DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. This is in response to communication filed on 9/03/25 in which claims 1-9 and 11-21 are pending.
Response to Arguments
2. Applicant’s arguments with respect to claims 1-have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 102
3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
4. Claims 1-2, 17-18 and 20-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Patent No. 11088990 to Bansal et al.
a. As per claim 1, Bansal et al teaches a method for generating network traffic rules for a cloud environment, comprising: determining a plurality of new machine level rules for a plurality of machines of a same server machine type based on a plurality of data logs, wherein the plurality of new machine level rules indicate ranges for allowed communications to the server machine type (See col. 8, lines 43-57, AppliedTo tuples can specify the enforcement points in terms of security groups that are formed by grouping one or more VNICs, VMs, hosts, compute constructs and/or network constructs. For instance, an AppliedTo firewall rule can be limited (by the AppliedTo tuple) to a security group that is specified in terms of a particular compute cluster and a particular logical network that connects a particular tenant's VMs that execute on the cluster's hosts. Security groups can be specified by users (e.g., network administrators) in some embodiments. Conjunctively, or alternatively, security groups can be specified by automated process in some embodiments. As shown by entry 240, a wildcard value can also specify an AppliedTo tuple. The wildcard value in some embodiments signifies all possible values for the AppliedTo tuple (e.g., all VNICs); determining one or more recent network traffic rules for the server machine type based on current network traffic rules that are being applied the server machine type and merging the plurality of new machine level rules (See col. 39, lines 60-64, network manager aggregates firewall rule sets for distribution into host-level or compute-cluster level data storages, before distributing the rules sets to different hosts or different sets of hosts in different clusters) ; determining a new recommended network traffic rule for the server machine type based on analyzing the one or more recent network traffic rules and historical proposed traffic rules for the server machine type (See col. 24, lines 46-67); and applying the new recommended network traffic rule to network data transferred between a second server machine and one or more client machines, wherein the second server machine is of the same server machine type as the plurality of machines (See col. 39, lines 60-64).
b. As per claim 17, Bansal et al teaches an enterprise organization cloud computing platform for generating network traffic rules for a cloud environment, comprising: one or more processors (See col. 36, lines 61-67 and col. 37, lines 1-6); and a non-transitory computer-readable medium having processor-executable instructions stored thereon, wherein the processor-executable instructions, when executed by the one or more processors, facilitate: determining a plurality of new machine level rules for a plurality of machine of same server machine type based on a plurality of data logs, wherein the plurality of new machine level rules indicate ranges for allowed communications to the server machine type (See col. 8, lines 43-57, AppliedTo tuples can specify the enforcement points in terms of security groups that are formed by grouping one or more VNICs, VMs, hosts, compute constructs and/or network constructs. For instance, an AppliedTo firewall rule can be limited (by the AppliedTo tuple) to a security group that is specified in terms of a particular compute cluster and a particular logical network that connects a particular tenant's VMs that execute on the cluster's hosts. Security groups can be specified by users (e.g., network administrators) in some embodiments. Conjunctively, or alternatively, security groups can be specified by automated process in some embodiments. As shown by entry 240, a wildcard value can also specify an AppliedTo tuple. The wildcard value in some embodiments signifies all possible values for the AppliedTo tuple (e.g., all VNICs); determining one or more recent network traffic rules for the server machine type based on current network traffic rules that are being applied to the server machine type and merging the plurality of new machine level rules rules (See col. 39, lines 60-64, network manager aggregates firewall rule sets for distribution into host-level or compute-cluster level data storages, before distributing the rules sets to different hosts or different sets of hosts in different clusters) determining a new recommended network traffic rule for the server machine type based on analyzing the one or more recent network traffic rules and historical proposed traffic rules (See col. 24, lines 46-67); and applying the new recommended network traffic rule to network data transferred between a second server machine and one or more client machines, wherein the second server machine is of the same server machine type as the plurality of machines (See col. 39, lines 60-64).
c. As per claims 3, 18 and 21, Bansal et al teaches the claimed invention as described above. Furthermore, Bansal et al teaches wherein determining the plurality new machine level rules comprises: obtaining the plurality of data logs associated with the plurality machines based on applying the current network traffic rules plurality of machines, wherein each of the plurality of data logs indicate one or more IP addresses or textual indicators (See col. 28, lines 51-57 and col. 31, lines 45-53); analyzing the one or more IP addresses or the textual indicators of the plurality of data logs (See col. 31, lines 45-53); and performing a merging algorithm to merge plurality of new machine level rules based on the analysis (See col. 31, lines 45-53).
