DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-20 are rejected in the Instant Application.


Priority
Examiner acknowledges Applicant’s claim to priority benefits of 15/683650 and 62/378191 filed 8/22/2017 and 8/22/2016, respectively.



Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 12/3/2021 is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered if signed and initialed by the Examiner.


Claim Rejections
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim(s) 1-7, 10-16, 19 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim(s) 1-7, 10-16, 19 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to observation and evaluation without significantly more. The claim(s) recite(s) “generate a user-interface configured to receive queries…and process the queries using a graph data structure that stores information about the network in a plurality of forwarding nodes and forwarding edges to generate query results that are displayed to the user,” which is an observation (the query) and evaluation (the generation of query results). This judicial exception is not integrated into a practical application because the claims merely “apply it on a computer” – they use conventional computer hardware and systems to receive and respond to the query. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional features are all conventional computer hardware and systems. The additional features of the dependent claims do not change the above analysis.
Examiner wishes to explain certain dependent claims in more detail. Claim 3 and similar claims require that the queries “include a traffic criteria and a location criteria” and the generated result returns packets that meet the traffic criteria and network devices that meet the location criteria. These are again simply particular conventional forms of observations and evaluations, but Examiner further notes that this is simply data filtering, which has been found to be ineligible subject matter in BASCOM v AT&T.
Although Claim 7 directly claims the sensing of the information that is queried, that sensing is itself also an observation.
Examiner exempts from this rejection Claims 8-9 and similar claims, which relevantly obtain modifications to rules, verify that the rules do not conflict with policies, and (in Claim 9) implement the modifications. Although these constitute observations and evaluations as well, they nominally improve a computer system by determining whether a proposed modification would violate a policy, which is an improvement to the functioning of a computer system and therefore renders the claims eligible at Step 2A Prong Two.
Claims not specifically mentioned are rejected by virtue of dependency and because they do not obviate the above-recited deficiencies.


