interface 192 to register the SFs 150 and to obtain information associated with the SFs 150… The SF management system 210 employs a common registration protocol across the vendor interface 292 to communicate with all VNF managers 261-263 and a common indexing model to store and index the SF information – Dunbar: par. 0037 and 0043 – Note: The interface between the VNF manager and the SF orchestrator corresponds to the SF registration interface 192 and the vendor interface 292 – par. 0054). 
Dunbar is not relied on to disclose the NSF capability information includes an NSF container and an NSF capability container but Jeong discloses wherein the NSF capability information is acquired from a developer's management system through a registration interface data model and includes an NSF container (I2NSF capability field/object) and an NSF capability container (performance capability information field/object) (an NSF instance may be registered through a registration interface between the security controller and the developer management system. That is, NSF may be required depending on the security requirements of the system. The security controller requests registration of the required NSF instance, and the developer management system can create / register the NSF instance and notify the security controller through the registration interface …the NSF capability information (or NSF profile) indicates the ability to perform an inspection of an associated NSF instance. Each NSF instance has its own NSF capability information that specifies the security service type and resource capacity it provides… the NSF profile represents a capability object that describes and / or defines the inspection capabilities that an NSF instance can provide… the NSF capability information field may include an I2NSF capability field (or object, information), a performance capability field (or object, information) – Jeong: page 9, 10, 11 and 14).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Dunbar in view of Jeong to include wherein the NSF capability information is acquired from a developer's management system through a registration interface data model and includes an NSF container  and an NSF capability container.
One of ordinary skill in the art would have been motivated because it would allow to include a standardized interface from multiple vendors to NSF(s) to “simplify the setup and management of tasks for different NSF(s)” – Jeong: page 4, wherein the standardized interface “facilitates the implementation of security functions in a technology- and vendor-independent manner in Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) environments” – Jeong: page 5.

Per claims 6 and 16, Dunbar in view of Jeong discloses features of claims 5 and 15, wherein the NSF capability container includes a capability name and an index indicating a capability field (the NSF profile represents a capability object that describes and / or defines the inspection capabilities that an NSF instance can provide… the NSF capability information field may include an I2NSF capability field (or object, information), a performance capability field (or object, information) – Jeong: pages 11 and 14).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Dunbar in view of Jeong to include wherein the NSF capability container includes a capability name and an index indicating a capability field.
One of ordinary skill in the art would have been motivated because it would allow “the ability to perform an inspection of an associated NSF instance” – Jeong: page 9.


Allowable Subject Matter
Claims 7-10 and 17-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and after applicant overcomes the outstanding 112(b), 101 and DP rejections of record. Reasons for Allowance will be furnished in a NoA document, when claims are in condition for allowance.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Bimm (US6901440) discloses a rule-based service provisioning application based on a network management system that defines an advanced operating environment with embedded service provisioning capability for a Universal Service Activation System. The Universal (or Generic) Service Activation is a process of describing and initiating and providing status for the activation of telecommunications and data communications network services in a vendor neutral manner by creating universal service components. A service component is a method of packaging the parameters and values that characterize a service into a well-defined data structure used to compose a service order. 

Beskrovny (US2019/0392137) discloses generating security metadata associated with a micro service, the security metadata being separate from an executable portion of the micro service. The security metadata defines a plurality of security attributes of the micro service.

Jeong (KR10-1863236) discloses a structure for NSF clients to effectively implement NSF security management in the I2NSF (Interface to Network Security Functions) framework for providing a network security function (NSF) based on network virtualization. Through the proposed structure, the NSF client directly establishes a high-level security policy and receives the feedback from the NSF event, thereby realizing effective security management.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 571 - 272 - 3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/Examiner, Art Unit 2494