Notice of Pre-AIA  or AIA  Status
1. 	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

DETAILED ACTION
2.	This Office Action is in response to application filed on 09/10/2021. Claims 1-20 were previously pending. Claims 1-20 are rejected. 

Information Disclosure Statement
3.	The information disclosure statement(s) (IDS) submitted on 09/13/2021 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDS(s) is/are being considered by the examiner.

Specification
4.	The disclosure is objected to because of the following informalities:
in paragraph [0001], line2 cited "Apr. 15, 2020" should be --Apr. 15, 2020, now U.S. Pat. No. 11,153,180,--.

Claim Objections
5.	Claims 1, 9 and 17 are objected because the informality of reciting “map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label” in lines 7-8,  8-9, and 8-9 should be --map the source IP addresses in the rule paths to a user label, and map the destination IP addresses in the rule paths to an application label--.
Appropriate correction is required.

Double Patenting
6.	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

6.1.	Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. US 11,153,180 B1 (“Patent 180”). Although the claims at issue are not identical, they are not patentably distinct from each other because Patent “868’ appears to be a broadened version of the currently filed application. 
Instant Application

Conflicting Patent No. US 11,153,180
1. 
A method comprising: 
retrieving policy rules for network function (NF) instances in an enterprise network; 
presenting, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements; 
receiving, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label; and 
generating vendor-agnostic policy rules based on the first user input.  

1. 
A method performed by one or more computing devices in a provider network, the method comprising: 
performing device discovery of network function (NF) instances in a customer network;
retrieving configuration elements from the NF instances, wherein the configuration elements include policy rules for the NF instances; 
generating, based on the policy rules, rule paths that include source Internet protocol (IP) addresses and destination IP addresses interconnected by different configuration elements; 
generating a graphical user interface with the rule paths to represent the policy rules; 
receiving, via the graphical user interface, user input to: 
map the source IP addresses in the rule paths to a user label, and map the destination IP addresses in the rule paths to an application label; 
presenting, via the graphical user interface, consolidated user intents for network policies based on the user label and application label; and 
generating vendor-agnostic policy rules from the consolidated user intents.



9. 
A computing device, comprising: 
one or more processors configured to: 
retrieve policy rules for network function (NF) instances in an enterprise network; 
present, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements; 
receive, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label; and 
generate vendor-agnostic policy rules based on the first user input.

9. 
One or more computing devices, comprising: 
a communication interface to communicate with network devices; 
a memory for storing instructions; and 
one or more processors configured to execute the instructions to: 
perform device discovery of network function (NF) instances in a customer network; 
retrieve configuration elements from the NF instances, wherein the configuration elements include policy rules for the NF instances; 
generate, based on the policy rules, rule paths that include source Internet protocol (IP) addresses and destination IP addresses interconnected by different configuration elements; 
generate a graphical user interface with the rule paths to represent the policy rules; 
receive, via the graphical user interface, user input to: 
map the source IP addresses in the rule paths to a user label; 
map the destination IP addresses in the rule paths to an application label; 
present, via the graphical user interface, consolidated user intents for network policies based on the user label and application label; and 
generate vendor-agnostic policy rules from the consolidated user intents.



17. 
A non-transitory computer-readable medium containing instructions executable by at least one processor of a network device, the instructions configured for: 
retrieving policy rules for network function (NF) instances in an enterprise network; 
presenting, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements; 
receiving, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label; and 
generating vendor-agnostic policy rules based on the first user input.  

17. 
A non-transitory computer-readable medium containing instructions executable by at least one processor, the computer-readable medium comprising one or more instructions to cause the at least one processor to: 
perform device discovery of network function (NF) instances in a customer network; 
retrieve configuration elements from the NF instances, wherein the configuration elements include policy rules for the NF instances; 
generate, based on the policy rules, rule paths that include source Internet protocol (IP) addresses and destination IP addresses interconnected by different configuration elements; 
generate a graphical user interface with the rule paths to represent the policy rules; 
receive, via the graphical user interface, user input to: map the source IP addresses in the rule paths to a user label, and map the destination IP addresses in the rule paths to an application label; 
present, via the graphical user interface, consolidated user intents for network policies based on the user label and application label; and 
generate vendor-agnostic policy rules from the consolidated user intents.



