Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/14/2022 has been entered.
 
DETAILED ACTION
This action is responsive to the RCE filed on 7/14/2022.  Claims 1, 7-9, 11, 12, 14, 17, 19, 21 and 22 have been amended.  Claim 23 has been added.  Claims 1-23 are pending in this case.  Claims 1 and 17 are independent claims.

Response to Arguments
Applicant’s arguments with respect to claims 1-23 have been considered and are persuasive.  Previous rejection is withdrawn.  A new reference is used and the current arguments do not apply to the newly cited reference that renders the claims obvious.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-7, 10, 15-17, 20 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Bansal et al (US 20180176261 A1) in view of “Network Visualization nuVMLTM Virtal Modeling Lab Quick Start Guide”, nuVML Quick Start Guide – IT Network Consulting | Design, Deploy and Support | San Diego (speaknetworks.com), 6/12/2017, herein after “Cisco”.
 	Referring to claims 1 and 17, Bansal discloses a method for visualizing network flows between a plurality of security groups in a network, each security group comprising a set of one or more data computer nodes (DCNs), ([0009] of Bansal, monitoring network flow of different groups based on firewall rules, and [0045] of Bansal, the groups of the micro-segmentation is formed by virtual machines/data computer nodes), the method comprising: 
receiving data regarding network flows between the DCNs of the plurality of security groups; ([0045]-[0047] of Bansal, receiving data regarding network flows between the filtered micro-segmentation of VMs which belongs to different groups) 
aggregating the network flows between DCNs in pairs of security groups; (Fig. 25, [0134]-[0138] of Bansal, [0135] of Bansal “In this figure, the user has selected a network 2505 and requested to view the network connectivity graph 2510 for the selected network. The user can select multiple networks and view the connectivity graphs for all selected networks “and [0137] of Bansal “the GUl queries inventory from the compute manager and the flow data from analytics engine to provide the visual topology (as shown by the network connectivity graph 2510) to the user for making rule recommendations and creating security groups. The analytics engine in some embodiments provides a collection of nodes and edges (as shown by the VM1-VM8, the outside area 2570, and the connections between them) to the GUI in order to plot the network connectivity graph” and [0138] of Bansal, “The GUI allows the user to create security groups and rules based on the connectivity graph. In this example, the user has generated two security groups 2535 and 2540. In some embodiments, the analytics engine provides recommendations for generating security groups. The figure also shows that a set of recommendations 2545 for firewall rules are made (e.g., by the analytics engine 2415 in FIG. 24). The user can select (by using the selection buttons 2550) any of the recommended rules. The user can also use the GUI to edit, add, or delete firewall rules. The firewall rules in some embodiments are machine driven and presented to the user for approval. The GUI in some embodiments also provides the user with tools to create firewall rules or modify the machine driven rules”) 
in a scalable user interface visualization, displaying a plurality of flow lines each representing at least one network flows between, (Fig. 25, [0134]-[0138] of Bansal, [0135] of Bansal “In this figure, the user has selected a network 2505 and requested to view the network connectivity graph 2510 for the selected network. The user can select multiple networks and view the connectivity graphs for all selected networks “and [0137] of Bansal “the GUl queries inventory from the compute manager and the flow data from analytics engine to provide the visual topology (as shown by the network connectivity graph 2510) to the user for making rule recommendations and creating security groups. The analytics engine in some embodiments provides a collection of nodes and edges (as shown by the VM1-VM8, the outside area 2570, and the connections between them) to the GUI in order to plot the network connectivity graph” and [0138] of Bansal, “The GUI allows the user to create security groups and rules based on the connectivity graph. In this example, the user has generated two security groups 2535 and 2540. In some embodiments, the analytics engine provides recommendations for generating security groups. The figure also shows that a set of recommendations 2545 for firewall rules are made (e.g., by the analytics engine 2415 in FIG. 24). The user can select (by using the selection buttons 2550) any of the recommended rules. The user can also use the GUI to edit, add, or delete firewall rules. The firewall rules in some embodiments are machine driven and presented to the user for approval. The GUI in some embodiments also provides the user with tools to create firewall rules or modify the machine driven rules”); and
for each flow line that represents more than one flow between two security groups providing an indication with the flow line to specify that the flow line between the DCNs of the two security groups;  ([0065] of Bansal, “This ensures that all traffic to/from the seed VMs is allowed and collected by a flow monitoring component (e.g., flow monitoring engine 120 in FIG. 1) at the virtualization software” hence each of the traffic line and the dotted traffic line between two groups are two way flow between those two groups)
providing a filtering tool in the user interface to enable visualization of a subset of flow lines representing one of three specific network flows which are (i) allowed flows, (ii) blocked flows, and (iii) unsecured flows.  (Fig. 14 and [0052] and [0088] of Bansal, providing a filtering tool for the network flows, where the user can use different filtering criteria, such as source, destination for different sets of flows through different set of VMs within different groups.  Further, [0065] of Bansal, “In order to allow traffic flow to the seed VMs, a firewall rule of "any to any, allow" is applied to the seed VMs. For instance, a firewall section in the distributed firewall (DFW) rule configuration is created and the rule "any to any, allow" is placed on top of the section. The firewall section is then applied to the seed VMs. This ensures that all traffic to/from the seed VMs is allowed and collected by a flow monitoring component (e.g., flow monitoring engine 120 in FIG. 1) at the virtualization software”)
Bansal does not specifically discloses visually display “each pair of security groups with at least one network flow between DCNs in the pair of security groups” and the flow line “represents more than one flow.”
However, Cisco discloses visually display for each pair of security groups with at least one network flow between DCNs in the pair of security groups, and the flow line represent more than one flow depending on the user’s selection (as shown in Fig. 14 of Cisco which shoes different traffic flow between different security groups between the DCNs and allows the user to select any type of traffic flow between any groups in and from any DCNs by allowing the user to filter through different options with different colors).
Bansal and Cisco are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco.  The motivation for doing so would have been to provide user a clear visual indications of how the network DCNs communicate with each other by providing the user of different filterable selections in a simulation model.

