Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the instant Application 17/216,391 filed on 3/29/2021. Claims 1-20 are pending. This Office Action is Non-Final.


Claim Rejections - 35 USC § 101
	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U. S. C. 101 as being directed to non-statutory subject matter as being directed to an abstract idea without being integrated into a practical application or significantly more.
	Regarding claim 1, the claim is directed to an abstract idea as reciting the limitations “receiving network information,” “determining one or more security policies” and “providing a recommendation.”  The aforementioned steps are “re-arranging human activities” as broadly interpreted said steps could be performed in the human mind. Therefore, the claim recites an abstract idea.  
	Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that utilize determination result into a practical application.  It’s noted that the claims recite additional elements (i.e., processor/memory, computing system).  However, said additional elements are recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of obtaining, constructing, computing or applying etc.,) such that it amounts no more than mere instructions to apply the exception or abstract idea using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  
	The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.   As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. See US Applications 2013/0254535, 2015/0156194 and 2011/0154027.  As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component.  Therefore, the claim is directed to non-statutory subject matter.
Regarding claim 11, claim 11 is directed to a system associated with the method of claim 1. Claim 11 is of similar scope to claim 1, and are therefore rejected under similar rationale.

	Regarding claims 2-10 and 12-20; the dependent claims are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea without being integrated into a practical application or significantly more.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-7 and 11-17 is/are rejected under 35 U.S.C. 102(A)(1) as being anticipated by Kumar et al (US 10,771,506).

	As per claim 1, Kumar discloses a method comprising: receiving network information corresponding to a first network (Kumar, Col. 8 Lines 19-29 recites “As shown in FIG. 4, process 400 may include receiving network topology information of a network and device capability information of devices in the network (block 410). For example, security platform 230 may receive the network topology information of monitored network 210 and the device capability information for client devices 215 and/or network devices 217 (which may be referred to herein, collectively, as devices 215, 217) and/or the network topology information of cloud computing environment 220 and the device capability information for cloud network device 222 and/or computing resource 225.”);
	programmatically analyzing the network information (Kumar, Col. 9 Lines 37-47 recites “As further shown in FIG. 4, process 400 may include detecting a threat to the network (block 420). For example, security platform 230 may detect a threat to monitored network 210. In some implementations, security platform 230 may detect the threat based on being activated or configured to provide security services for monitored network 210. As used herein, a threat indicates a presence of malware in a network (e.g., the monitored network 210), the potential for malware to be in the network, or the potential for malware to reach the network.” By attempting to detect a network threat, you are effectively analyzing the network information);
	programmatically determining one or more security policies from a library of security policies, the programmatically determining based on a result of programmatically analyzing the network information; and providing a recommendation to a user, wherein the recommendation includes at least one of the one or more security policies (Kumar, Col. 11 Lines 18-58 recites “As further shown in FIG. 4, process 400 may include selecting a security policy and an enforcement device of the network to enforce the security policy based on the topology information, the device capability information, and the threat information (block 440). For example, security platform 230 may select the security policy and the enforcement device, such as network device 217, to enforce the security policy. In some implementations, security platform 230 may select the security policy and the enforcement device based on detecting the threat and/or determining the threat information.  As used herein, a security policy is a set of rules or instructions for one or more enforcement devices to enforce in order to mitigate a threat. For example, a security policy may provide instructions to quarantine a device (e.g., by disconnecting or rerouting communication links of the device), instructions to block traffic to/from a device (e.g., by filtering information to/from the device), instructions to shut down a device or operations of a device, instructions to scrub a device affected by a threat (e.g., by removing malware from the device), instructions to limit access from the device by a threat to mission critical services, or the like. In some implementations, security policies may be provided or suggested by the threat feeds described above, may be provided by another threat enforcement device, and/or may be selected from a list of security policies that may be deployed by security platform 230. As used herein, an enforcement device may be one or more devices (e.g., devices 215, 217) of a network (e.g., monitored network 210) capable of enforcing or implementing a security policy. For example, the enforcement device may be network device 217, such as a switch to quarantine an affected device and/or a firewall to prevent traffic to/from an affected client device 215 (e.g., via a traffic filter). Although example descriptions herein may refer to network device 217 as an enforcement device, in some implementations, an enforcement device may be a client device 215 that may scrub or remove malware from itself or another client device 215 using security removal software that may scrub or remove malware and/or that may block or prevent communications with an affected client device 215.” A user is given a list of suggested security policies which a user will have to select to address the network issues.).

	As per claim 2, Kumar discloses the method of claim 1, Kumar further discloses wherein the library of security policies includes user contributed security policies (Kumar, Col. 12 Line 59 – Col. 13 Line 7 recites “In some implementations, security platform 230 may select the security policy and/or the enforcement device based on machine learning techniques. For example, security platform 230 (and/or another device in communication with security platform 230) may receive and/or store information associated with deployments of security policies to particular enforcement devices to mitigate particular threats. Accordingly, when detecting threats with similar characteristics (e.g., a same type, a same location in a network, a same risk level, etc.) to those that have been previously detected, machine learning techniques may be used to select a security policy and/or enforcement device based on success rates tracked for previous deployments of security policies to mitigate threats in networks with similar network topologies, device capabilities, and/or available enforcement devices.” Similarities are being interpreted to be attributes.).