Claim Rejections - 35 USC § 103
7.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

7.1.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


7.2.	Claims 1-2, 4-10, 12-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (“Wang”, US 2020/0275255 A1) in view of Pianigiani et al. (“Pianigiani”, US 2020/0204489 A1), and further in view of Knjazihhin et al.. (“Knjazihhin“, US 2017/0230425 A1). 

Regarding Claim 1, Wang discloses a method comprising: 
retrieving policy rules for network function (NF) instances in an enterprise network (Wang, FIG.1, Network Functions Repository Function (NRF), [0004-5, 107]: NF repository receives a request for performs discovering NF instance from the NF service consumer in data network Wang, [0078, 110]: allows for static and dynamic information of the NF service producers to be discovered; [0004]: information includes IP address of NF instance). 
However, Wang does not disclose
presenting, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements; 
receiving, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label; and 
generating vendor-agnostic policy rules based on the first user input.  
Pianigiani discloses
presenting, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements (Pianigiani, FIG.2, virtual network 34, virtual machine (VM) 36, [0042]: each VM 36 may be any type of software application (“NF”) and may be assigned a virtual address for use within a corresponding virtual network 34; FIG.2, network devices 12, 16, 18; FIG.5, [0110], FIG.6A, user interface (UI) 45, [0114]: UI 45 displays a generic device operation button 300, a list 302 of network devices 12, 16, 18 “NF”,  and a list of namespaces locates at the right); 
receiving, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label (Pianigiani, FIG.6A, button 300, [0114]: box 304 located to the left of the label identifying each network device, and other attributes associated with the network devices (such as IP address or vendor name) are listed with the device label, It is obvious for one of ordinary skill in the art to map an IP addresses in the namespaces to a network device (“user label”) by clicking on box 304 (“1st user input”)), and map destination IP addresses in the rule paths to an application label (It is obvious for one of ordinary skill in the art to map an IP addresses in the namespaces to a network device label (“application label”)).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “defining and executing device-independent commands” of Pianigiani into the invention of Wang. The suggestion/motivation would have been to incorporate method for defining and executing device-independent commands, involves receiving user input selecting network devices (“network function”), and performing operations of selected device-independent command on network devices (Pianigiani, Abstract, [0001-10]).
However, Wang-Pianigiani does not disclose
generating vendor-agnostic policy rules based on the first user input.  
Knjazihhin discloses
generating vendor-agnostic policy rules based on the first user inputKnjazihhin, FIG.2, [0049, 59]: discovers and imports the policies from each network device (“NF”); data describing the native network security policies received from each of the network security devices is normalized in accordance with a generic policy model to produce normalized policy data).  
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “managing policies for networks” of Knjazihhin into the invention of Wang-Pianigiani. The suggestion/motivation would have been to use the management entity to centralize and to unify the management of network security policies across the set of network security devices for simplifying the network security management in a customer datacenter. (Knjazihhin, Abstract, [0001-10]).

Regarding Claim 2, Wang-Pianigiani-Knjazihhin discloses the method of claim 1, further comprising: 
presenting site selection options for the enterprise network (Knjazihhin, FIG.29, network environment 2900, branch site 2905, [0234-235]: display a network environment 2900 including existing geographically distributed branch sites 2905(1)-2905(5); FIG.30, GUI 3000, select option 3010, [0237]: GUI 3000 includes a “select a site” option); and 
receiving a second user input to select particular sites from the site selection options.(Knjazihhin, FIG.30, select option 3010, [0237]: user selects (“2nd user input”) a new site “san Jose”). 

Regarding Claim 4, Wang-Pianigiani-Knjazihhin discloses the method of claim 1, further comprising: 
performing device discovery of the NF instances in the enterprise network (Wang, FIG.1, Network Functions Repository Function (NRF), [0004-5, 107]: NF repository receives a request for performs discovering NF instance from the NF service consumer in data network).  

Regarding Claim 5, Wang-Pianigiani-Knjazihhin discloses the method of claim 4, wherein performing device discovery of the NF instances includes determining whether each of the NF instances is reachable via a NF manager (Wang, [0004-5]: NRF supports NF service registration and NF service discovery. For the NRF to properly maintain information of available NF instances and their supported services, each NF instance informs the NRF of a list of NF services that it supports and other NF instance information during the NF service registration. It is obvious for one of ordinary skill in the art to determine each of NF instances is reachable via the NF manager because each of the NF instances has registered to the NF Repository previously).  