Referring to claim 2, Bansal in view of Cisco disclose the method of claim 1, wherein the received data comprises data collected by a network manager that monitors network flows.  ([0045]-[0047] of Bansal, receiving data regarding network flows between the filtered micro-segmentation of VMs which belongs to different groups)

 	Referring to claim 3, Bansal in view of Cisco disclose the method of claim 2, wherein the user interface provides a tool for enabling a user to define a subset of the plurality of security groups to be monitored. (Fig. 25, [0134]-[0138] of Bansal, [0135] of Bansal “In this figure, the user has selected a network 2505 and requested to view the network connectivity graph 2510 for the selected network. The user can select multiple networks and view the connectivity graphs for all selected networks “and [0137] of Bansal “the GUl queries inventory from the compute manager and the flow data from analytics engine to provide the visual topology (as shown by the network connectivity graph 2510) to the user for making rule recommendations and creating security groups. The analytics engine in some embodiments provides a collection of nodes and edges (as shown by the VM1-VM8, the outside area 2570, and the connections between them) to the GUI in order to plot the network connectivity graph” and [0138] of Bansal, “The GUI allows the user to create security groups and rules based on the connectivity graph. In this example, the user has generated two security groups 2535 and 2540. In some embodiments, the analytics engine provides recommendations for generating security groups. The figure also shows that a set of recommendations 2545 for firewall rules are made (e.g., by the analytics engine 2415 in FIG. 24). The user can select (by using the selection buttons 2550) any of the recommended rules. The user can also use the GUI to edit, add, or delete firewall rules. The firewall rules in some embodiments are machine driven and presented to the user for approval. The GUI in some embodiments also provides the user with tools to create firewall rules or modify the machine driven rules”)

Referring to claim 4, Bansal in view of Cisco disclose the method of claim 1, further comprising receiving, through the user interface, data defining a subset of the DCNs as seed nodes  ([0060] of Bansal, chose certain groups as seed VMs), wherein each seed node acts as a source node for micro-segmentation. ([0045] of Bansal, the groups of the micro-segmentation is formed by virtual machines/data computer nodes and Fig. 14 and [0052] and [0088] of Bansal, providing a filtering tool for the network flows, where the user can use different filtering criteria, such as source, destination for different sets of flows through different set of VMs)