d. As per claim 20, Bansal et al teaches a non-transitory computer-readable medium having processor-executable instructions stored thereon, wherein the processor-executable instructions, when executed, facilitate: determining a plurality of new machine level rules for a plurality of machines of a same server machine type based on a plurality of data logs, wherein the plurality of new machine level rules indicate ranges for allowed communication s to the server machine type (See col. 8, lines 43-57, AppliedTo tuples can specify the enforcement points in terms of security groups that are formed by grouping one or more VNICs, VMs, hosts, compute constructs and/or network constructs. For instance, an AppliedTo firewall rule can be limited (by the AppliedTo tuple) to a security group that is specified in terms of a particular compute cluster and a particular logical network that connects a particular tenant's VMs that execute on the cluster's hosts. Security groups can be specified by users (e.g., network administrators) in some embodiments. Conjunctively, or alternatively, security groups can be specified by automated process in some embodiments. As shown by entry 240, a wildcard value can also specify an AppliedTo tuple. The wildcard value in some embodiments signifies all possible values for the AppliedTo tuple (e.g., all VNICs); determining one or more recent network traffic rules for the server machine type based on current network traffic rules that are being applied to the server machine type and merging the plurality of new machine level rules rules (See col. 39, lines 60-64, network manager aggregates firewall rule sets for distribution into host-level or compute-cluster level data storages, before distributing the rules sets to different hosts or different sets of hosts in different clusters); determining a new recommended network traffic rule for the server machine type based on analyzing the one or more recent network traffic rules and historical proposed traffic rules (See col. 24, lines 46-67) and applying the new recommended network traffic rule for the serve machine type to network data transferred between a second server machine and one or more client machines, wherein the second server machine is of the same server machine type as the plurality of machines (See col. 39, lines 60-64).
Claim Rejections - 35 USC § 103
5. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
6. Claims 2, 4, 7-9, 11, 15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 11088990 to Bansal et al in view U.S. Publication No. 2024/0106867 to Shaik et al.
b. As per claims 2 and 18, Bansal et al teaches the claimed invention as described above. However, Bansal et al fails to explicitly teach wherein the ranges are internet protocol (IP) address ranges or textual indicator ranges.
Shaik et al teaches wherein the ranges are internet protocol (IP) address ranges or textual indicator ranges (See paragraph [0087]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
d. As per claim 4, Bansal et al teaches the claimed invention as described above. However, Bansal et al fails to explicitly teach wherein analyzing the one or more IP addresses or the textual indicators of the plurality of data logs comprises: generating a data structure indicating IP addresses or textual indicators used by other machines to communicate with the plurality machines, and wherein performing the merging algorithm is based on using the data structure.
Shaik et al teaches wherein analyzing the one or more IP addresses or the textual indicators of the plurality of data logs comprises: generating a data structure indicating IP addresses or textual indicators used by other machines to communicate with the plurality machines, and wherein performing the merging algorithm is based on using the data structure (See paragraph [0076, 0090, 0119]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
e. As per claim 7, Bansal et al teaches the claimed invention as described above. However, Bansal et al fails to explicitly wherein determining the plurality new machine level rules comprises: determining a first set of machine level rules for outbound traffic for the plurality machines; and determining a second set of machine level rules for inbound traffic for plurality machines.
Shaik et al teaches wherein determining the plurality new machine level rules comprises: determining a first set of machine level rules for outbound traffic for the plurality machines; and determining a second set of machine level rules for inbound traffic for plurality machines ( See paragraph [0094]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
f. As per claim 8, Bansal et al teaches the claimed invention as described above. However, Bansal et al fails to explicitly teach wherein determining the one or more recent network traffic rules comprises: determining an aggregate IP address range or textual indicator range within the plurality of new machine level rules; and generating the one or more recent network traffic rules based on the aggregate IP address range or textual indicator range.
Shaik et al teaches wherein determining the one or more recent network traffic rules comprises: determining an aggregate IP address range or textual indicator range within the plurality of new machine level rules; and generating the one or more recent network traffic rules based on the aggregate IP address range or textual indicator range (See paragraph [0092-0093, 0121-0122]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
g. As per claim 9, Shaik et al teaches the claimed invention as described above. Furthermore, Shaik et al teaches wherein generating the one or more recent network traffic rules is further based on an aggregation of ports or communication protocols within the plurality of new machine level rules.
Shaik et al teaches wherein generating the one or more recent network traffic rules is further based on an aggregation of ports or communication protocols within the plurality of new machine level rules (See paragraph [0072]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
h. As per claim 11, Shaik et al teaches the claimed invention as described above. Furthermore, Shaik et al teaches wherein determining the new recommended network traffic rule comprises: determining a confidence measure based on using the one or more recent network traffic rules and the historical proposed traffic rules, and determining the new recommended network traffic rule based on the confidence measure.
