DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Status of Claims
The following claim(s) is/are pending in this office action: 1, 3-10, 12-20
The following claim(s) is/are amended: 1, 3, 6, 8, 10, 12, 15, 17, 19-20
The following claim(s) is/are new: -
The following claim(s) is/are cancelled: 2, 11
Claim(s) 1, 3-10, 12-20 is/are rejected. This rejection is FINAL.


Previous Rejections Withdrawn
The 35 USC 101 rejection to claim(s) 1, 3-10, 12-20 is/are withdrawn based on the amendment.


Response to Arguments
Applicant’s arguments filed in the amendment filed 10/24/2022, have been fully considered but are moot in view of new grounds of rejection. The reasons set forth below.



Applicant’s Invention as Claimed
Claim Rejections - 35 USC § 103
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-10, 12-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav (US Pub. 2016/0359872) in view of Zhang (US Pub. 2015/0016460).
With respect to Claim 1, Yadav teaches a network verification computer system for a network (Fig. 1, paras. 12, 16, 23-27; system monitors, analyzes, and implements policy for a data center network. Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, gateways.)
that includes a plurality of network devices having network interfaces that are connected to each other through data communication links, (paras. 13-17; system creates sensors that reside upon nodes of a data center network such as a router or gateway. para. 541-545, 549; system displays nodes and connections of the nodes.)
the computer system comprising a processor that is programmed to: (para. 57; system includes a processor)
generate a graph data structure that stores information about the network (para. 34; web frontend presents data in visual form such as tree maps, acyclic dependency maps. paras. 358-360; system has network graph. Paras. 559-565; data stored as vectors. Examiner asserts that the fact that the system presents a network graph and can determine network policy rules suggests that the system stores the network policy with the graph, but regardless the information is discovered by the system, and the system stores data to present in graph form, and therefore it would have been obvious to one of ordinary skill prior to the effective filing date to perform simple combination for expected results, see MPEP 2143(I)(A) to store the forwarding nodes and edges data in graph structure form so that the data does not need to be generated again later.)
in a plurality of forwarding nodes and forwarding edges (Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, gateways. Para. 20; collectors can be connected to a top of rack switch. Para. 20; collectors store sensed information. Para. 132; sensors also store data.)
wherein each of the forwarding nodes represents a set of packets to be processed at one of a plurality of network locations according to packet processing rules (Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, and gateways. paras. 378-392; system applies policies such as a whitelist to traffic flows to direct the flows. Para. 442; blacklist. paras. 445-448, 641; system may receive queries about hosts or flows and will visualize the result.)
and each of the forwarding edges represents packet processing rules to be applied to a set of packets at one of the forwarding nodes (paras. 26-28; analytics module accesses policies and can determine, establish, or change policies. paras. 378-392; system analyzes traffic and policies to see which policies are being enforced. See also paras. 425-438; system analyzes for compliance with policies.)
generate a user-interface (paras. 57-58; system has a graphical user interface)
configured to receive queries from a user (paras. 445-448; system may receive queries about hosts or flows and will visualize the result.)
in response to a request to verify network policies identified in the queries, verify that the network complies with the network policies using the graph data structure (paras. 26-28; analytics module accesses policies and can determine, establish, or change policies. paras. 378-392; system analyzes traffic and policies to see which policies are being enforced. See also paras. 425-438; system analyzes for compliance with policies. paras. 28, 393-409; System can simulate “what if” experiments and how the network would change if different policies were applied without actually going live. Paras. 24, 28, 33; analytics module may predict what will happen in the event the network changes.)
and generate query results that are displayed to the user, (paras. 445-448; system may receive queries about hosts or flows and will visualize the result.)
wherein the plurality of forwarding nodes include a first forwarding node representing a first set of packets to be processed at the first network location, a second forwarding node representing the first set of packets to be processed at the second network location, a third forwarding node representing a second set of packets to be processed at the first network location, and a fourth forwarding node representing the second set of packets to be processed at the second network location, (Colocation will be taught later. Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, and gateways. paras. 378-392; system applies policies such as a whitelist to traffic flows to direct the flows. Para. 442; blacklist. Paras. 358; packets between all nodes can be tracked and collected. Paras. 75-76, 112-114, 123-124, 198; system can track flows as they move throughout the system. Thus, the system can track both a set of packets at different locations and different sets of packets within the same location.)
and each of the first, second, third, and fourth forwarding nodes is associated with attributes of the same one of the network devices. (Colocation will be taught later. Examiner asserts this limitation is tautological since the claim requires each of the first/second/third/fourth forwarding nodes to be processed at the first/second locations and the first/second locations are within the same one of the network devices (i.e. they are inherently associated with attributes because they are all processed in a device with the other forwarding nodes). Regardless, Examiner cites para. 17; VM BIOS ID, which is a device attribute. Para. 79-80, 442; device operating system. para. 87-88; device type. para. 352; system can determine manufacturer. Para. 532; sensor can determine hostname. Paras. 612-613, 623-627; system can determine node and cluster attributes.)
But Yadav does not explicitly teach the network locations including first and second network locations that are within a same one of the network devices.
Zhang, however, does teach each of the first, second, third, and fourth forwarding nodes is associated with attributes of the same one of the network devices. (Examiner asserts that Yadav renders this feature obvious on its own. Yadav discloses both virtual switches and hypervisors, paras. 85-86, which Examiner asserts suggests multiple virtual switches on the same host. However, to compact prosecution Examiner cites Zhang, Fig. 1, paras. 36-39; logical router and a plurality of logical switches to virtual machines may all reside on a single host machine. VM1 to VM2 goes through switches A and B and the router. See also paras. 40-41; device contains multiple forwarding tables, and matching may result in a resubmit action to allow for further processing within the tables.)
It would have been obvious to one of ordinary skill prior to the effective filing date to combine the system of Yadav with the multiple switches in the same device to perform multiple actions for packet processing and routing at once. (Zhang, para. 41)