  	 Referring to claim 6, Bansal in view of Cisco disclose the method of claim 1 further comprising providing an indication of a number of flows represented by the flow line.  ([0065] of Bansal, “In order to allow traffic flow to the seed VMs, a firewall rule of "any to any, allow" is applied to the seed VMs. For instance, a firewall section in the distributed firewall (DFW) rule configuration is created and the rule "any to any, allow" is placed on top of the section. The firewall section is then applied to the seed VMs. This ensures that all traffic to/from the seed VMs is allowed and collected by a flow monitoring component (e.g., flow monitoring engine 120 in FIG. 1) at the virtualization software”)

 	Referring to claim 7, Bansal in view of Cisco disclose the method of claim 1, wherein the filtering tool provides options to display flow lines representing network flows for any one of (i) existing security groups, (ii) recommended security groups, and (iii) both existing security groups and recommended security groups.  ([0065] of Bansal, firewall rules that can be filtered is “allow” that can be applied to the seed VMs, which are existing security groups)

 	Referring to claim 10, Bansal in view of Cisco disclose the method of claim 1, wherein the scalable user interface visualization enables selection of individual security groups and individual DCNs via representations of the security groups and DCNs in the user interface.  (Fig. 25, [0134]-[0138] of Bansal, [0135] of Bansal “In this figure, the user has selected a network 2505 and requested to view the network connectivity graph 2510 for the selected network. The user can select multiple networks and view the connectivity graphs for all selected networks “and [0137] of Bansal “the GUl queries inventory from the compute manager and the flow data from analytics engine to provide the visual topology (as shown by the network connectivity graph 2510) to the user for making rule recommendations and creating security groups. The analytics engine in some embodiments provides a collection of nodes and edges (as shown by the VM1-VM8, the outside area 2570, and the connections between them) to the GUI in order to plot the network connectivity graph” and [0138] of Bansal, “The GUI allows the user to create security groups and rules based on the connectivity graph. In this example, the user has generated two security groups 2535 and 2540. In some embodiments, the analytics engine provides recommendations for generating security groups. The figure also shows that a set of recommendations 2545 for firewall rules are made (e.g., by the analytics engine 2415 in FIG. 24). The user can select (by using the selection buttons 2550) any of the recommended rules. The user can also use the GUI to edit, add, or delete firewall rules. The firewall rules in some embodiments are machine driven and presented to the user for approval. The GUI in some embodiments also provides the user with tools to create firewall rules or modify the machine driven rules”)

 	Referring to claim 15, Bansal in view of Cisco disclose the method of claim 1, wherein a subset of the DCNs are comprises of IPSets.  ([0052] of Bansal, network flow packet information includes source IP address, destination IP address, etc… where [0057] of Bansal, the VMs are associated with the IP addresses)

 	Referring to claim 16, Bansal in view of Cisco disclose the method of claim 1, wherein a subset of the DCNs comprise unresolved DCNs that are not organized into any of the plurality of security groups.  ([0089] of Bansal, “FIG. 15, some flows from table 700 and 1500 that are originated from outside of the datacenter and are received at the "web server of application 1" 1505 are grouped together and the source is identified as "any" 1510. Other flows may be eliminated or hidden.”  Hence, these VMs that doesn’t below to “any” of the sources, are being hidden are unresolved and doesn’t belong to any group)

