DETAILED ACTION

This office action is in response to the Applicants amendments filed 10/20/2022. Claims 1-20 are examined and pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
 	
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/20/2022 has been entered.
 
Response to Arguments		
Applicant's arguments filed 10/20/2022 have been fully considered but they are not persuasive. 

	Applicant argues that the Office Action does not discloses receiving flow data associated with one of more packets traversing a network, wherein the flow data uniquely describes the one or more packets. Applicant argues that  statistical data or weights of Pernicha do not uniquely describe the packets and are not associated with the packets traversing the network.
 	In regards of the above argument, Examiner respectfully disagrees with the Applicants arguments.
 Pernicha discloses 
 	“[0055] According to one embodiment, grouping policy rules includes identifying potentially combinable policy rules associated with similar allowed flows (e.g., only different sources, only different destinations or only different services) and merging the identified combinable policy rules into a single policy rule. The merging can also be conducted based on matching of source IP addresses, destination IP addresses, services, applications, interfaces, rule tags, priorities and/or parameters of the policy rules. In some embodiment, identifying potentiall combinable policy rules can be based on IP supernetting of the source IP addresses and/or the destination IP addresses. For example, a first traffic flow from source 192.168.0.0/24 to destination 1.1.1.1:80 and a second flow from source 192.168.1.0/24 to destination 1.1.1.1:80 can be merged into a new flow from source 192.168.0.0/25 to destination 1.1.1.1:80. In an instance, multiple parameters of the rule space, including, but not limited to, source, destination, user, service, enterprise firewall ID, and other such parameters can be used to identify rules that may interact or be combinable.”

 	This citation clearly discloses traffic flow data that includes packets of data which includes multiple parameters of the traffic flow including source, destination, user, service etc. which is similar to the limitation recited in the claim wherein “receiving flow data associated with one of more packets traversing a network, wherein the flow data uniquely describes the one or more packets”.
 	Therefore, contrary to the Applicants arguments, Pernicha in view of Porras in further view of Raleigh does discloses the limitation of the claim.

 	Applicant argues that the prior art of record does not disclose the limitation wherein : “determining whether a first policy was enforced on the one or more packets based at least on part on whether a packet of the one or more packets was blocked or allowed at an endpoint of the one or more endpoint groups, wherein the first policy is associated with the one or more endpoint groups.” (see Remarks, pages 10)
 	In response to the Applicants argument, Examiner respectfully disagrees with the Applicants argument. 
Raleigh discloses 
 	“[0220] FIG. 9 illustrates another flow diagram for quality of service (QoS) for device assisted services (DAS) in accordance with some embodiments. In some embodiments, QoS for DAS includes QoS session provision for a service activity. At 902, the process begins. At 904, a new QoS session is granted and/or confirmed. At 906, a device service processor (e.g., policy decision point (PDP) agent, also referred to herein as a policy control agent) maps the QoS session grant to a QoS monitoring policy (e.g., based on a service controller provided QoS related policy, based on a service plan associated with the device, user, device/user group, and/or other criteria/measures, as similarly described herein). At 908, the QoS monitoring policy provides commands/instructions to a policy enforcement point (PEP) (e.g., PEP agent, also referred to herein as a policy implementation agent) for managing/enforcing the new QoS priorities/sessions. At 910, the PEP determines whether to allow, block, throttle, and/or queue priority (e.g., and/or otherwise control using various traffic control related techniques) a session based on the QoS monitoring policy. At 912, the process is completed.”
 	This citations shows that the PEP enforces the monitoring policy that can block packet or messages associated with a session. Raleigh clearly refers to tracking or tracing packet flows and therefore it clearly refers to policies to block packets.
Therefore, contrary to the Applicants argument, Pernicha in view of Porras in further view of Raleigh does disclose the argued limitation of the claim.