Regarding Claim 6, Wang-Pianigiani-Knjazihhin discloses the method of claim 1, wherein the NF instances include: 
a physical network function (PNF) (Wang, [0007]: a network function for a terminal device of the wireless core network), a virtual network function (VNF) (Pianigiani, FIG.2, virtual machine 36 (VM), [0042]: each VM 36 may be any type of software application (“NF”)), or universal customer premises equipment (uCPE) (Wang, [0007]: a network function instance for the at least one subscriber group).  

Regarding Claim 7 Wang-Pianigiani-Knjazihhin discloses the method of claim 1, further comprising: 
storing, by one or more devices in a provider network, the different configuration elements (Pianigiani, FIG.6A, [0114]: displays a list 302 of network devices 12, 16, 18. Pianigiani, [0142]: storing the “show_config_interfaces” (“show_config_NF”) configuration information of the NF instances).  

Regarding Claim 8, Wang-Pianigiani-Knjazihhin the method of claim 1, further comprising: 
comparing the vendor-agnostic policy rules with an active policy configuration for the NF instances (Pianigiani, [0077]: an intent and policy engine configured to determine network state, to compare the current network state (“active policy configuration”) against a desired network state (“generated policy rule”) of devices 12, 16, 18); 
presenting differences between an active policy configuration and a change to a network policy (Pianigiani, [0077]: drive configuration changes to network devices 12, 16, 18 to achieve the desired network state); and 
generating a discrepancy report based on the comparing (It is obvious for one of ordinary skill in the art to implement “generating a discrepancy report based on the comparing of the current network state (“active policy configuration”) against a desired network state (“generated policy rule”)).  

Regarding Claim 9, Wang discloses a computing device, comprising: 
one or more processors configured to (Wang, FIG.8b, apparatus 820, processor 821, [0119]: The PROG 824 may include instructions that, when executed on the associated processor 821, enable the apparatus 820 to operate the method): 
retrieve policy rules for network function (NF) instances in an enterprise network (Wang, FIG.1, Network Functions Repository Function (NRF), [0004-5, 107]: NF repository receives a request for performs discovering NF instance from the NF service consumer in data network Wang, [0078, 110]: allows for static and dynamic information of the NF service producers to be discovered; [0004]: information includes IP address of NF instance).
However, Wang does not disclose
present, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements; 
receive, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label; and 
generate vendor-agnostic policy rules based on the first user input.  
Pianigiani discloses
present, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements (Pianigiani, FIG.2, virtual network 34, virtual machine (VM) 36, [0042]: each VM 36 may be any type of software application (“NF”) and may be assigned a virtual address for use within a corresponding virtual network 34; FIG.2, network devices 12, 16, 18; FIG.5, [0110], FIG.6A, user interface (UI) 45, [0114]: UI 45 displays a generic device operation button 300, a list 302 of network devices 12, 16, 18 “NF”,  and a list of namespaces locates at the right); 
receive, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label (Pianigiani, FIG.6A, button 300, [0114]: box 304 located to the left of the label identifying each network device, and other attributes associated with the network devices (such as IP address or vendor name) are listed with the device label, It is obvious for one of ordinary skill in the art to map an IP addresses in the namespaces to a network device (“user label”) by clicking on box 304 (“1st user input”)), and map destination IP addresses in the rule paths to an application label (It is obvious for one of ordinary skill in the art to map an IP addresses in the namespaces to a network device label (“application label”)).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “defining and executing device-independent commands” of Pianigiani into the invention of Wang. The suggestion/motivation would have been to incorporate method for defining and executing device-independent commands, involves receiving user input selecting network devices (“network function”), and performing operations of selected device-independent command on network devices (Pianigiani, Abstract, [0001-10]).
However, Wang-Pianigiani does not disclose
generate vendor-agnostic policy rules based on the first user input.  
Knjazihhin discloses
generate vendor-agnostic policy rules based on the first user input (Knjazihhin, FIG.2, [0049, 59]: discovers and imports the policies from each network device (“NF”); data describing the native network security policies received from each of the network security devices is normalized in accordance with a generic policy model to produce normalized policy data).  
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “managing policies for networks” of Knjazihhin into the invention of Wang-Pianigiani. The suggestion/motivation would have been to use the management entity to centralize and to unify the management of network security policies across the set of network security devices for simplifying the network security management in a customer datacenter. (Knjazihhin, Abstract, [0001-10]).