 	Referring to claim 20, Bansal in view of Cisco disclose the non-transitory machine-readable medium of claim 17, wherein the scalable user interface visualization enables selection of individual security groups and individual DCNs via representations of the security groups and DCNs in the user interface.  (Fig. 25, [0134]-[0138] of Bansal, [0135] of Bansal “In this figure, the user has selected a network 2505 and requested to view the network connectivity graph 2510 for the selected network. The user can select multiple networks and view the connectivity graphs for all selected networks “and [0137] of Bansal “the GUl queries inventory from the compute manager and the flow data from analytics engine to provide the visual topology (as shown by the network connectivity graph 2510) to the user for making rule recommendations and creating security groups. The analytics engine in some embodiments provides a collection of nodes and edges (as shown by the VM1-VM8, the outside area 2570, and the connections between them) to the GUI in order to plot the network connectivity graph” and [0138] of Bansal, “The GUI allows the user to create security groups and rules based on the connectivity graph. In this example, the user has generated two security groups 2535 and 2540. In some embodiments, the analytics engine provides recommendations for generating security groups. The figure also shows that a set of recommendations 2545 for firewall rules are made (e.g., by the analytics engine 2415 in FIG. 24). The user can select (by using the selection buttons 2550) any of the recommended rules. The user can also use the GUI to edit, add, or delete firewall rules. The firewall rules in some embodiments are machine driven and presented to the user for approval. The GUI in some embodiments also provides the user with tools to create firewall rules or modify the machine driven rules”)

Referring to claim 23, Bansal in view of Cisco disclose the method of claim 6, wherein providing the indication of the number of flows comprises further providing, for each flow line that represents only one flow between DCNs of a pair of security group, an indication that the flow line only represents the one flow. (as shown in Fig. 14 of Cisco which shoes different traffic flow between different security groups between the DCNs and allows the user to select any type of traffic flow between any groups in and from any DCNs by allowing the user to filter through different options)

Claims 5, 11-14, 18 and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Bansal et al (US 20180176261 A1) in view of “Network Visualization nuVMLTM Virtal Modeling Lab Quick Start Guide”, nuVML Quick Start Guide – IT Network Consulting | Design, Deploy and Support | San Diego (speaknetworks.com), 6/12/2017, herein after “Cisco” and in view of Parker et al (US 20150019569 A1).
Referring to claim 5, Bansal in view of Cisco disclose the method of claim 4.  in view of Cisco do not specifically disclose “wherein the seed nodes are displayed in the visualization using a first appearance while the DCNs that are not seed nodes are displayed in the visualization using a second appearance that is different from the first appearance.”
However, Parker discloses wherein the seed nodes are displayed in the visualization using a first appearance while the DCNs that are not seed nodes are displayed in the visualization using a second appearance that is different from the first appearance because Parker discloses of having different visualization method, such as color or highlight of the root nodes with the path after different categories of filtering (Figs. 16A-16D, and [0127]-[0129] of Parker).
Bansal and Cisco and Parker are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as visualization tool which allow the user to filter one set of data from another different set of data as taught by Parker.  The motivation for doing so would have been to easily visualize different set of data in a model for the user to easily spot the different data that is being used/processed and also help user with a more predicable decisions based on the filtered data ([0059] of Parker).

Referring to claim 11, Bansal in view of Cisco disclose the method of claim 10.  Even though Bansal disclose selected groups with associated DCNs where DCN are connected to certain source node and also other nodes (Figs. 15-16 and [0089]-[0092] of Bansal, where certain nodes, such as App1-Web can be connected to another App1-App or App1-DB and group of related VMs are identified based on the flow communicated between VMs), but Bansal in view of Cisco do not specifically disclose wherein selection of a security group “causes the user interface to highlight the selected security group and display only the flow lines representing network flows between DCNs belonging to the selected security group and DCNs belonging to other security groups without displaying the flow lines representing network flows between only DCNs that do not belong to the selected security group” 
However, Parker discloses wherein selection of a security group “causes the user interface to highlight the selected security group and display only the aggregate representations of network flows between DCNs belonging to the selected security group and DCNs belonging to other security groups without displaying the aggregate representations of network flows between only DCNs that do not belong to the selected security group because Parker disclose showing data model in the visualization using a first appearance and in the visualization using a second appearance that is different from the first appearance band having different visualization method, such as color or highlight of the root nodes with path connected to the same path and also display the connection of the nodes with other path that is not highlighted (Figs. 16A-16D, and [0127]-[0129] of Parker).  Further, as shown in Fig. 16B and [0135]-[0136] of Parker, the virtualization can filter to show only relevant branches of connection instead of the entire tree branches.
Bansal and Cisco and Parker are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as visualization tool which allow the user to filter one set of data from another different set of data as taught by Parker.  The motivation for doing so would have been to easily visualize different set of data in a model for the user to easily spot the different data that is being used/processed and also help user with a more predicable decisions based on the filtered data ([0059] of Parker).