	As per claim 3, Kumar discloses the method of claim 1, Kumar further discloses wherein the network information includes one or more of network traffic, device information, application information, network protocols implemented in the network, and topology (Kumar, Col. 8 Lines 19-29 recites “As shown in FIG. 4, process 400 may include receiving network topology information of a network and device capability information of devices in the network (block 410). For example, security platform 230 may receive the network topology information of monitored network 210 and the device capability information for client devices 215 and/or network devices 217 (which may be referred to herein, collectively, as devices 215, 217) and/or the network topology information of cloud computing environment 220 and the device capability information for cloud network device 222 and/or computing resource 225.”).

	As per claim 4, Kumar discloses the method of claim 1, Kumar further discloses wherein the network information is obtained automatically (Kumar, Col. 8 Lines 29-37 recites “ In some implementations, security platform 230 may receive and/or determine the network topology information and/or the device capability information based on being placed in communication with monitored network 210, based on being powered-on, based on being activated or configured to provide security services for monitored network 210, based on receiving an instruction to provide security services for monitored network 210, or the like.” A monitored network would read on automatically receiving network information). 

	As per claim 5, Kumar discloses the method of claim 1, Kumar further discloses wherein the network information is obtained from user input (Kumar, Col. 8 Lines 29-37 recites “ In some implementations, security platform 230 may receive and/or determine the network topology information and/or the device capability information based on being placed in communication with monitored network 210, based on being powered-on, based on being activated or configured to provide security services for monitored network 210, based on receiving an instruction to provide security services for monitored network 210, or the like.”). 

	As per claim 6, Kumar discloses the method of claim 1, Kumar further discloses updating the network information based on a change in one or more of network traffic, device information, application information, protocols and topology associated with the first network (Kumar,Col. 8 Lines 44-53 recites “ For example, if a device or communication link is added to, removed from, and/or modified in monitored network 210 or cloud computing environment 220, security platform 230 may receive updated topology information and/or device capability information. In some implementations, security platform 230 is capable of identifying the changes (e.g., by comparing previous network topology information and/or previous device capability information to updated network topology information and/or updated device capability information).”),
	and performing the programmatically analyzing, the programmatically determining, and the providing based on updated network information (Kumar, Col. 9 Lines 37-47 recites “As further shown in FIG. 4, process 400 may include detecting a threat to the network (block 420). For example, security platform 230 may detect a threat to monitored network 210. In some implementations, security platform 230 may detect the threat based on being activated or configured to provide security services for monitored network 210. As used herein, a threat indicates a presence of malware in a network (e.g., the monitored network 210), the potential for malware to be in the network, or the potential for malware to reach the network.” By attempting to detect a network threat, you are effectively analyzing the network information).

	As per claim 7, Kumar discloses the method of claim 1, Kumar further discloses wherein programmatically determining includes matching one or more security rules with one or more attributes of the network information (Kumar, Col. 12 Line 59 – Col. 13 Line 7 recites “In some implementations, security platform 230 may select the security policy and/or the enforcement device based on machine learning techniques. For example, security platform 230 (and/or another device in communication with security platform 230) may receive and/or store information associated with deployments of security policies to particular enforcement devices to mitigate particular threats. Accordingly, when detecting threats with similar characteristics (e.g., a same type, a same location in a network, a same risk level, etc.) to those that have been previously detected, machine learning techniques may be used to select a security policy and/or enforcement device based on success rates tracked for previous deployments of security policies to mitigate threats in networks with similar network topologies, device capabilities, and/or available enforcement devices.”).

	Regarding claim 11, claim 11 is directed to a similar system associated with the method of claim 1 respectively. Claim 11 is similar in scope to claim 1, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 12, claim 12 is directed to a similar system associated with the method of claim 2 respectively. Claim 12 is similar in scope to claim 2, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 13, claim 13 is directed to a similar system associated with the method of claim 3 respectively. Claim 13 is similar in scope to claim 3, respectively, and are therefore rejected under similar rationale.

	Regarding claim 14, claim 14 is directed to a similar system associated with the method of claim 4 respectively. Claim 14 is similar in scope to claim 4, respectively, and are therefore rejected under similar rationale.

	Regarding claim 15, claim 15 is directed to a similar system associated with the method of claim 5 respectively. Claim 15 is similar in scope to claim 5, respectively, and are therefore rejected under similar rationale.

	Regarding claim 16, claim 16 is directed to a similar system associated with the method of claim 6 respectively. Claim 16 is similar in scope to claim 6, respectively, and are therefore rejected under similar rationale.
	