Regarding Claim 10, Wang-Pianigiani-Knjazihhin discloses the computing device of claim 9, wherein the one or more processors are further configured to: 
present site selection options for the enterprise network (Knjazihhin, FIG.29, network environment 2900, branch site 2905, [0234-235]: display a network environment 2900 including existing geographically distributed branch sites 2905(1)-2905(5); FIG.30, GUI 3000, select option 3010, [0237]: GUI 3000 includes a “select a site” option); and 
receive a second user input to select particular sites from the site selection options (Knjazihhin, FIG.30, select option 3010, [0237]: user selects (“2nd user input”) a new site “san Jose).  

Regarding Claim 12, Wang-Pianigiani-Knjazihhin discloses the computing device of claim 9, wherein the one or more processors are further configured to: 
perform device discovery of the NF instances in the enterprise network (Wang, FIG.1, Network Functions Repository Function (NRF), [0004-5, 107]: NF repository receives a request for performs discovering NF instance from the NF service consumer in data network).  

Regarding Claim 13, Wang-Pianigiani-Knjazihhin discloses the computing device of claim 12, wherein, when performing device discovery of the NF instances, the one or more processors are further configured to: 
obtain a network address for an NF manager associated with each of the NF instances (Wang, [0004]: NF Repository may support NF service registration and NF service discovery. For the NF Repository to properly maintain information of available NF instances and their supported services, each NF instance informs the NF Repository of a list of NF services that it supports and other NF instance information during the NF service registration ); and 
determine whether each of the NF instances is reachable via the NF manager (Wang, [0004-5]: NRF supports NF service registration and NF service discovery. For the NRF to properly maintain information of available NF instances and their supported services, each NF instance informs the NRF of a list of NF services that it supports and other NF instance information during the NF service registration. It is obvious for one of ordinary skill in the art to determine each of NF instances is reachable via the NF manager because each of the NF instances has registered to the NF Repository previously).  

Regarding Claim 14, Wang-Pianigiani-Knjazihhin discloses the computing device of claim 9, wherein the NF instances include: 
a physical network function (PNF) (Wang, [0007]: a network function for a terminal device of the wireless core network), a virtual network function (VNF) (Pianigiani, FIG.2, virtual machine 36 (VM), [0042]: each VM 36 may be any type of software application (“NF”)), or universal customer premises equipment (uCPE) (Wang, [0007]: a network function instance for the at least one subscriber group).  

Regarding Claim 15, Wang-Pianigiani-Knjazihhin discloses the computing device of claim 9, wherein the one or more processors are further configured to: 
store, in a provider network, the different configuration elements from the NF instances (Pianigiani, [0142]: storing the “show_config_interfaces” (“show_config_NF”) configuration information of the NF instances).  

Regarding Claim 16, Wang-Pianigiani-Knjazihhin discloses the one or more computing devices of claim 9, wherein the one or more processors are further configured to: 
compare the vendor-agnostic policy rules with an active policy configuration for the NF instances (Pianigiani, [0077]: an intent and policy engine configured to determine network state, to compare the current network state (“active policy configuration”) against a desired network state (“generated policy rule”) of devices 12, 16, 18); 
present differences between an active policy configuration and a change to a network policy (Pianigiani, [0077]: drive configuration changes to network devices 12, 16, 18 to achieve the desired network state); and 
generate a discrepancy report based on the comparing (It is obvious for one of ordinary skill in the art to implement “generating a discrepancy report based on the comparing of the current network state (“active policy configuration”) against a desired network state (“generated policy rule”)).  