 	Referring to claim 12, Bansal in view of Cisco and Parker disclose the method of claim 11, wherein the displayed flow lines representing network flow between DCNs belonging to the selected secure group and DCNs belonging to a particular other security group is a single flow line between a representation of the selected security group and a representation of the particular other security group along with a notation that indicates a number of network flows represented by the single flow line. (Fig. 8 and [0091]-[0093] of Parker, on a “thicker” line with more data flow between two nodes, a notation/popup window with the metrics of the data/”flow” between the two nodes that are from different path/branches, such as node 156A and node from the left side of the branch are different from the branch of the node 156A and node 156B, such as a popup window showing “40.52%”)

 	Referring to claim 13, Bansal in view of Cisco disclose the method of claim 12, wherein, for each respective set of network flows between DCNs belonging to the selected secure group and DCNs belonging to a respective other secure group, the user interface displays a separate respective flow line along with a respective notation that indicates a respective number of flows represented by the respective flow line. ([0036] of the current Specification recites “While Figure 5B includes only unidirectional flow lines, some embodiments may include bidirectional flow lines represented by arrows on the flow lines facing both to and from the selected DCN. Other embodiments display separate lines for flows in two directions, or only treat flows as having a single direction (e.g., based on which DCN initiates the flow).  Hence the current Specification defines separate flow as bi-directional flow notation from one particular node.  Here, Fig. 8 and [0091]-[0093] of Parker, on a “thicker” line with more data flow between two nodes, a notation/popup window with the metrics of the data/”flow” between the two nodes that are from different path/branches, such as node 156A and node from the left side of the branch are different from the branch of the node 156A and node 156B, such as a popup window showing “40.52%” and the node 156B can also connect with the next one or more branches and with a popup window showing the “downstream” flow %, hence a separate flow notation from node 156B of different connections with different connected nodes)

 	Referring to claim 14, Bansal in view of Cisco disclose the method of claim 10.  Bansal in view of Cisco do not specifically disclose wherein selection of a DCN causes the user interface to highlight the selected DCN, remove the flow lines representing network flows between pairs of security groups, and display individual flow lines representing each of individual network flow between the selected DCN and other DCNs displayed in the user interface.”  
	However, Parker discloses wherein selection of a DCN causes the user interface to highlight the selected DCN, remove the aggregate representations of network flows between pairs of security groups, and display representations of individual network flows between the selected DCN and other DCNs displayed in the user interface ([0087] of Parker, “For example, a user may select or hover a cursor over a particular node within a decision tree 150, such as node 156D. The visualization system may identify a path 152 from selected node 156D to a root node 156A. The visualization system then may display a color coded legend 154 on the side of electronic page 120 that contains all of the questions and answers associated with all of the nodes within path 152.”)
Bansal and Cisco and Parker are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as visualization tool which allow the user to filter one set of data from another different set of data as taught by Parker.  The motivation for doing so would have been to easily visualize different set of data in a model for the user to easily spot the different data that is being used/processed and also help user with a more predicable decisions based on the filtered data ([0059] of Parker).