With respect to Claim 3, modified Yadav teaches the network verification computer system of claim 1, and Yadav also teaches wherein in response to a query that includes a traffic criteria (Para. 445-448; search can include searches for hosts and flows. Paras. 449-454; search of protocol to return flows in the searched protocol. Para. 455; flows can be tagged and can be searched based on tags.)
and a location criteria, (Para. 445-448; search can include searches for hosts and flows. paras. 17, 81-83, 532, 612-613, 623-627; sensor can determine its geolocation and the host device. Para. 48; packet logs include source and destination host name and location.)
the processor generates a query result using the graph data structure, the query result including one or more sets of packets that meet the traffic criteria and one or more network devices that meet the location criteria. (paras. 445-448; system returns results meeting the search criteria and ranks them.)

With respect to Claim 4, modified Yadav teaches the network verification computer system of claim 3, and Yadav also teaches wherein in the graph data structure, each of the forwarding nodes is associated with attributes of one of the network devices, (para. 17; VM BIOS ID, which is a device attribute. Para. 79-80, 442; device operating system. para. 87-88; device type. para. 352; system can determine manufacturer. Para. 532; sensor can determine hostname. Paras. 612-613, 623-627; system can determine node and cluster attributes. paras. 17, 81-83, 532, 612-613, 623-627; sensor can determine its geolocation and the host device.)
and the processor examines the forwarding nodes and forwarding edges of the graph data structure to find the sets of packets that meet the traffic criteria (paras. 445-448; system returns results meeting the search criteria and ranks them.)
and examines the attributes of the network devices to find the network devices that meet the location criteria. (paras. 445-448; system returns results meeting the search criteria and ranks them.)

With respect to Claim 5, modified Yadav teaches the network verification computer system of claim 1, and Yadav also teaches wherein the graph data structure stores information about the network at a first point in time in a first set of forwarding nodes and forwarding edges and stores information about the network at a second point in time that is different from the first point in time in a second set of forwarding nodes and forwarding edges. (para. 101; collector can collect historical statistics and compare it to current data being reported by the sensors. Para. 292-293; historical snapshot of traffic. Paras. 12-17; system provisions sensors and collectors that reside upon nodes of a data network such as switches, routers, gateways. Para. 20; collectors can be connected to a top of rack switch.)

With respect to Claim 6, modified Yadav teaches the network verification computer system of claim 1, and Yadav also teaches wherein the graph data structure is generated based on state information of the network devices that affects packet forwarding behavior thereof. (paras. 85-88; system determines device type including forwarding models. Paras. 383-392, 425-438, 492; white and black lists, which are states of firewalls. Paras. 16, 26, 108, 369; state of node, network, sensor, host.)

With respect to Claim 7, modified Yadav teaches the network verification computer system of claim 6, and Yadav also teaches wherein the network devices are virtual network devices (paras. 16, 24, 85-88; sensed devices may be virtual devices.)
and the state information of the virtual network devices is collected from a controller of a software-defined network. (Paras. 26-27; policies are enforced by a manual or automatic network control scheme such as a security policy controller that has policy data, which is a controller of a software-defined network. See also para. 49; analytics module can control access control list and firewalls to modify security policy, which is a software-defined network controller. To the extent that state information is sensed by the sensors rather than analytics module, Examiner notes that the sensors and analytics module are part of the same monitoring system (see Fig. 2, para. 44) and it would have been obvious to one of ordinary skill prior to the effective filing date to combine the functionality of the sensors and the controllers to have a single agent that determines and modifies state.)