Claim Rejections - 35 USC § 103
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav (US Pub. 2016/0359872) in view of Zhang (US Pub. 2015/0016460).
With respect to Claim 1, Yadav teaches a network verification computer system for a network (Fig. 1, paras. 12, 16, 23-27; system monitors, analyzes, and implements policy for a data center network. Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, gateways.)
that includes a plurality of network devices having network interfaces that are connected to each other through data communication links, (paras. 13-17; system creates sensors that reside upon nodes of a data center network such as a router or gateway. para. 541-545, 549; system displays nodes and connections of the nodes.)
the computer system comprising a processor that is programmed to: (para. 57; system includes a processor)
generate a user-interface (paras. 57-58; system has a graphical user interface)
configured to receive queries from a user that are input using the input device, (paras. 445-448; system may receive queries about hosts or flows and will visualize the result.)
and request verification of network policies (paras. 26-28; analytics module accesses policies and can determine, establish, or change policies. paras. 378-392; system analyzes traffic and policies to see which policies are being enforced. See also paras. 425-438; system analyzes for compliance with policies.)
and predictions of network behavior, (paras. 28, 393-409; System can simulate “what if” experiments and how the network would change if different policies were applied without actually going live. Paras. 24, 28, 33; analytics module may predict what will happen in the event the network changes.)
and process the queries using a graph data structure (para. 34; web frontend presents data in visual form such as tree maps, acyclic dependency maps. paras. 358-360; system has network graph. Paras. 559-565; data stored as vectors.)
that stores information about the network in a plurality of forwarding nodes and forwarding edges (Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, gateways. Para. 20; collectors can be connected to a top of rack switch. Para. 20; collectors store sensed information. Para. 132; sensors also store data.)
to generate query results that are displayed to the user, (paras. 445-448; system may receive queries about hosts or flows and will visualize the result.)
wherein each of the forwarding nodes represents a set of packets to be processed at one of a plurality of network locations, (Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, and gateways. paras. 378-392; system applies policies such as a whitelist to traffic flows to direct the flows. Para. 442; blacklist.)
and the plurality of forwarding nodes include a first forwarding node representing a first set of packets to be processed at the first network location, a second forwarding node representing the first set of packets to be processed at the second network location, a third forwarding node representing a second set of packets to be processed at the first network location, and a fourth forwarding node representing the second set of packets to be processed at the second network location, (Colocation will be taught later. Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, and gateways. paras. 378-392; system applies policies such as a whitelist to traffic flows to direct the flows. Para. 442; blacklist. Paras. 358; packets between all nodes can be tracked and collected. Paras. 75-76, 112-114, 123-124, 198; system can track flows as they move throughout the system. Thus the system can track both a set of packets at different locations and different sets of packets within the same location.)
and each of the first, second, third, and fourth forwarding nodes is associated with attributes of the same one of the network devices. (Colocation will be taught later. Examiner asserts this limitation is tautological since the claim requires each of the first/second/third/fourth forwarding nodes to be processed at the first/second locations and the first/second locations are within the same one of the network devices (i.e. they are inherently associated with attributes because they are all processed in a device with the other forwarding nodes). Regardless, Examiner cites para. 17; VM BIOS ID, which is a device attribute. Para. 79-80, 442; device operating system. para. 87-88; device type. para. 352; system can determine manufacturer. Para. 532; sensor can determine hostname. Paras. 612-613, 623-627; system can determine node and cluster attributes.)
But Yadav does not explicitly teach the network locations including first and second network locations that are within a same one of the network devices.
Zhang, however, does teach the network locations including first and second network locations that are within a same one of the network devices, (Examiner asserts that Yadav renders this feature obvious on its own. Yadav discloses both virtual switches and hypervisors, paras. 85-86, which Examiner asserts suggests multiple virtual switches on the same host. However, to compact prosecution Examiner cites Zhang, Fig. 1, paras. 36-39; logical router and a plurality of logical switches to virtual machines may all reside on a single host machine. VM1 to VM2 goes through switches A and B and the router. See also paras. 40-41; device contains multiple forwarding tables, and matching may result in a resubmit action to allow for further processing within the tables.)
It would have been obvious to one of ordinary skill prior to the effective filing date to combine the system of Yadav with the multiple switches in the same device to perform multiple actions for packet processing and routing at once. (Zhang, para. 41)

With respect to Claim 2, modified Yadav teaches the network verification computer system of claim 1, and Yadav also teaches wherein each of the forwarding edges represents packet processing rules of one of the forwarding nodes. (paras. 378-392; whitelist and policies that control traffic flow, which are packet processing rules of the nodes.)

With respect to Claim 3, modified Yadav teaches the network verification computer system of claim 1, and Yadav also teaches wherein the processor processes one of the queries that includes a traffic criteria (Para. 445-448; search can include searches for hosts and flows. Paras. 449-454; search of protocol to return flows in the searched protocol. Para. 455; flows can be tagged and can be searched based on tags.)
and a location criteria, (Para. 445-448; search can include searches for hosts and flows. paras. 17, 81-83, 532, 612-613, 623-627; sensor can determine its geolocation and the host device. Para. 48; packet logs include source and destination host name and location.)
to generate a query result that includes one or more sets of packets that meet the traffic criteria and one or more network devices that meet the location criteria. (paras. 445-448; system returns results meeting the search criteria and ranks them.)

With respect to Claim 4, modified Yadav teaches the network verification computer system of claim 3, and Yadav also teaches wherein in the graph data structure, each of the forwarding nodes is associated with attributes of one of the network devices, (para. 17; VM BIOS ID, which is a device attribute. Para. 79-80, 442; device operating system. para. 87-88; device type. para. 352; system can determine manufacturer. Para. 532; sensor can determine hostname. Paras. 612-613, 623-627; system can determine node and cluster attributes. paras. 17, 81-83, 532, 612-613, 623-627; sensor can determine its geolocation and the host device.)
and the processor examines the forwarding nodes and forwarding edges of the graph data structure to find the sets of packets that meet the traffic criteria (paras. 445-448; system returns results meeting the search criteria and ranks them.)
and examines the attributes of the network devices to find the network devices that meet the location criteria. (paras. 445-448; system returns results meeting the search criteria and ranks them.)

