Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This office action is in response to applicant’s amendment filed, 12 September 2022, of application filed, with the above serial number, on 15 July 2019 in which claims 1, 12, 19 have been amended. Claims 1-20 are pending in the application. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. The independent claims have each been amended to add “enabling generation of an intermediate representation to include individual security policy instructions representative of the global security group;…compiling … to generate a set of low-level intermediate representation instructions to implement the indicated change to the high-level virtual network policy”. It is indefinite if there are two intermediate representations being generated; if the indicated change is to the high-level policy or the intermediate representation that is enabled to be generated; is the intermediate representation not low-level?, etc.
Claims 11, 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. The claim recites determining a goal state for the set of virtual networks based on the set of low-level intermediate representation instructions. It is indefinite if the determined goal state based on the set of low-level intermediate representation instructions is distinct from the achieved goal state indicated by the high-level virtual network policy in the independent claim.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 is/are rejected under 35 U.S.C. 102a1 as being anticipated by Wolting (hereinafter “Wolting”, 2016/0173338).
As per Claim 1, Wolting discloses a computer-implemented method for managing a set of virtual networks, the method performed by a software-defined network (SDN) compiler communicatively coupled to an SDN function configured to manage resources of the set of virtual networks (at least paragraph 312-312, 323-324; SDN Compiler sending instructions to SDN Controller), the method comprising: 
determining a current network state of the set of virtual networks (at least paragraph 323-324; Multiple logical networks can be defined and created simultaneously on the same physical and virtual networking and computing resources, this specification specifies an arbitrary logical network, consisting of an arbitrary number of logical nodes in an arbitrary topology with an arbitrary forwarding policy, determining the forwarding paths, the logical nodes being mapped to arbitrary physical and virtual network and computing resources); 
receiving data indicative of a high-level virtual network policy, the data conforming to a syntax for describing the high-level virtual network policy, the syntax including a representation of a network configuration, associations between nodes of the network configuration, and security groups for the network configuration (at least paragraph 323-324, 380-388; User defining a network in a high-level network specification; this specification specifies an arbitrary logical network, consisting of an arbitrary number of logical nodes in an arbitrary topology with an arbitrary forwarding policy, determining the forwarding paths, the logical nodes being mapped to arbitrary physical and virtual network and computing resources; high-level specification comprise such as, but not limited to, a high-level programming or scripting language syntax; logical network defined by specifying logical nodes, adjacencies between nodes, fwd policies, mapping from physical to logical nodes; at least paragraph 366-375, 669, 1203: Reactive path instantiation by an SDN Compiler in which a request is made by the physical or virtual node to the SDN Compiler to provide the relevant forwarding entry for a packet that does not match against a forwarding entry provides additional security over traditional networking, as the SDN Compiler explicitly has to provide forwarding entries for a requested path. An SDN Network allows for granular control of paths in the network, which allows for example but not limited to providing different levels of security for different paths from a source network to a destination network; ie. claimed security group being a collection/group of virtual nodes defined by the user at high level for the compiler to create the virtual network with forwarding rules of an NFV node being a switch/firewall restricting communication between only those in each virtual network created, where multiple logical networks are created simultaneously on the same physical and virtual networking resources resulting in each logical network being a security group with defined network configuration and node associations), wherein the syntax enables the high-level virtual network policy to define a global security group to capture commonalities among multiple security groups (at least paragraph 520, 1203, 746, 358-365, 379, 776, 790, Fig. 32A; multiple logical/virtual networks as part of larger global network YYYY with commonalities being in the network of nodes and/or at a common level or depth where the user defines policies via the SDN compiler and could include an overall policy including firewall policy, being applied to specific nodes in the network [wherein firewall policy for a network providing a global security group for that network with commonalities being nodes in that network].  