Regarding Claim 17, Wang discloses a non-transitory computer-readable medium containing instructions executable by at least one processor of a network device, the instructions configured for (Wang, FIG.8b, apparatus 820, processor 821, [0119, 143]: non-transitory computer-readable medium stores a PROG 824, includes instructions that, when executed on the associated processor 821, enable the apparatus 820 to operate the method): 
retrieving policy rules for network function (NF) instances in an enterprise network (Wang, FIG.1, Network Functions Repository Function (NRF), [0004-5, 107]: NF repository receives a request for performs discovering NF instance from the NF service consumer in data network Wang, [0078, 110]: allows for static and dynamic information of the NF service producers to be discovered; [0004]: information includes IP address of NF instance).
However, Wang does not disclose
presenting, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements; 
receiving, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label; and 
generating vendor-agnostic policy rules based on the first user input.  
Pianigiani discloses
presenting, to a user, rule paths to represent the policy rules, wherein each of the rule paths includes a source Internet protocol (IP) address and a destination IP address interconnected by different configuration elements (Pianigiani, FIG.2, virtual network 34, virtual machine (VM) 36, [0042]: each VM 36 may be any type of software application (“NF”) and may be assigned a virtual address for use within a corresponding virtual network 34; FIG.2, network devices 12, 16, 18; FIG.5, [0110], FIG.6A, user interface (UI) 45, [0114]: UI 45 displays a generic device operation button 300, a list 302 of network devices 12, 16, 18 “NF”,  and a list of namespaces locates at the right); 
receiving, from the user, a first user input to: 
map source IP addresses in the rule paths to a user label, and map destination IP addresses in the rule paths to an application label (Pianigiani, FIG.6A, button 300, [0114]: box 304 located to the left of the label identifying each network device, and other attributes associated with the network devices (such as IP address or vendor name) are listed with the device label, It is obvious for one of ordinary skill in the art to map an IP addresses in the namespaces to a network device (“user label”) by clicking on box 304 (“1st user input”)), and map destination IP addresses in the rule paths to an application label (It is obvious for one of ordinary skill in the art to map an IP addresses in the namespaces to a network device label (“application label”)).
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “defining and executing device-independent commands” of Pianigiani into the invention of Wang. The suggestion/motivation would have been to incorporate method for defining and executing device-independent commands, involves receiving user input selecting network devices (“network function”), and performing operations of selected device-independent command on network devices (Pianigiani, Abstract, [0001-10]).
However, Wang-Pianigiani does not disclose
generating vendor-agnostic policy rules based on the first user input.  
Knjazihhin discloses
generating vendor-agnostic policy rules based on the first user input (Knjazihhin, FIG.2, [0049, 59]: discovers and imports the policies from each network device (“NF”); data describing the native network security policies received from each of the network security devices is normalized in accordance with a generic policy model to produce normalized policy data).  
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “managing policies for networks” of Knjazihhin into the invention of Wang-Pianigiani. The suggestion/motivation would have been to use the management entity to centralize and to unify the management of network security policies across the set of network security devices for simplifying the network security management in a customer datacenter. (Knjazihhin, Abstract, [0001-10]).

Regarding Claim 18, Wang-Pianigiani-Knjazihhin discloses the non-transitory computer-readable medium of claim 17, wherein the instructions are further configured for: 
presenting site selection options for the enterprise network (Knjazihhin, FIG.29, network environment 2900, branch site 2905, [0234-235]: display a network environment 2900 including existing geographically distributed ); and 
receiving a second user input to select particular sites from the site selection options (Knjazihhin, FIG.30, select option 3010, [0237]: user selects (“2nd user input”) a new site “san Jose”).  

Regarding Claim 20, Wang-Pianigiani-Knjazihhin discloses the non-transitory computer-readable medium of claim 17, wherein the instructions are further configured for: 
comparing the vendor-agnostic policy rules with an active policy configuration for the NF instances (Pianigiani, [0077]: an intent and policy engine configured to determine network state, to compare the current network state (“active policy configuration”) against a desired network state (“generated policy rule”) of devices 12, 16, 18); 
presenting differences between an active policy configuration and a change to a network policy (Pianigiani, [0077]: drive configuration changes to network devices 12, 16, 18 to achieve the desired network state); and 
generating a discrepancy report based on the comparing (It is obvious for one of ordinary skill in the art to implement “generating a discrepancy report based on the comparing of the current network state (“active policy configuration”) against a desired network state (“generated policy rule”).  

7.3.	Claims 3, 11, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Wang et al. (“Wang”, US 2020/0275255 A1) in view of Pianigiani et al. (“Pianigiani”, US 2020/0204489 A1) and Knjazihhin et al.. (“Knjazihhin“, US 2017/0230425 A1) as applied to claim 1, and further in view of Stewart et al., (“Stewart”, US 2015/0309561).

