Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is in response to application filed 01/18/2022.
Claims 22-41 are pending in this application.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/11/2021, 09/14/2021, 03/29/2022, 04/14/2022 has been placed in record and considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937,214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 22-41 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-21 of U.S. Patented Case No. 10,469,324 B2. Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 22-41 of the current application perform the same steps or limitations recited by claims 1-21 of U.S. Patented Case No. 10,469,324 B2 as detailed below by the examiner.  

Claim 22-41
Current Application
Claim 1-21
Patent Case No. 10,469,324 B2
Claim 22: A system, comprising: 
one or more computing devices comprising one or more processors and memory configured to implement virtual network verification service configured to: 
receive a query for a virtual network from a client, wherein the query is expressed as one or more constraint problems regarding the virtual network; 
obtain encoded virtual networking rules for the virtual network, wherein the virtual networking rules are encoded according to a declarative logic programming language; 
obtain an encoded description of the virtual network; 
resolve the query for the encoded description of the virtual network according to the encoded virtual networking rules using a constraint solver engine; and 
provide results of the query resolution for the virtual network to the client

Claim 1. A computer system including a processor coupled to a memory, the memory including instructions for a virtual network verification service that upon execution causes the system to:
receive a query about a virtual network of a plurality of virtual networks from a particular client of a plurality of clients via a client device, wherein the query is expressed as a constraint problem, wherein the virtual network is instantiated for the particular client in a provider network and includes virtual machines, and wherein the provider network hosts the plurality of virtual networks for respective clients of the plurality of clients on a substrate network of the provider network;
obtain rules for the particular client's virtual network, wherein one or more different rules apply to different individual ones of the plurality of virtual networks;
encode the rules for the particular client's virtual network according to a declarative logic programming language to generate encoded virtual networking rules for the particular client's virtual network; and
in response to the query:
obtain descriptive information for the particular client's virtual network;
encode the descriptive information for the particular client's virtual network according to the declarative logic programming language to generate an encoded description of the particular client's virtual network;
resolve the query for the encoded description of the particular client's virtual network according to the encoded virtual networking rules using a constraint solver program, wherein the constraint solver program is configured to resolve constraint problems according to the declarative logic programming language and according to the encoded virtual networking rules; and
provide results of the query resolution about the particular client's virtual network to the client device