See also par. 1531: “an example virtual switch node HB of FIG. 14A illustrates Network Functions Virtualization (NFV), in which a virtual switch node could perform optional operations such as but not limited to monitoring and/or recording and/or buffering and/or modifying of the incoming packet header and/or payload before forwarding the packet to one or more of it's output ports, or blocking an incoming packet. Said additional optional operations could be specified by a user of the SDN Compiler. As an example, but not limited to, we consider a logical network comprising of logical nodes NA, NB, NE, NF as shown in FIG. 61I. Logical nodes NA, NB, NE, NF are mapped to physical nodes QA, QB, QE, QF respectively through depth-mappings. Topology-mappings named J24 and J28 were FIG. 61B as well. Topology-mapping J53 is created using the first method to create topology-mappings and comprises of a concatenation of the depth-mapping named J8, the topology-mappings named J2, J3, J4 and the depth-mapping named J13. Topology-path J54 comprises of a concatenation of topology-mappings J24, J53, J28. Physical node QB performs “action 1” on an incoming packet, physical node QC performs “action 2” on an incoming packet, physical node QE performs “action 3” and “action 4” on an incoming packet.”); and
enabling generation of an intermediate representation to include individual security policy instructions representative of the global security group (at least paragraph 520, 1203, 746, 358-365, 379, 1531, 776, 790, Fig. 32A; par. 1531: “an example virtual switch node HB of FIG. 14A illustrates Network Functions Virtualization (NFV), in which a virtual switch node could perform optional operations such as but not limited to monitoring and/or recording and/or buffering and/or modifying of the incoming packet header and/or payload before forwarding the packet to one or more of it's output ports, or blocking an incoming packet. Said additional optional operations could be specified by a user of the SDN Compiler. As an example, but not limited to, we consider a logical network comprising of logical nodes NA, NB, NE, NF as shown in FIG. 61I. Logical nodes NA, NB, NE, NF are mapped to physical nodes QA, QB, QE, QF respectively through depth-mappings. Topology-mappings named J24 and J28 were FIG. 61B as well. Topology-mapping J53 is created using the first method to create topology-mappings and comprises of a concatenation of the depth-mapping named J8, the topology-mappings named J2, J3, J4 and the depth-mapping named J13. Topology-path J54 comprises of a concatenation of topology-mappings J24, J53, J28. Physical node QB performs “action 1” on an incoming packet, physical node QC performs “action 2” on an incoming packet, physical node QE performs “action 3” and “action 4” on an incoming packet.”; 
detecting, based at least in part on the high-level virtual network policy, an indicated change to the current network state (at least paragraph 323-325; ‘SDN Compiler’ process should allow for reasonably fast calculation of these instructions when any change in the logical network definition or physical or virtual resources occurs); 
compiling, based on detecting the indicated change, at least a portion of the syntax for the high-level virtual network policy to generate a set of low-level intermediate representation instructions to implement the indicated change to the high-level virtual network policy (at least paragraph 323-324; Point 2 referred to above provides the translation or compilation from a high-level network specification into a set of instructions for the appropriate physical and virtual networking and computing resources. We have termed this process an ‘SDN Compiler’ process in analogy with compilers used in computing, translating a high-level language into lower-level instructions.); and 
applying the set of low-level intermediate representation instructions in a network configuration for managing the set of virtual networks (at least paragraph 310-326; Fig. 1) (at least paragraph 310-326, 398-399, Fig. 1; distributes instructions from compiler to SDN nodes implementing physical and virtual networks);
detecting a failure of the set of virtual network to achieve a goal state indicated by the high-level virtual network policy (at least paragraph 312-324, 380-388, 669, 1187, 1202; eg. SDN compiler configuring network as defined by user; “It extends the creation of forwarding tables to physical host nodes, physical NIC nodes, virtual switch nodes and virtual host nodes, beyond the usual creation of forwarding tables for physical switch nodes. Furthermore, the SDN Compiler could request the SDN Controller, a Server Management System and/or Cloud Management System to create, modify, delete and/or move (to a different physical resource) virtual resources in case this is required to meet the requirements of the user of the SDN Compiler. Furthermore, the SDN Compiler could request the SDN Controller or a Network Management System to modify properties of the physical network that can be modified, e.g. request to modify the links between physical nodes in case an optical network consisting of Remote Optical Add/Drop Multiplexers (ROADMs) or Optical Cross Connects is used to interconnect the nodes of the packet switching network. As such, the SDN Compiler becomes the central component that can optimize physical and virtual networking and computing resources based on the needs of the user(s) of the SDN Compiler such as e.g. applications”); and