Regarding Claim 3, Wang-Pianigiani-Knjazihhin discloses the method of claim 1, 
However, Wang-Pianigiani-Knjazihhin does not disclose
generating consolidated intents based on the first user input to map the source IP addresses and map the destination IP addresses
Stewart discloses
generating consolidated intents based on the first user input to map the source IP addresses and map the destination IP addresses (Stewart, [0028, 40-42]: mapping user inputs to an collective intent, identifying a common command to a consolidate collective intent, and commit action according to the common command. Combined Pianigiani, FIG.6A, button 300, [0114]-Stewart, [0040-42] teaches or suggests generating consolidated user inputs based on the first user input).  
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “consolidated intent” of Stewart into the invention of Wang-Pianigiani-Knjazihhin. The suggestion/motivation would to facilitate the collective intent and avoid potential ambiguities in received user inputs that result in error messages, and thus improves the functionality of a natural user interface by reducing the errors made when faced with multiple user inputs and facilitates confident decision making by the system, even when ambiguous or conflicting user inputs are received (Stewart, Abstract, [0001-6], FIGs. 3-4).

Regarding Claim 11, Wang-Pianigiani-Knjazihhin discloses the computing device of claim 9 as set forth above.
However, Wang-Pianigiani-Knjazihhin does not disclose
generate consolidated intents based on the first user input to map the source IP addresses and map the destination IP addresses.  
Stewart discloses
generate consolidated intents based on the first user input to map the source IP addresses and map the destination IP addresses (Stewart, [0028, 40-42]: mapping user inputs to an collective intent, identifying a common command to a consolidate collective intent, and commit action according to the common command. Combined Pianigiani, FIG.6A, button 300, [0114]-Stewart, [0040-42] teaches or suggests generating consolidated user inputs based on the first user input).  
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “consolidated intent” of Stewart into the invention of Wang-Pianigiani-Knjazihhin. The suggestion/motivation would to facilitate the collective intent and avoid potential ambiguities in received user inputs that result in error messages, and thus improves the functionality of a natural user interface by reducing the errors made when faced with multiple user inputs and facilitates confident decision making by the system, even when ambiguous or conflicting user inputs are received (Stewart, Abstract, [0001-6], FIGs. 3-4).

Regarding Claim 19, Wang-Pianigiani-Knjazihhin discloses the non-transitory computer-readable medium of claim 17 as set forth above.
However, Wang-Pianigiani-Knjazihhin does not disclose
generating consolidated intents based on the first user input to map the source IP addresses and map the destination IP addresses.  
Stewart discloses
generating consolidated intents based on the first user input to map the source IP addresses and map the destination IP addresses (Stewart, [0028, 40-42]: mapping user inputs to an collective intent, identifying a common command to a consolidate collective intent, and commit action according to the common command. Combined Pianigiani, FIG.6A, button 300, [0114]-Stewart, [0040-42] teaches or suggests generating consolidated user inputs based on the first user input).  
Before the effective filing date of the claimed invention, it would have been obvious for one of ordinary skill in the art to incorporate the “consolidated intent” of Stewart into the invention of Wang-Pianigiani-Knjazihhin. The suggestion/motivation would to facilitate the collective intent and avoid potential ambiguities in received user inputs that result in error messages, and thus improves the functionality of a natural user interface by reducing the errors made when faced with multiple user inputs and facilitates confident decision making by the system, even when ambiguous or conflicting user inputs are received (Stewart, Abstract, [0001-6], FIGs. 3-4).

Conclusion
8.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Ota, US 2013/0110856 A1, Support Method For Searching Data, Involves Generating Search Condition Including Attributes Associated With Multiple Display Elements And Multiple Display Elements Are Associated With Multiple Types Of Attributes.
Yadav et al., US 2016/0080502 A1, Method For Utilizing Shared Secret To Generate Controller-based Application Secure Session Key, Involves Sending Secret With Future Validity To Allow Link Communication To Continue, And Using Separate Shared Secret Per-link Per VXWAN..

9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHHIAN (AMY) LING whose telephone number is (571)270-1074.  The examiner can normally be reached on M-F 9-6 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, BRIAN J GILLIS can be reached on (571) 272-7952.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.L/Examiner, Art Unit 2446

/ARVIN ESKANDARNIA/Primary Patent Examiner, Art Unit 2446