Claims 22-41 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,095,523 B2 in view of Monahan et al. (US 2007/0136788 A1).
Regarding claim 22, US Patent ‘523 discloses a system, comprising: one or more computing devices comprising one or more processors and memory configured to implement virtual network verification service (claim 1, lines 1-3) configured to: 
receive a query for a virtual network from a client, wherein the query is expressed as one or more constraint problems regarding the virtual network (claim 1, lines 16-20); 
obtain encoded virtual networking rules for the virtual network, wherein the virtual networking rules are encoded according to a declarative logic programming language (claim 1, lines 8-12); 
obtain an encoded description of the virtual network (claim 1, lines 13-16); 
resolve the query for the encoded description of the virtual network according to the encoded virtual networking rules using a constraint solver engine (claim 1, lines 21-26).
However, ‘523 does not disclose provide results of the query resolution for the virtual network to the client.
In an analogous art, Monahan discloses provide results of the query resolution for the virtual network to the client ([0249]:  an overall process for compiling and solving path queries. Any solutions found are to be displayed graphically in this example. Infrastructure Path Queries 510 are formulated as structured textual objects from a text file description or potentially via some Graphical User Interface).
Therefore, it would have been obvious to a person of ordinary skill at the time the invention was made to modify ‘523 to comprise of “provide results of the query resolution for the virtual network to the client” taught by Monahan.
One of ordinary skilled in the art would have been motivated because it would have enabled to determine what parts of the network are reachable from a given point or part of the network if the configuration is altered and what security controls exist in new paths created between given points or regions of the network if the configuration is altered (Monahan, [0022]).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 22-41 are rejected under 35 U.S.C. 103 as being unpatentable over Monahan et al. (US 2007/0136788 A1) in view of Zadka et al. (US 2015/0006458 A1).
Regarding claim 1, Monahan discloses a system comprising:  one or more computing devices comprising one or more processors and memory configured to implement virtual network verification service ([0023]:  The security properties comprising any of the following; what parts of the network are reachable from a given point or part of the network with an existing configuration, what parts of the network are reachable from a given point or part of the network if the configuration is altered. [0084]:  the infrastructure may also preferentially incorporate virtualization technology (e.g. VMware, MS Virtual Server) that can permit multiple operating system instances (in the form of virtual machines) to run potentially concurrently and simultaneously on processing hardware) configured to:
receive a query for a virtual network from a client, wherein the query is expressed as one or more constraint problems regarding the virtual network ([0187]-[0190]: There are two kinds of queries that will be used: [0188] Node queries that select particular sets of nodes. [0189] Path queries that show that two sets of nodes are linked together by paths satisfying certain constraints. This kind of query naturally involves reachability over the graph of associations. As a result of this expressiveness of linkage, we can impose semantic constraints on the routing connectivity between different classes of nodes); 
obtain encoded virtual networking rules for the virtual network ([0079]-[0080]:  creating an object representing at least one logical path through two or more links of the model, to enable more efficient processing than having the paths represented merely by attributes of objects representing the nodes. Such objects can be part of the model. Encoding and retaining path information with the model in the database is preferable because the particular path information that results as an outcome from path queries can be suitably retained for combination with future queries and for comparison purposes. [0194]:  For example, each router instance will typically have a "rules" attribute whose value could define the permitted VLAN connections. The linkages permitted via the router instance then depend upon these rules and the attributes of the respective associations and their link-classes); 
obtain an encoded description of the virtual network ([0082]:  The model can be generated or maintained by receiving and classifying information about the network infrastructure or application services, to add to the model, and normalizing a path query with reference to class definitions of the model.  [0240]:  a model 300 of the network (here in the form of a utility description, including descriptions of nodes and links, perhaps part built by hand, part built automatically), is used by a reasoning engine 310 using a conventional language such as prolog); 
resolve the query for the encoded description of the virtual network according to the encoded virtual networking rules using a constraint solver engine ([0190]:  we can impose semantic constraints on the routing connectivity between different classes of nodes, for example. This allows particular classes of node, such as firewalls and switches, to have some specific connectivity properties. [0194]:  These special connectivity properties are defined by connection predicates for particular classes and link-classes. For example, each router instance will typically have a "rules" attribute whose value could define the permitted VLAN connections. The linkages permitted via the router instance then depend upon these rules and the attributes of the respective associations and their link-classes.  [0248]:  This result of this process is a graph description sufficiently complete for making path queries over. The resulting graph is then retained/stored in the Infrastructure Graph Model Database 450, ready for access in solving path queries); and 
provide results of the query resolution for the virtual network to the client ([0249]:  an overall process for compiling and solving path queries. Any solutions found are to be displayed graphically in this example. Infrastructure Path Queries 510 are formulated as structured textual objects from a text file description or potentially via some Graphical User Interface).
However, Monahan does not explicitly discloses wherein the virtual networking rules are encoded according to a declarative logic programming language.
In an analogous art, Zadka discloses wherein the virtual networking rules are encoded according to a declarative logic programming language ([0044]:  encoding of configuration information, there are many different possible ways for expressing configuration rules or hypotheses, including in any of various programming languages, in first-order logic expressions or Prolog programs, and in many other ways….encodings that can be used for generating, storing, evaluating, and optimizing hypotheses).
Therefore, it would have been obvious before the effective filed date of the claimed invention to a person having ordinary skill in the art to modify Monahan to comprise “wherein the virtual networking rules are encoded according to a declarative logic programming language” taught by Zadka.
One of ordinary skilled in the art would have been motivated because it would have enabled configuration rules, or logical expressions represented in hypothesis language to be evaluated with respect to configuration data for one or more components automatically, using theorem provers or resolvers (Zadka, [0048]).  

Regarding claim 23, Monahan-Zadka discloses the system as recited in claim 22, wherein the virtual network verification service is further configured to: generate, based on results of the resolution of the query for the encoded description of the virtual network, a configuration for the virtual network that satisfies the constraints specified by the queries (Monahan, [0249]-[0250]:  compiling and solving path queries. Any solutions found are to be displayed graphically in this example. Infrastructure Path Queries 510 are formulated as structured textual objects from a text file description or potentially via some Graphical User Interface. These are passed to the Path Query Normalization processor 520 which consolidates this information with the Infrastructure Class Definitions 440. [0251]:  Any path solutions found are passed to the Solution Path Rendering Engine 550 where this information is rendered into a suitable graphical format 560 ready for display by the external graphics display components).

Regarding claim 24, Monahan-Zadka discloses the system as recited in claim 22, wherein to obtain encoded virtual networking rules for the virtual network, the virtual network verification service is further configured to: obtain rules for the virtual network; and encode the rules for the virtual network according to the declarative logic programming language to generate the encoded virtual networking rules for the virtual network (Zadka, [0044]:  encoding of configuration information, there are many different possible ways for expressing configuration rules or hypotheses, including in any of various programming languages, in first-order logic expressions or Prolog programs, and in many other ways….encodings that can be used for generating, storing, evaluating, and optimizing hypotheses). The same rationale applies as in claim 22.

Regarding claim 25, Monahan-Zadka discloses the system as recited in claim 22, wherein to obtain the encoded description of the virtual network, the virtual network verification service is further configured to: obtain descriptive information for the virtual network; and encode the descriptive information for the virtual network according to the declarative logic programming language to generate the encoded description of the virtual network (Monahan, [0079]-[0080]:  Encoding and retaining path information with the model in the database is preferable because the particular path information that results as an outcome from path queries can be suitably retained for combination with future queries and for comparison purposes. [0082]:  The model can be generated or maintained by receiving and classifying information about the network infrastructure or application services, to add to the model, and normalizing a path query with reference to class definitions of the model.  [0240]:  a model 300 of the network (here in the form of a utility description, including descriptions of nodes and links, perhaps part built by hand, part built automatically), is used by a reasoning engine 310 using a conventional language such as prolog).