	Regarding claim 17, claim 17 is directed to a similar system associated with the method of claim 7 respectively. Claim 17 is similar in scope to claim 7, respectively, and are therefore rejected under similar rationale.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.


Claim(s) 8, 9, 18 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (US 10,771,506) in view of Sikes et al. (US 2022/0159784).

	As per claim 8, Kumar discloses the method of claim 1, but fails to teach wherein programmatically analyzing includes identifying, based on network traffic, one or more applications executing on a device that is a part of the network.
	However, in an analogous art Sikes teaches wherein programmatically analyzing includes identifying, based on network traffic, one or more applications executing on a device that is a part of the network (Sikes, Paragraph 0046 recites “As described herein, aspects of this disclosure may include an analysis or assessment of one or more characteristics of data or traffic that is conveyed within or traverses a communication network. Based on the one or more characteristics (which may be represented by one or more values, such as a rate), one or more RAT connections may be utilized/engaged to facilitate a transfer (e.g., transmission and/or reception) of additional data or traffic. In some embodiments, a characteristic of data or traffic that traverses a network may be examined or analyzed to identify an application that is executed by one or more communication devices.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Sike’s apparatuses and methods for facilitating a utilization of network resources with Kumar’s Deployment Of A Security Policy Based On Network Topology And Device Capability because the use of not only analyzing network traffic but also application causing the network traffic is good data to have when assessing a network.

	As per claim 9, Kumar discloses the method of claim 1, but fails to teach wherein receiving includes automatically inspecting network traffic and wherein programmatically analyzing includes programmatically analyzing automatically inspected network traffic. 
	However, in an analogous art Sikes teaches wherein receiving includes automatically inspecting network traffic and wherein programmatically analyzing includes programmatically analyzing automatically inspected network traffic (Sikes, Paragraph 0046 recites “As described herein, aspects of this disclosure may include an analysis or assessment of one or more characteristics of data or traffic that is conveyed within or traverses a communication network. Based on the one or more characteristics (which may be represented by one or more values, such as a rate), one or more RAT connections may be utilized/engaged to facilitate a transfer (e.g., transmission and/or reception) of additional data or traffic. In some embodiments, a characteristic of data or traffic that traverses a network may be examined or analyzed to identify an application that is executed by one or more communication devices.” Since traffic inspection is a part of Sike’s assessment, it is interpreted that the network traffic inspection is automatic with the assessment.).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Sike’s apparatuses and methods for facilitating a utilization of network resources with Kumar’s Deployment Of A Security Policy Based On Network Topology And Device Capability because the use of not only analyzing network traffic but also application causing the network traffic is good data to have when assessing a network.
	
	Regarding claim 18, claim 18 is directed to a similar system associated with the method of claim 8 respectively. Claim 18 is similar in scope to claim 8, respectively, and are therefore rejected under similar rationale. 
	
	Regarding claim 19, claim 19 is directed to a similar system associated with the method of claim 9 respectively. Claim 19 is similar in scope to claim 9, respectively, and are therefore rejected under similar rationale. 

Claim(s) 10 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (US 10,771,506) in view of Oleynikov et al. (US 2017/0161138).

	As per claim 10, Kumar discloses the method of claim 1, but fails to teach wherein programmatically determining includes determining a plurality of security policies, and wherein the method further includes selecting one or more security policies from the plurality of security policies based on one of a policy rating and a user rating.
	However, in an analogous art Oleynikov teaches wherein programmatically determining includes determining a plurality of security policies, and wherein the method further includes selecting one or more security policies from the plurality of security policies based on one of a policy rating and a user rating (Oleynikov, Paragraphs 0032 and 0034 recites “In case of the dependent server, for an identical configuration is performed. If the identical configuration is found in the database, the system checks if the security policies of the user's server are the default security policies. If the security policies of the user's server are the default security policies, the administrator of the user's server (or an administrator of a group of servers) is asked to apply the security policies having the highest rating for a given configuration of the user's server. Note that the actions of the administrator can affect the content of the database at a time of the next scheduled monitoring. Otherwise, the system checks for identical security policies configurations in the database.” And “In the mode for pushing new configurations, the monitoring application finds the security policies that were deemed new at the inspection in the knowledge database. Then, the monitoring application forms a list of independent user's servers having identical configurations. The administrators of these servers are offered to apply a new set of security policies. If a community agrees, the rating of a given set of policies is increased by 1. If the community declines an offer or a part of the offer, no changes are made.” Oleynikov has a rating system of security policies which incorporates user input, which would read on security policies based on policy and user ratings.).

	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date to use Oleynikov’s processing run-time error messages and implementing security policies in web hosting with Kumar’s Deployment Of A Security Policy Based On Network Topology And Device Capability because taking into account user ratings helps to have feedback from people using the policies in real applications.

	Regarding claim 20, claim 20 is directed to a similar system associated with the method of claim 10 respectively. Claim 20 is similar in scope to claim 10, respectively, and are therefore rejected under similar rationale. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439