in response to detecting a failure of the set of virtual network to achieve the goal state indicated by the high-level virtual network policy, modifying the network configuration to establish the associations specified in the high-level virtual network policy (at least paragraph 312-324, 380-388, 669, 1187, 1202; eg. SDN compiler configuring network as defined by user; “It extends the creation of forwarding tables to physical host nodes, physical NIC nodes, virtual switch nodes and virtual host nodes, beyond the usual creation of forwarding tables for physical switch nodes. Furthermore, the SDN Compiler could request the SDN Controller, a Server Management System and/or Cloud Management System to create, modify, delete and/or move (to a different physical resource) virtual resources in case this is required to meet the requirements of the user of the SDN Compiler. Furthermore, the SDN Compiler could request the SDN Controller or a Network Management System to modify properties of the physical network that can be modified, e.g. request to modify the links between physical nodes in case an optical network consisting of Remote Optical Add/Drop Multiplexers (ROADMs) or Optical Cross Connects is used to interconnect the nodes of the packet switching network. As such, the SDN Compiler becomes the central component that can optimize physical and virtual networking and computing resources based on the needs of the user(s) of the SDN Compiler such as e.g. applications”).
  As per Claim 2. The computer-implemented method of claim 1, wherein determining the current network state comprises generating or receiving the high-level virtual network policy for a managed network at least paragraph 323-324, 380-388; User defining a network in a high-level network specification; this specification specifies an arbitrary logical network, consisting of an arbitrary number of logical nodes in an arbitrary topology with an arbitrary forwarding policy, determining the forwarding paths, the logical nodes being mapped to arbitrary physical and virtual network and computing resources).  
As per Claim 3. The computer-implemented method of claim 2, wherein detecting the indicated change comprises detecting the indicated change as indicated via a user interface (at least paragraph 311, 315, 323-325, specification of this logical network abstraction is the ‘high-level network specification’ inputted by the user… ‘SDN Compiler’ process should allow for reasonably fast calculation of these instructions when any change in the logical network definition or physical or virtual resources occurs).  
As per Claim 4. The computer-implemented method of claim 1, wherein determining the current network state comprises inferring, based on a current network configuration, the current network state of the set of virtual networks as unmanaged virtual networks (at least paragraph 312-312, 323-324; eg. unconfigured physical network elements prior to SDN compiling).  
As per Claim 5. The computer-implemented method of claim 4, wherein detecting the change is based on determining to manage the unmanaged virtual networks (at least paragraph 312-312, 323-324; user defining network for sdn compilation).  
As per Claim 6. The computer-implemented method of claim 1, wherein determining the current network state comprises determining a previous set of low-level intermediate representation instructions representing the current network state, and wherein compiling the high-level virtual network policy comprises adding one or more low-level intermediate representation instructions to, removing one or more low-level intermediate representation instructions from, or modifying one or more low-level intermediate representation instructions of, the previous set of low-level intermediate representation instructions to generate the set of low-level intermediate representation instructions (at least paragraph 312-312, 323-324, 669; User defining a network in a high-level network specification; the SDN Compiler could request the SDN Controller, a Server Management System and/or Cloud Management System to create, modify, delete and/or move (to a different physical resource) virtual resources in case this is required to meet the requirements of the user of the SDN Compiler).  
As per Claim 7. The computer-implemented method of claim 6, wherein determining the current network state comprises generating the previous set of low-level intermediate representation instructions based on one or more parameters specified in a configuration of the set of virtual networks as unmanaged virtual networks (at least paragraph 312-312, 323-324; User defining a network in a high-level network specification).  