Shaik et al teaches wherein determining the new recommended network traffic rule comprises: determining a confidence measure based on using the one or more recent network traffic rules and the historical proposed traffic rules, and determining the new recommended network traffic rule based on the confidence measure (See paragraph [0008, 0135], The one or more servers can determine that a difference between the effectiveness of the updated one or more rules and the effectiveness of the one or more rules is greater than a threshold. The one or more servers can provide for display a comparison of the effectiveness of the updated one or more rules and the effectiveness of the one or more rules).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
i. As per claim 15, Bansal et al teaches the claimed invention as described above. However, Bansal et al fails to teach removing a current network traffic rule, of the current network traffic rules, based on comparing internet protocol (IP) address ranges, ports, protocols or textual indicator ranges of the current network traffic rule with IP address ranges, ports, protocols or textual indicator ranges of the one or more recent network traffic rules and the historical proposed traffic rules.
Shaik et al teaches: removing a current network traffic rule, of the current network traffic rules, based on comparing internet protocol (IP) address ranges, ports, protocols or textual indicator ranges of the current network traffic rule with IP address ranges, ports, protocols or textual indicator ranges of the one or more recent network traffic rules and the historical proposed traffic rules (See paragraph [0101], Rule updater 355 can include any scripts, computer code, functions or instructions stored in memory (e.g., 122, 265) and executed by processors (e.g., 260, 262) to generate new or updated rules 390. Rule updater 355 can include the functionality to identify an existing rule 385 that relates to the changed data identified by the data change detector 350. Rule updater 355 can include the functionality to use the changed data identified by the change detector 350 to generate and updated rule. Rule updater can include the functionality to identify an existing rule 385 for which, or based on which, to generate an updated rule 390. Rule updater 355 can include the functionality to update the original rule 385 using the changed data identified by the data change detector 350. Rule updater 355 can include the functionality to generate the updated rule 390 by modifying the corresponding original rule 385 using the changed data identified by the data change detector 350).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
j. As per claim 19, Shaik et al teaches the claimed invention as described above. Furthermore, Shaik et al teaches wherein determining the plurality of new machine level rules comprises: obtaining the plurality of data logs associated with the plurality of machines based on applying the current network traffic rules to the plurality machines, wherein each of the plurality of data logs indicate one or more IP addresses or textual indicators (See paragraph [0069]); analyzing the one or more IP addresses or the textual indicators of the plurality of data logs (See paragraph [0069]); and performing a merging algorithm to merge the plurality new machine level rules based on the analysis (See paragraph [0110]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Shaik et al in the claimed invention of Bansal et al in order to establish one or more rules for security of a network environment.
6. Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 11088990 to Bansal et al in view U.S. Publication No. 2024/0106867 to Shaik et al as applied to claims 1 and 17 above, and further in view U.S. Patent No. 8,224761 to Rockwood.
a. As per claim 5, Shaik et al teaches the claimed invention as described above. However, Shaik et al fails to teach wherein performing the merging algorithm comprises :determining whether a first octet, a second octet, a third octet, and/or a fourth octet from an IP address within the data structure is the same as a first octet, a second octet, a third octet, and/or a fourth octet from one or more other IP addresses within the data structure; and generating the plurality new machine level rules based on the first octet, the second octet, the third octet, and/or the fourth octet of the IP address being the same as the first octet, the second octet, the third octet, and/or the fourth octet from the one or more other IP addresses within the data structure.
Rockwood teaches wherein performing the merging algorithm comprises :determining whether a first octet, a second octet, a third octet, and/or a fourth octet from an IP address within the data structure is the same as a first octet, a second octet, a third octet, and/or a fourth octet from one or more other IP addresses within the data structure; and generating the one or more new machine level rules based on the first octet, the second octet, the third octet, and/or the fourth octet of the IP address being the same as the first octet, the second octet, the third octet, and/or the fourth octet from the one or more other IP addresses within the data structure (See col. 8, lines 53-67 , col. 9, lines 1-5 and col. 10, lines 9-49).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Rockwood in the claimed invention of Shaik et al in order to generate rules that correlate the selected events based at least in part upon the attributes associated with the selected events.
7. Claim 6, 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 11088990 to Bansal et al in view U.S. Publication No. 2024/0106867 to Shaik et al as applied to claims 1 and 17 above, and further in view U.S. Publication No. 2019/0207907 to Savintsev et al.
a. As per claim 6, Shaik et al teaches the claimed invention as described above. However, Shaik et al teaches wherein the plurality of data logs further indicate one or more ports or one or more communication protocols used in communications with the plurality of machines, and wherein determining the plurality new machine level rules further comprises: analyzing the one or more ports or the one or more communication protocols; and performing a second merging algorithm to determine the one or more new machine level rules, wherein the plurality of new machine level rules indicate a port, from the one or more ports, or a communication protocol, from the one or more communication protocols, that were always used during communications with the plurality of machines.