With respect to Claim 8, modified Yadav teaches the network verification computer system of claim 7, and Yadav also teaches wherein the processor is further programmed to: obtain modifications to packet processing rules of the network devices; generate a second graph data structure that stores information about a hypothetical network that includes the network devices with modified packet processing rules; (paras. 28, 393-409; system analyzes simulated changes including “what if” analysis that involves changing policies or memberships. para. 34; web frontend presents data in visual form such as tree maps, acyclic dependency maps. paras. 358-360; system has network graph. Paras. 559-565; data stored as vectors.)
and verify, using the second graph data structure, whether or not the modifications comply with the network policies. (paras. 425-438; system determine whether flows are in compliance with policies or not. See also paras. 405-409; system analyzes simulated changes to see if they are in compliance with policies.)

With respect to Claim 9, modified Yadav teaches the network verification computer system of claim 8, and Yadav also teaches wherein the processor is further programmed to: upon verifying that the modifications comply with the network policies, send the modifications to the network devices for adoption by the network devices. (paras. 26-28; system analyzes changes to the system and policies. Administrator determines whether to implement new policies for handling data packets or policies can dynamically change. Para. 49; analytics module can modify access control list or firewall.)

With respect to Claim 10, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying.

With respect to Claims 12-18, they are substantially similar to Claims 3-9, respectively, and are rejected in the same manner, the same art and reasoning applying.

With respect to Claim 19, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Yadav also teaches a non-transitory computer readable medium comprising instructions (para. 61; non-transitory computer readable media)

With respect to Claim 20, it is substantially similar to Claim 8 and is rejected in the same manner, the same art and reasoning applying.



Remarks
Applicant argues at Remarks, pg. 8 that the amended claims are eligible.
By amendment, Applicant makes verification a feature of the independent claims rather than an intended use of the preamble (“in response to a request to verify network policies…verify that the network complies with the network policies…”). Examiner previously identified verification as an eligibility-imparting feature according to Office procedure (see Non-Final, Numeral 8.3). Consequently, Examiner withdraws the 101 rejection to all claims.
Applicant argues at Remarks, pg. 9 that Claim 1 is nonobvious because “graph data structure” in the claims stores information about a plurality of forwarding nodes and forwarding edges. Applicant argues that Yadav does not store information about the network.
The claim requires “generate a graph data structure that stores information about the network in a plurality of forwarding nodes and forwarding edges.” Applicant does not appear to dispute that Yadav teaches a graphical network topology (“Indeed, the presentation output of web frontend 122, the network graph, and the communication graphs of Yadav may have nodes and edges…” Remarks, pg. 9).
The claim continues “wherein each of the forwarding nodes represents set of packets to be processed at one of a plurality of network locations” and “each of the forwarding edge represents packet processing rules to be applied to a set of packets…” Yadav clearly discloses that it can visualize flows between logical entities (see at least para. 641), which are processed packets according to rules. The system also clearly knows, verifies, hypothesizes and queries based on forwarding rules and policies, (see at least para. 380). In other words – the system knows how packets move between devices and what rule or policy is causing that routing. Examiner fails to see how that is not a graph data structure that represents those things. Even assuming that Applicant means the information that can clearly be generated is not expressly stored (a dubious reading of the reference) the storage would be obvious in light of the fact that it can be generated and the system has a memory.
In other words, assuming Applicant is correct that Yadav fails to anticipate the graph structure claimed, Yadav at a minimum renders it obvious because it stores a graph data structure and either knows or can determine how packets/flows will be forwarded according to rules and policies. Examiner finds the argument unpersuasive.
At Remarks, pgs. 9-10, Applicant complains of Claim 4 for substantially the same graph data structure reasons as Claim 1, so the same response applies.
At Remarks, pg. 10, Applicant argues that Claim 6 is nonobvious because “[Yadav] does not teach any data structure that is generated from state information of the network devices that affects packet forwarding behavior thereof.” In responding to Examiner’s citation about white and black lists, Applicant argues “White and black lists, even if they are states of firewalls and meet the limitations of a data structure as examiner alleges, still fall short of teaching a data structure that is generated from state information of the network devices that affects packet forwarding behavior thereof.”
Examiner disagrees. Forwarding devices have white and black lists. The Yadav system performs the functions of visualizing flows, of testing routing policy utilization, and of performing a “what if” analysis. As one simple example, performing a “what if” analysis requires knowing what devices will do when presented with a packet to process. For example, if one queried “what if packets going from device A to device B were instead redirected to device C” the analysis would require knowing what device C would do with those packets. That requires knowing the state of the white/blacklists and other routing rules and policies that device C functions under. In other words, the system would have to know the state of the device C’s routing firewall and routing policies in order to answer the query and visualize what the flow would look like. That is a graph data structure that is based upon the state information of a device “that affects packet forwarding behavior thereof.”
The best that can be said for Applicant’s argument is the same as with Claim 1 – Yadav does not expressly state that it stores the information it is clearly capable of generating. The storage is obvious for the same reason as in Claim 1.
The arguments to remaining claims are that they are similar to previously-discussed claims. Those arguments are moot as Claims 1/4/6 remain obvious. All claims remain rejected. 


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205.  The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/NICHOLAS P CELANI/Examiner, Art Unit 2449