Referring to claim 18, Bansal in view of Cisco disclose the non-transitory machine-readable medium of claim 17, wherein: the program further comprises a set of instructions for receiving, through the user interface, data defining a subset of the DCNs as seed nodes; ([0060] of Bansal, chose certain groups as seed VMs) each seed node acts as a source node for micro-segmentation; ([0045] of Bansal, the groups of the micro-segmentation is formed by virtual machines/data computer nodes and Fig. 14 and [0052] and [0088] of Bansal, providing a filtering tool for the network flows, where the user can use different filtering criteria, such as source, destination for different sets of flows through different set of VMs).
Bansal in view of Cisco do not specifically disclose “the seed nodes are displayed in the visualization using a first appearance while the DCNs that are not seed nodes are displayed in the visualization using a second appearance that is different from the first appearance”
However, Parker discloses the seed nodes are displayed in the visualization using a first appearance while the DCNs that are not seed nodes are displayed in the visualization using a second appearance that is different from the first appearance because Parker discloses of having different visualization method, such as color or highlight of the root nodes with the path after different categories of filtering (Figs. 16A-16D, and [0127]-[0129] of Parker).
Bansal and Cisco and Parker are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as visualization tool which allow the user to filter one set of data from another different set of data as taught by Parker.  The motivation for doing so would have been to easily visualize different set of data in a model for the user to easily spot the different data that is being used/processed and also help user with a more predicable decisions based on the filtered data ([0059] of Parker).

 	Referring to claim 21, Bansal in view of Cisco and Parker discloses the non-transitory machine-readable medium of claim 20, wherein: selection of a security group causes the user interface to highlight the selected security group and display only the flow lines representing network flows between DCNs belonging to the selected security group and DCNs belonging to other security groups without displaying the flow lines representing network flows between only DCNs that do not belong to the selected security group; (please see citation for claim 14 above) and displayed flow lines representing  network flows between DCNs belonging to the selected security group and DCNs belonging to a particular other security group are displayed as a single flow line along with a notation that indicates a number of flows represented by the single flow line.  (please see citation for claim 12 above)

 	Referring to claim 22, Bansal in view of Cisco disclose the non-transitory machine-readable medium of claim 20.  Bansal in view of Cisco do not specifically disclose wherein selection of a DCN causes the user interface to highlight the selected DCN, remove the flow lines representing network flows between pairs of security groups, and display flow lines representing each individual network flow between the selected DCN and other DCNs displayed in the user interface.”  
	However, Parker discloses wherein selection of a DCN causes the user interface to highlight the selected DCN, remove the aggregate representations of network flows between pairs of security groups, and display representations of individual network flows between the selected DCN and other DCNs displayed in the user interface ([0087] of Parker, “For example, a user may select or hover a cursor over a particular node within a decision tree 150, such as node 156D. The visualization system may identify a path 152 from selected node 156D to a root node 156A. The visualization system then may display a color coded legend 154 on the side of electronic page 120 that contains all of the questions and answers associated with all of the nodes within path 152.”)
Bansal and Cisco and Parker are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as visualization tool which allow the user to filter one set of data from another different set of data as taught by Parker.  The motivation for doing so would have been to easily visualize different set of data in a model for the user to easily spot the different data that is being used/processed and also help user with a more predicable decisions based on the filtered data ([0059] of Parker).

Claims 8, 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Bansal et al (US 20180176261 A1) in view of “Network Visualization nuVMLTM Virtal Modeling Lab Quick Start Guide”, nuVML Quick Start Guide – IT Network Consulting | Design, Deploy and Support | San Diego (speaknetworks.com), 6/12/2017, herein after “Cisco” in view of Mayorgo (US 20180295148 A1).
 	Referring to claim 8, Bansal in view of Cisco disclose the method of claim 1.  Bansal in view of Cisco do not specifically disclose “wherein the unsecured flows comprise flows for which a firewall rule has not been defined.”
	However, Mayorgo discloses wherein unsecured flows comprise flows for which a firewall rule has not been defined ([0050] of Mayorgo, “determine by a network access device and/or a network security device whether a particular network flow should be allowed, blocked, or inspected (and if so what level of inspection should be applied). Aspects of the present disclosure assist with such determination by evaluating, by means of a network security device (e.g., a firewall) though which the network flow is attempting to pass, whether an explicit flow policy (e.g., one specified by an administrator of the network) is applicable to the network flow” hence, the network flow that awaits to be “inspection” are the flows that has not been defined/inspection according to firewall policy)
Bansal and Cisco and Mayorgo are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as having different types of data that is definable by certain condition taught by Mayorgo.  The motivation for doing so to efficiently determine a network access device security based on firewall and amount of security the network access is required ([0050 of Mayorgo).