As per Claim 8. The computer-implemented method of claim 1, wherein compiling the high-level virtual network policy comprises determining one or more high-level virtual network policy parameters, and wherein generating the set of low-level intermediate representation instructions is based on the one or more high-level virtual network policy parameters (at least paragraph 323-324, 380-388; User defining a network in a high-level network specification; this specification specifies an arbitrary logical network, consisting of an arbitrary number of logical nodes in an arbitrary topology with an arbitrary forwarding policy, determining the forwarding paths, the logical nodes being mapped to arbitrary physical and virtual network and computing resources; high-level specification comprise such as, but not limited to, a high-level programming or scripting language syntax; logical network defined by specifying logical nodes, adjacencies between nodes, fwd policies, mapping from physical to logical nodes; at least paragraph 366-375, 669, 1203: Reactive path instantiation by an SDN Compiler in which a request is made by the physical or virtual node to the SDN Compiler to provide the relevant forwarding entry for a packet that does not match against a forwarding entry provides additional security over traditional networking, as the SDN Compiler explicitly has to provide forwarding entries for a requested path. An SDN Network allows for granular control of paths in the network, which allows for example but not limited to providing different levels of security for different paths from a source network to a destination network).  
As per Claim 9. The computer-implemented method of claim 8, wherein compiling the high-level virtual network policy comprises determining whether the set of low-level intermediate representation instructions exist in a current set of low-level intermediate representation instructions corresponding to the current network state (at least paragraph 323-324, 380-388; User defining a network in a high-level network specification; this specification specifies an arbitrary logical network, consisting of an arbitrary number of logical nodes in an arbitrary topology with an arbitrary forwarding policy, determining the forwarding paths, the logical nodes being mapped to arbitrary physical and virtual network and computing resources; high-level specification comprise such as, but not limited to, a high-level programming or scripting language syntax; logical network defined by specifying logical nodes, adjacencies between nodes, fwd policies, mapping from physical to logical nodes; at least paragraph 366-375, 669, 1203: Reactive path instantiation by an SDN Compiler in which a request is made by the physical or virtual node to the SDN Compiler to provide the relevant forwarding entry for a packet that does not match against a forwarding entry provides additional security over traditional networking, as the SDN Compiler explicitly has to provide forwarding entries for a requested path. An SDN Network allows for granular control of paths in the network, which allows for example but not limited to providing different levels of security for different paths from a source network to a destination network; the SDN Compiler could request the SDN Controller, a Server Management System and/or Cloud Management System to create, modify, delete and/or move (to a different physical resource) virtual resources in case this is required to meet the requirements of the user of the SDN Compiler).  
As per Claim 10. The computer-implemented method of claim 1, wherein the indicated change to the high-level virtual network policy includes specifying an association between two or more virtual networks in the set of virtual networks, and wherein compiling the high-level virtual network policy comprises generating the set of low-level intermediate representation instructions to add, in a software-defined network (SDN) configuration, an indication of the association between the two or more virtual networks (at least paragraph 312-324, 398, 669, 784; ie. Topology-mappings are adjacencies between networks).  
As per Claim 11. The computer-implemented method of claim 1, wherein applying the set of low-level intermediate representation instructions in the network configuration comprises determining a goal state for the set of virtual networks based on the set of low-level intermediate representation instructions, and modifying a software-defined network (SDN) configuration to achieve the goal state (at least paragraph 312-324, 380-388, 669, 1187, 1202; eg. SDN compiler configuring network as defined by user; “It extends the creation of forwarding tables to physical host nodes, physical NIC nodes, virtual switch nodes and virtual host nodes, beyond the usual creation of forwarding tables for physical switch nodes. Furthermore, the SDN Compiler could request the SDN Controller, a Server Management System and/or Cloud Management System to create, modify, delete and/or move (to a different physical resource) virtual resources in case this is required to meet the requirements of the user of the SDN Compiler. Furthermore, the SDN Compiler could request the SDN Controller or a Network Management System to modify properties of the physical network that can be modified, e.g. request to modify the links between physical nodes in case an optical network consisting of Remote Optical Add/Drop Multiplexers (ROADMs) or Optical Cross Connects is used to interconnect the nodes of the packet switching network. As such, the SDN Compiler becomes the central component that can optimize physical and virtual networking and computing resources based on the needs of the user(s) of the SDN Compiler such as e.g. applications”).  