 	Applicant argues that the prior art of record does not teach or suggest the limitation wherein  “determining, whether the first policy is utilized more than a
second policy.” (see Remarks, pages 10)

 	In response to the Applicants arguments, Examiner respectfully disagrees with the Applicant arguments.
Pernicha clearly discloses 
 	“[0044] According to another embodiment, firewall/flow control device 108 provides for dynamic reordering of policy rules within policy rule database 110 based on statistical data or weights assigned to one or more policy rules. Such dynamic reordering of the evaluation sequence of policy rules can be based on the most frequently used or the most recently used policy rule(s), for example. Such reordering will facilitate faster decision making by firewall/flow control device 108 as the rules observed to be used most frequently, for example, will be found faster as a result of being placed earlier in the search sequence of policy rule database 110. Typically, the policy rules will be reordered in accordance with administrator-defined criteria; however, in the absence of such criteria embodiments of the present invention may place less specific rules on top or very specific rules on top. Statistical analysis of the application/usage of existing policy rules may be used to select an appropriate default ordering approach.”

 	This citation clearly shows the flow control device using data based most frequently used or the most recently used policy rule in order to dynamically reorder the policy rules of the database. This citation clearly shows that the Pernicha does disclose the recited limitation of the claim wherein ““determining, whether the first policy is utilized more than a second policy.”
 	Therefore, contrary to the Applicants arguments, Pernicha in view of Porras in further view of Raleigh does disclose the limitation of the claim.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pernicha (U.S. 2016/191466 A1, hereinafter “Pernicha”) in view of Porras et al. (U.S. 2014/0331280 A1, hereinafter “Porras”) in further view of Raleigh et al. (U.S. 2014/0140213 A1, hereinafter “Raleigh”).

 	As to claims 1, 11 and 18, Pernicha discloses a computer-implemented method comprising:
 	 receiving flow data associated with one of more packets traversing a network, wherein the flow data uniquely describes the one or more packets (para. [0055]; discloses traffic flow data that includes multiple parameters of the traffic flow including source, destination, user, service etc. )
 	in response to the first policy being enforced, updating utilization data for a first policy in a policy table (para. [0044]; discloses this data assigned to one more policy can be based on the mostly frequently used or most recently used policy rule and is updated based on administrator-defined criteria in the policy rule database) ; 
 	determining , based on a comparison of utilization data in the policy table, whether the first policy is utilized more than a second policy; and
 in response to determining that the first policy is utilized more than the second policy, reordering a first position of the first policy and a second position of the second policy in a policy table (para. [0044]; discloses “dynamic reordering of the evaluation sequence of policy rules can be based on the most frequently used or the most recently used policy rule(s), for example. Such reordering will facilitate faster decision making by firewall/flow control device 108 as the rules observed to be used most frequently, for example, will be found faster as a result of being placed earlier in the search sequence of policy rule database 110….Statistical analysis of the application/usage of existing policy rules may be used to select an appropriate default ordering approach.”).  
 	However, Pernicha does not explicitly disclose the method wherein
 determining, from the flow data, one or more endpoint groups associated with the one or more packets.
	In an analogous art, Porras does disclose determining, from the flow data, one or more endpoint groups associated with the one or more packets (Porras, para. [0022}; discloses “…sequences of data packets from a source computer to a destination, where the destination may be, for example, another host, a multicast group, or a broadcast domain. In some cases, network flow may refer to a logical equivalent of a call or a connection. “); 
 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pernicha by incorporating a multicast group of endpoints that are used as a destination for the traffic flow as taught by Porras in order to increase efficiency in transmitting data.
 	However Pernicha-Porras does not disclose determining whether a first policy was enforced on the one or more packets, wherein the first policy is associated with the one or more endpoint groups.
 	In an analogous art, Raleigh discloses determining whether a first policy was enforced on the one or more packets based at least on part on whether a packet of the one or more packets were blocked or allowed at an endpoint of the one or more endpoint groups, wherein the first policy is associated with the one or more endpoint groups (Raleigh, para. [0220]; discloses  “the QoS monitoring policy provides commands/instructions to a policy enforcement point (PEP) (e.g., PEP agent, also referred to herein as a policy implementation agent) for managing/enforcing the new QoS priorities/sessions. At 910, the PEP determines whether to allow, block, throttle, and/or queue priority (e.g., and/or otherwise control using various traffic control related techniques) a session based on the QoS monitoring policy. At 912, the process is completed.” This citation shows that the policy enforcement/implementation agent enforces control over packets in sessions such as blocking or allow actions to the communications in the session.)
 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Pernicha-Porras by maintaining a quality metric based on factors like policy implementation or network monitoring as taught by Raleigh in order to verify the traffic control policy are properly implemented and suitable for the network. (see Raleigh, para. [0125])