Regarding claim 26, Monahan-Zadka discloses the system as recited in claim 25, wherein to obtain the descriptive information for the virtual network, the virtual network verification service is further configured to: receive the descriptive information for the virtual network from the client (Monahan, [0229], [0240]:  This used text based data entry and shows that an effective model can be constructed and then queried in a manner useful to utility customers and providers. A screenshot is shown in FIG. 6. This shows part of a process of adding links and their attributes to the model, by manual text entry, followed by a summary of the objects in the model, their classes, and the number of node objects and link objects. A model 300 of the network (here in the form of a utility description, including descriptions of nodes and links, perhaps part built by hand, part built automatically), is used by a reasoning engine 310 using a conventional language such as prolog).

Regarding claim 27, Monahan-Zadka discloses the system as recited claim 25, wherein to obtain the descriptive information for the virtual network, the virtual network verification service is further configured to: obtain permission from the client to get the descriptive information for the virtual network from one or more provider network service ([0118]-[0121]:  Service Providers and End Customers can obtain, under contract, outsourced IT resources from Utility Providers upon demand. They don't need to concern themselves about systems availability or the cost of running and maintaining all of these systems--this is the responsibility of the Utility Provider. There are several ways in which customers may choose interact with the resources put at their disposal. Here are two ways: Customers have direct access to the computational resources they have rented and utilize them directly on tasks of their own choosing. The software deployed and the data resources used may be owned and provided by the customer. Customers require a standard commodity service using standard infrastructure and configurations); and obtain the descriptive information for the virtual network on the provider network from the one or more provider network services.  [0132], [0138]:  consider the following scenario: a corporate business customer outsources an important part of their IT operations to a Utility Provider, subject to an appropriate Service-Level Agreement and contract. However, to run the service effectively, the customer will need to provide direct access to significant IP such as confidential commercial data. The present inventors have appreciated that constructing some kind of model of the utility system that is accessible to customer and provider alike allows for practical answers to many of these questions. The goal is then to represent the security aspects of a deployed utility, in a form permitting exploration of interesting and relevant "what-if" consequences).

Regarding claim 28, Monahan-Zadka discloses the system as recited claim 22, wherein the virtual network verification service is further configured to: obtain a specification for networking primitives for the virtual network; wherein to obtain the encoded virtual networking rules for the virtual network, the virtual network verification service is further configured to: generate, according to a declarative logic programming language, the encoded virtual networking rules for the virtual network based at least in part on the specified networking primitives (Monahan, [0194]:  For example, each router instance will typically have a "rules" attribute whose value could define the permitted VLAN connections. The linkages permitted via the router instance then depend upon these rules and the attributes of the respective associations and their link-classes.  [0145]:  1. object--fundamental entity within the model, characterized by named attributes that refer to primitive values (e.g. numbers, strings) or other objects. Each object belongs to a class (i.e. classes represent collections of objects and the methods over them). An object is said to be an instance of some class. Examples: nodes, links, associations); wherein to obtain the encoded description of the virtual network, the virtual network verification service is further configured to: generate, according to the declarative logic programming language, the encoded description of the virtual network based at least in part on the specified networking primitives (Monahan, [0154]-[0155]: Functional/object decompositions into sub-systems and sub-processes, corporate data base schemas, metadata and meta modelling information) 3. node--a primitive object representing a specific thing of interest that may appear the model. Examples of entities which can be represented by Nodes).

Regarding claims 29 and 36; the claims are interpreted and rejected for the same reason as set forth in claim 22.

Regarding claims 30 and 37; the claims are interpreted and rejected for the same reason as set forth in claim 23.

Regarding claims 31 and 38; the claims are interpreted and rejected for the same reason as set forth in claim 24.

Regarding claims 32 and 39; the claims are interpreted and rejected for the same reason as set forth in claim 25.

Regarding claim 33; the claim is interpreted and rejected for the same reason as set forth in claim 26.

Regarding claims 34 and 40; the claims are interpreted and rejected for the same reason as set forth in claim 27.

Regarding claims 35 and 41; the claims are interpreted and rejected for the same reason as set forth in claim 28.


Additional References
	The prior art made of record and not relied upon is considered pertinent to applicants disclosure.
Tan et al., US 2020/0067962 A1: Model Based Methology for Translating High Level Cyber Treat Descriptions Into System Specific Actionable Defense Tactics.
Amies et al., US 2014/0189125 A1.: Querying and Managing Computing Resources in a Networked Computing Environment.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUAN C TURRIATE GASTULO whose telephone number is (571)272-6707. The examiner can normally be reached Monday - Friday 8 am-4 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian J Gillis can be reached on 571-272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.C.T/Examiner, Art Unit 2446      

/BRIAN J. GILLIS/Supervisory Patent Examiner, Art Unit 2446