Claims 12-20 do not, in substance, add or define any additional limitations over claims 1-11 and therefore are rejected for similar reasons, supra.

Response to Arguments
Applicant's arguments filed 12 September 2022 have been fully considered but they are not persuasive.
Applicant argues, in substance, that Wolting does not disclose the amended features: wherein the syntax enables the high-level virtual network policy to define a global security group to capture commonalities among multiple security groups; and
enabling generation of an intermediate representation to include individual security policy instructions representative of the global security group.
The specification describes the above claimed features in para. 0046. It is not clear of the scope of the ‘global security group’ as the example given regards two virtual networks with 4 nodes each. A virtual network could, in theory, comprise 2 nodes that are continents apart and thus global or two VMs on a same machine.
Wolting teaches multiple logical/virtual networks as part of larger global network YYYY with commonalities being in the network of nodes and/or at a common level or depth where the user defines policies via the SDN compiler and could include an overall policy including firewall policy, being applied to specific nodes in the network [wherein firewall policy for a network providing a global security group for that network with commonalities being nodes in that network] (at least paragraph 520, 1203, 746, 358-365, 379, 776, 790, Fig. 32A). Wolting also discloses (par. 1531), similar to the detailed description providing support for the claim amendment: “an example virtual switch node HB of FIG. 14A illustrates Network Functions Virtualization (NFV), in which a virtual switch node could perform optional operations such as but not limited to monitoring and/or recording and/or buffering and/or modifying of the incoming packet header and/or payload before forwarding the packet to one or more of it's output ports, or blocking an incoming packet. Said additional optional operations could be specified by a user of the SDN Compiler. As an example, but not limited to, we consider a logical network comprising of logical nodes NA, NB, NE, NF as shown in FIG. 61I. Logical nodes NA, NB, NE, NF are mapped to physical nodes QA, QB, QE, QF respectively through depth-mappings. Topology-mappings named J24 and J28 were FIG. 61B as well. Topology-mapping J53 is created using the first method to create topology-mappings and comprises of a concatenation of the depth-mapping named J8, the topology-mappings named J2, J3, J4 and the depth-mapping named J13. Topology-path J54 comprises of a concatenation of topology-mappings J24, J53, J28. Physical node QB performs “action 1” on an incoming packet, physical node QC performs “action 2” on an incoming packet, physical node QE performs “action 3” and “action 4” on an incoming packet.”.
Regarding the limitation “in response to detecting a failure of the set of virtual network to achieve the goal state indicated by the high-level virtual network policy, modifying the network configuration to establish the associations specified in the high-level virtual network policy” added to claim 1, similar to claim 11.
Wolting teaches (at least paragraph 312-324, 380-388, 669, 1187, 1202) “It extends the creation of forwarding tables to physical host nodes, physical NIC nodes, virtual switch nodes and virtual host nodes, beyond the usual creation of forwarding tables for physical switch nodes. Furthermore, the SDN Compiler could request the SDN Controller, a Server Management System and/or Cloud Management System to create, modify, delete and/or move (to a different physical resource) virtual resources in case this is required to meet the requirements of the user of the SDN Compiler. Furthermore, the SDN Compiler could request the SDN Controller or a Network Management System to modify properties of the physical network that can be modified, e.g. request to modify the links between physical nodes in case an optical network consisting of Remote Optical Add/Drop Multiplexers (ROADMs) or Optical Cross Connects is used to interconnect the nodes of the packet switching network. As such, the SDN Compiler becomes the central component that can optimize physical and virtual networking and computing resources based on the needs of the user(s) of the SDN Compiler such as e.g. applications”). 
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY TODD whose telephone number is (303)297-4763. The examiner can normally be reached 8:30-5 MST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached on 571-272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GREGORY TODD/Primary Examiner, Art Unit 2443