With respect to Claim 5, modified Yadav teaches the network verification computer system of claim 1, and Yadav also teaches wherein the graph data structure stores information about the network at a first point in time in a first set of forwarding nodes and forwarding edges and stores information about the network at a second point in time that is different from the first point in time in a second set of forwarding nodes and forwarding edges. (para. 101; collector can collect historical statistics and compare it to current data being reported by the sensors. Para. 292-293; historical snapshot of traffic. Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, gateways. Para. 20; collectors can be connected to a top of rack switch.)

With respect to Claim 6, modified Yadav teaches the network verification computer system of claim 1, and Yadav also teaches wherein the graph data structure is generated based on state information of the network devices. (paras. 85-88; system determines device type including forwarding models. Paras. 383-392, 425-438, 492; white and black lists, which are states of firewalls. Paras. 16, 26, 108, 369; state of node, network, sensor, host.)

With respect to Claim 7, modified Yadav teaches the network verification computer system of claim 6, and Yadav also teaches wherein the network devices are virtual network devices (paras. 16, 24, 85-88; sensed devices may be virtual devices.)
and the state information of the virtual network devices is collected from a controller of a software-defined network. (Paras. 26-27; policies are enforced by a manual or automatic network control scheme such as a security policy controller that has policy data, which is a controller of a software-defined network. See also para. 49; analytics module can control access control list and firewalls to modify security policy, which is a software-defined network controller. To the extent that state information is sensed by the sensors rather than analytics module, Examiner notes that the sensors and analytics module are part of the same monitoring system (see Fig. 2, para. 44) and it would have been obvious to one of ordinary skill prior to the effective filing date to combine the functionality of the sensors and the controllers to have a single agent that determines and modifies state.)

With respect to Claim 8, modified Yadav teaches the network verification computer system of claim 7, and Yadav also teaches wherein the processor is further programmed to: obtain modifications to packet processing rules of the network devices; generate a graph data structure that stores information about a hypothetical network that includes the network devices with modified packet processing rules; (paras. 28, 393-409; system analyzes simulated changes including “what if” analysis that involves changing policies or memberships. para. 34; web frontend presents data in visual form such as tree maps, acyclic dependency maps. paras. 358-360; system has network graph. Paras. 559-565; data stored as vectors.)
and verify, using the graph data structure, whether or not the modifications comply with the network policies. (paras. 425-438; system determine whether flows are in compliance with policies or not. See also paras. 405-409; system analyzes simulated changes to see if they are in compliance with policies.)

With respect to Claim 9, modified Yadav teaches the network verification computer system of claim 8, and Yadav also teaches wherein the processor is further programmed to: upon verifying that the modifications comply with the network policies, send the modifications to the network devices for adoption by the network devices. (paras. 26-28; system analyzes changes to the system and policies. Administrator determines whether to implement new policies for handling data packets or policies can dynamically change. Para. 49; analytics module can modify access control list or firewall.)

With respect to Claim 10, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying.

With respect to Claims 11-18, they are substantially similar to Claims 2-9, respectively, and are rejected in the same manner, the same art and reasoning applying.

With respect to Claim 19, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Yadav also teaches a non-transitory computer readable medium comprising instructions (para. 61; non-transitory computer readable media)

With respect to Claim 20, it is substantially similar to Claim 8 and is rejected in the same manner, the same art and reasoning applying.


Remarks
	Examiner is the same Examiner from parent Application 15/683650. Examiner makes no provisional double patenting rejection to the parent application because Examiner knows it to be abandoned.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205.  The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/NICHOLAS P CELANI/Examiner, Art Unit 2449