 	As to claim 2, Pernicha-Porras-Raleigh discloses the method of claim 1, further comprising: in response to determining that the first policy is not utilized more than the second policy, determining if the first policy has not been utilized for a period of time; and in response to determining that the first policy has not been utilized for the period of time, deleting the first policy from the policy table (Pernicha, para. [0036]; discloses “ policy rule optimization module configured to automatically optimize the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).  

	As to claims 3, Pernicha-Porras-Raleigh discloses the method of claim 2, wherein the first policy is a whitelist policy (Porras, para. [0077]; discloses network privilege manager receives a large-scale network address whitelist including a number of acceptable IP addresses).  
 	
	As to claim 4, Pernicha-Porras-Raleigh discloses the method of claim 1, further comprising: determining whether the first policy was enforced for the flow data (Pernicha, para. [0031]; discloses “updated set of policy rules can be performed based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).  

 	As to claim 5, Pernicha-Porras-Raleigh discloses the method of claim 4, wherein determining whether the first policy was enforced based on the flow data received at a destination and/or sent by a source (Pernicha ,para. [0031]; discloses “the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules, wherein such optimization of the updated set of policy rules can be performed based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).  

 	As to claim 6, Pernicha-Porras-Raleigh discloses the method of claim 1, wherein the flow data comprises data that is received from a network device, a hypervisor, a container, or a virtual machine.( Pernicha, para. [0070]; discloses “entry 301a of policy rule 301 relates to all traffic/packet/connection requests sent from host 10.184.17.0/26 to peer host/network 10.135.32.0/26, which, can be sent on any of the ports”. This citation clearly shows that network data is coming from network devices on the network)  

 	As to claim 7, Pernicha-Porras-Raleigh discloses the method of claim 1, further comprising: presenting the utilization data of the first policy including at least one of a number of flows, a number of packets, or a quantity of data received by a network in relation to a period of time (Pernicha , para. [0060]; discloses “When statistical data (e.g., frequency of execution during one or more particular time frames) is tracked and maintained relating to execution of policy rules”).  

 	As to claim 8, Pernicha-Porras-Raleigh discloses the method of claim 1, further comprising: receiving additional flow data; determining whether the first policy is applicable to the additional flow data (Pernicha, para. [0079]; discloses “ the administrator can also check dependency in order to view automatically identified dependencies that any rule has on the other set of rules that form part of the rules repository.”).  

 	As to claim 9, Pernicha-Porras-Raleigh discloses the method of claim 8, wherein the first policy is configured to deny connectivity from a source and/or a destination, the method further comprising: determining that connectivity was allowed from the source and/or to the destination; and providing an alert indicating that the first policy was not applied (Pernicha, para. [0077] discloses “ Rule 311 is in conflict with part of the flow required for new rule 399. Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”).  

 	As to claim 10, Pernicha-Porras-Raleigh discloses the method of claim 8, wherein the first policy is configured to deny connectivity from a source and/or a destination, the method further comprising: determining that connectivity was denied from the source and/or to the destination; and updating the utilization data for the first policy (Pernicha, para. [0074]; discloses “Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”). 

 	As to claim 12, Pernicha-Porras-Raleigh discloses the system of claim 11, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: in response to determining that the first policy is not utilized more than the second policy, determine if the first policy has not been utilized for a period of time; and in response to determining that the first policy has not been utilized for the period of time, delete the first policy from the policy table (Pernicha , para. [0036]; discloses “ policy rule optimization module configured to automatically optimize the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).    