Referring to claim 9, Bansal in view of Cisco disclose the method of claim 1, wherein the allowed flows ([0065] of Bansal, “In order to allow traffic flow to the seed VMs, a firewall rule of "any to any, allow" is applied to the seed VMs. For instance, a firewall section in the distributed firewall (DFW) rule configuration is created and the rule "any to any, allow" is placed on top of the section. The firewall section is then applied to the seed VMs. This ensures that all traffic to/from the seed VMs is allowed and collected by a flow monitoring component (e.g., flow monitoring engine 120 in FIG. 1) at the virtualization software”) , flows … are each represented by flow lines having a different appearance. (as shown in Fig. 14 of Cisco which shoes different traffic flow between different security groups between the DCNs and allows the user to select any type of traffic flow between any groups in and from any DCNs by allowing the user to filter through different options with different colors)
 Bansal in view of Cisco do not specifically discloses “blocked flows, and unsecured flows”.
 	However, Mayorgo discloses blocked flows, and unsecured flows ([0050] of Mayorgo, “determine by a network access device and/or a network security device whether a particular network flow should be allowed, blocked, or inspected (and if so what level of inspection should be applied). Aspects of the present disclosure assist with such determination by evaluating, by means of a network security device (e.g., a firewall) though which the network flow is attempting to pass, whether an explicit flow policy (e.g., one specified by an administrator of the network) is applicable to the network flow” hence, the network flow that awaits to be “inspection” are the flows that has not been defined/inspection according to firewall policy)
Bansal and Cisco and Mayorgo are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as having different types of data that is definable by certain condition taught by Mayorgo.  The motivation for doing so to efficiently determine a network access device security based on firewall and amount of security the network access is required ([0050 of Mayorgo).

Referring to claim 19, Bansal in view of Cisco disclose the non-transitory machine-readable medium of claim 17, flows … are each represented by flow lines having a different appearance. (as shown in Fig. 14 of Cisco which shoes different traffic flow between different security groups between the DCNs and allows the user to select any type of traffic flow between any groups in and from any DCNs by allowing the user to filter through different options with different colors)
Bansal in view of Cisco do not specifically discloses “unsecured flows comprise flows for which a firewall rule has not been defined;” “blocked flows, and unsecured flows”.
 	However, Mayorgo discloses unsecured flows comprise flows for which a firewall rule has not been defined and blocked flows, and unsecured flows ([0050] of Mayorgo, “determine by a network access device and/or a network security device whether a particular network flow should be allowed, blocked, or inspected (and if so what level of inspection should be applied). Aspects of the present disclosure assist with such determination by evaluating, by means of a network security device (e.g., a firewall) though which the network flow is attempting to pass, whether an explicit flow policy (e.g., one specified by an administrator of the network) is applicable to the network flow” hence, the network flow that awaits to be “inspection” are the flows that has not been defined/inspection according to firewall policy)
Bansal and Cisco and Mayorgo are analogous art because both references concern visualization of data in different data modeling.  Accordingly, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bansal’s network flow where the user can filter to see different connected networks with displaying virtual connection between different security groups as taught by Cisco with the ability to allow the user to zoom in and out of a particular area of the networks to see the network functions, such as having different types of data that is definable by certain condition taught by Mayorgo.  The motivation for doing so to efficiently determine a network access device security based on firewall and amount of security the network access is required ([0050 of Mayorgo).

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Choudhury et al (US 20180329958 A1):  A query graph, which includes vertices and edges, represents a query on graph-structured data. The query graph is decomposed into query subgraphs. A network analysis tool performs continuous subgraph matching queries to facilitate analysis of computer network traffic, social media events, or other streams of data represented as a dynamic data graph (graph-structured data).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAIMEI JIANG whose telephone number is (571)270-1590. The examiner can normally be reached M-F 9-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Adam Queler can be reached on 571-272-4140. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HAIMEI JIANG/Examiner, Art Unit 2145