Savintsev et al teaches wherein the plurality of data logs further indicate one or more ports or one or more communication protocols used in communications with the plurality of machines, and wherein determining the plurality new machine level rules further comprises: analyzing the one or more ports or the one or more communication protocols; and performing a second merging algorithm to determine the one or more new machine level rules, wherein the plurality of new machine level rules indicate a port, from the one or more ports, or a communication protocol, from the one or more communication protocols, that were always used during communications with the plurality of machines (See paragraph [0078, 0104, 0107]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Savintsev et al in the claimed invention of Shaik et al in order to provide efficient and effective dissemination of access control rules to client devices while also monitoring and preventing intrusion to a network (See paragraph [0003]).
b. As per claim 13, Shaik et al teaches the claimed invention as described above. However, Shaik et al fails to teach replacing at least one of the current network traffic rules with the new recommended network traffic rule based on comparing internet protocol (IP) address ranges, ports, protocols or textual indicator ranges of the current network traffic rules with IP address ranges, ports, protocols or textual indicator range of the one or more recent network traffic rules, and wherein applying the new recommended network traffic rule is based on replacing at least one of the current network traffic rules with the new recommended network traffic rule.
Savintsev et al teaches replacing at least one of the current network traffic rules with the new recommended network traffic rule based on comparing internet protocol (IP) address ranges, ports, protocols or textual indicator ranges of the current network traffic rules with IP address ranges, ports, protocols or textual indicator range of the one or more recent network traffic rules, and wherein applying the new recommended network traffic rule is based on replacing at least one of the current network traffic rules with the new recommended network traffic rule (See paragraph [0078, 0104, 0107]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Savintsev et al in the claimed invention of Shaik et al in order to provide efficient and effective dissemination of access control rules to client devices while also monitoring and preventing intrusion to a network (See paragraph [0003]).
c. As per claim 14, Shaik et al teaches the claimed invention as described above. Furthermore, Shaik et al teaches discarding a second new recommended network traffic rule based on IP ranges or textual indicator ranges of the second new recommended network traffic rule being more than the IP ranges or the textual indicator ranges of the current network traffic rules (See paragraph [0092-0094 and 0113]).
8. Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 11088990 to Bansal et al in view U.S. Publication No. 2024/0106867 to Shaik et al as applied to claims 1 and 17 above, and further in view U.S. Publication No. 2024/0414128 to Ahn et al.
a. As per claim 12, Shaik et al teaches the claimed invention as described above. However, Shaik et al fails to teach wherein determining the confidence measure comprises: determining a frequency of a subset of the historical proposed traffic rules, wherein the subset comprises the same IP ranges or textual indicator ranges as the one or more recent network traffic rules; and wherein determining the new recommended network traffic rule based on comparing the frequency of the subset of the historical proposed traffic rules with one or more thresholds.
Ahn et al teaches wherein determining the confidence measure comprises: determining a frequency of a subset of the historical proposed traffic rules, wherein the subset comprises the same IP ranges or textual indicator ranges as the one or more recent network traffic rules; and determining the new recommended traffic rule based on comparing the frequency of the subset of the historical proposed traffic rules with one or more thresholds (See paragraph [0255]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Ahn et al in the claimed invention of Shaik et al in order to determine the impact status of threats to security of a computer network.
9. Claim 16 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 11088990 to Bansal et al in view U.S. Publication No. 2024/0106867 to Shaik et al as applied to claims 1 and 17 above, and further in view in view of U.S. Publication No. 2023/0396496 to Gabin et al.
a. As per claim 16, Shaik et al teaches the claimed invention as described above. However, Shaik et al teaches initializing the plurality of machines based on a configuration template, wherein the configuration template associated with the server machine type indicates the current network traffic rules, and wherein applying the new recommended network traffic rule comprises: updating the configuration template with the new recommended network traffic rule; and initializing the second server machine using the updated configuration template.
Gabin et al teaches initializing the one or more first server machines based on a configuration template, wherein the configuration template indicates the current network traffic rules, and wherein applying the new recommended network traffic rule comprises: updating the configuration template with the new recommended network traffic rule; and initializing the second server machine using the updated configuration template (See paragraph [0022-0023 and 0037]).
It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Gabin et al in the claimed invention of Shaik et al in order to utilize or execute rules that can govern how the event information relating to the events is to be processed (See paragraph [0002]).
Conclusion
10. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DJENANE BAYARD whose telephone number is (571)272-3878. The examiner can normally be reached 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached at (571)272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DJENANE M BAYARD/Primary Examiner, Art Unit 2444