	As to claim 13, Pernicha-Porras-Raleigh discloses the method of claim 12, wherein the first policy is a whitelist policy (Porras, para. [0077]; discloses network privilege manager receives a large-scale network address whitelist including a number of acceptable IP addresses).  
 	
 	As to claim 14, Pernicha-Porras-Raleigh discloses the system of claim 11, wherein the flow data comprises data that is received from a network device, a hypervisor, a container, or a virtual machine (Pernicha, para. [0070]; discloses “entry 301a of policy rule 301 relates to all traffic/packet/connection requests sent from host 10.184.17.0/26 to peer host/network 10.135.32.0/26, which, can be sent on any of the ports”. This citation clearly shows that network data is coming from network devices on the network).  

 	As to claim 15, Pernicha-Porras-Raleigh discloses the system of claim 11, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: present the utilization data of the first policy including at least one of a number of 31Docket Number: 085115-677329 (999584-US.02) flows, a number of packets, or a quantity of data received by a network in relation to a period of time (Pernicha, para. [0060]; discloses “When statistical data (e.g., frequency of execution during one or more particular time frames) is tracked and maintained relating to execution of policy rules”).    

 	As to claim 16, Pernicha-Porras-Raleigh discloses the system of claim 11, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: receive additional flow data; determine whether the first policy is applicable to the additional flow data (Pernicha , para. [0079]; discloses “ the administrator can also check dependency in order to view automatically identified dependencies that any rule has on the other set of rules that form part of the rules repository.”).    

 	As to claim 17, Pernicha-Porras-Raleigh discloses the system of claim 16, wherein the first policy is configured to deny connectivity from a source and/or a destination, the system further comprising instructions which when executed by the at least one processor, causes the at least one processor to: determine that connectivity was allowed from the source and/or to the destination; and provide an alert indicating that the first policy was not applied (Pernicha, para. [0077], discloses “ Rule 311 is in conflict with part of the flow required for new rule 399. Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”).  .  

 	As to claim 18, Pernicha-Porras-Raleigh discloses the system of claim 16, wherein the first policy is configured to deny connectivity from a source and/or a destination, the system further comprising instructions which when executed by the at least one processor, causes the at least one processor to: determining that connectivity was denied from the source and/or to the destination; and updating the utilization data for the first policy ( Pernicha, para. [0074]; discloses “Since rule 311 is a deny rule, a warning should be issued to the administrator pointing out the conflict; and [0078] i. If the flow-denial of rule 311 is to be maintained, rule 311 should be moved to a position with a smaller seq# than new flow 399. Alternatively, if rule 311 is to be “forgotten” due to the higher priority of new flow 399, then rule 311 should be removed.”). .  

 	As to claim 20, Pernicha-Porras-Raleigh discloses the at least one non-transitory computer-readable medium of claim 19, further comprising instructions which when executed by the at least one processor, causes the at least one processor to: in response to determining that the first policy is not utilized more than the second policy, determine if the first policy has not been utilized for a period of time; and in response to determining that the first policy has not been utilized for the period of time, delete the first policy from the policy table  (Pernicha, para. [0036]; discloses “ policy rule optimization module configured to automatically optimize the updated set of policy rules by one or more of grouping a first sub-set of policy rules of the updated set of policy rules, reordering a second sub-set of policy rules of the updated set of policy rules, and deleting a third sub-set of policy rules of the updated set of policy rules based on one or more of weights assigned to particular types of traffic, preference settings, priority settings, network traffic characteristics, and network usage statistics for the policy rules of the updated set of policy rules.”).    

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
 	Sinha et al. (U.S. 2008/0301755 A1) discloses a method and system for applying access-control policies. In particular implementations, a method includes determining one or more policies, and a prioritization order for the determined policies, based on the one or more parameters; accessing an indirection table to create an entry for the client, wherein the entry indicates the prioritization order of the determined policies; and creating one or more entries in one or more policy data structures for the one or more determined policies.


 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOE CHACKO whose telephone number is (571)270-3318. The examiner can normally be reached Monday-Friday 7am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JOE CHACKO/Primary Examiner, Art Unit 2456