Detailed Action
1. This Office Action is responsive to the Preliminary Amendment filed 10/16/2025. Claim 1 has been amended. Claims 2-20 have been added as new claims. Claims 1-20 are presented for examination. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority
2. Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, or 365(c) is acknowledged.
Information Disclosure Statement
3. The information disclosure statements (IDSes) submitted on 10/28/2024 and 05/23/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.
Specification
4. The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification.
5. The disclosure is objected to because of the following informalities:
On page 1, under section “Cross-Reference to Related Applications”, the cited parent application 18/518,751 should be updated with current statuses such as U.S. Patent No. and the issued date.
Appropriate correction is required.
Claim Objections
6. Claim 2 and 12 are objected to because of the following informalities:
On line 7 of claim 2: “the targeted consumer” should be “the respective target consumer”.
On line 1 of claim 12: “the data” should be “the data relating to the one or more configurations”
Appropriate correction is required.
Double Patenting
7. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
8. Claims 1, 3-7 and 10-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1 and 3-20 of U.S. Patent No. 12,155,530.
Instant application 18/929,459
U.S. Patent No. 12,155,530
Claim 1. A computing system comprising:
a network management system including one or more services comprising one or more storage devices storing instructions executable to:
receive, at a token service including a first compiler, a request including a proposed intent identifying an expectation for behavior in a network and one or more intent associations of entities for the proposed intent,
process the request with the first compiler by selectively generating verification testing output usable by a first test authority to verify, prior to applying the proposed intent to the network, whether the proposed intent is allowed to be applied to the network, and network updating output usable by a change service to update network devices or services in the network to control the network devices or services to comply with the proposed intent including behaving as specified in the proposed intent, wherein the first compiler operates as a polyglot that selects a language or format of the verification testing output or the network updating output based on a respective targeted consumer of the verification testing output or the network updating output,
receive, at an authority service, request data corresponding to the request, the authority service configured to update a transaction journal to include a transaction corresponding to a change to add the proposed intent for the network,
receive, at a second compiler, change data regarding the change from the authority service,
process, with the second compiler, the change data to generate validation testing output usable by a second test authority to perform a validation of the change, and
output an indication of a validation issue responsive to detecting a violation of one or more applied intents in the transaction journal based on the validation.
Claim 3. The computing system of claim 1, wherein the proposed intent is provided to the first compiler in a first language, and wherein the first compiler is configured to generate one or both of the verification testing output or the network updating output in a second language that is different from the first language.
Claim 4. The computing system of claim 3, wherein the second language is selected to be compatible with the first or second test authority or the network devices or services.
Claim 5. The computing system of claim 3, wherein the first compiler is configured to generate the verification testing output in the second language that is compatible with the first test authority and to generate the network updating output in a third language that is compatible with one or more of the network devices or services.
Claim 6. The computing system of claim 1, wherein verifying whether the proposed intent is allowed to be applied to the network comprises running a simulation to determine an effect of the proposed intent on the network and determining if the effect of the proposed intent violates another intent in the transaction journal, and wherein the verification testing output is
PNG
media_image1.png
5
6
media_image1.png
Greyscale
generated in a language or format that is compatible with one or more devices used for the simulation.
Claim 7. A computer-implemented method comprising:
receiving, at a compiler, a request including an intent identifying an expectation for behavior in a network and one or more entity associations for the intent;
for respective entities of the one or more entity associations, determining data relating to one or more configurations for the respective entities based on the intent; and outputting, to consumers included in the respective entities, instructions based on the one or more configurations for the consumers.
Claim 10. The computer-implemented method of claim 7, wherein the data relating to the one or more configurations includes instructions to perform a verification of the intent prior to applying the intent to the network, and wherein the consumers include a test authority or test scheduler for configuring and performing the verification.
Claim 11. The computer-implemented method of claim 7, wherein the data relating to the one or more configurations includes instructions to control network devices or services to comply with the intent, and wherein the consumers include the network devices or services.
Claim 12. The computer-implemented method of claim 11, wherein the data is output responsive to a determination that the intent is verified as being allowed to be applied to the network, and
wherein the determination that the intent is verified comprises determining that the intent is not predicted to violate one or more other applied intents of the network based on a performance of one or more tests.
Claim 13. The computer-implemented method of claim 7, wherein the data relating to the one or more configurations includes instructions to perform a validation of the intent, and
wherein performing the validation comprises monitoring behavior of the network to determine observed behavior, comparing the observed behavior to intended behavior that is based on applied intents for the network, outputting an indication of drift responsive to determining a difference between the intended behavior and the observed behavior or responsive to determining that the observed behavior violates an applied intent for the network, and performing a drift correction including performing a rollback of one or more transactions in an applied intents journal to reverse the one or more transactions, wherein the applied intents journal includes intents that are actively applied to the network.
Claim 14. The computer-implemented method of claim 7, wherein the intent is received at the compiler in a first language that is different from a native language used by the consumers.
Claim 15. The computer-implemented method of claim 14, wherein determining the one or more configurations for the respective entities based on the intent comprises determining an association between the intent and a targeted entity of the respective entities using entity information and entity state retrieved from an authority service.
Claim 16. One or more computer-readable storage media comprising computer- executable instructions that, when executed, cause a computing system to perform a method comprising: receiving, at a compiler, a request including an intent identifying an expectation for behavior in a network and one or more associations of entities to the intent; processing, with the compiler, the intent using entity information and entity state retrieved from an authority service for one or more respective entities associated with the intent; and generating output for one or more consumers corresponding to the intent, the output including one or more of: data for performing a verification of the intent prior to applying the intent to the network, data for controlling network devices or services to comply with the intent, or data to perform a validation of the intent after applying the intent to the network, wherein the output is generated to include types and formats of data that are suited for the one or more consumers based on the entity information and entity state information.
Claim 17. The one or more computer-readable storage media of claim 16, wherein the intent is received in a first language that is different from a respective native language for the one or more consumers.
Claim 18. The one or more computer-readable storage media of claim 16, wherein the verification comprises determining an effect of the intent on the network and determining if the effect of the intent violates another intent for the network.
Claim 19. The one or more computer-readable storage media of claim 16, wherein the verification comprises determining if the intent is allowed to be applied to the network based on one or more rules regarding timing of applying changes to the network.
Claim 20. The one or more computer-readable storage media of claim 16, wherein the validation comprises performing a comparison of monitored behavior of the network or the network devices or services to an intended behavior of the network or the network devices or services.
Claim 1. A computing system comprising:
a network management system including one or more services comprising one or more storage devices storing instructions executable to:
receive, at a token service including a first compiler, a request including a proposed intent identifying an expectation for behavior in a network and one or more intent associations of entities for the intent,
process the request with the first compiler by selectively generating first, verification testing output usable by a first test authority to verify whether the proposed intent is allowed to be applied to the network and second, network updating output usable by a change service to update network devices or services in the network to control the network devices or services to comply with the proposed intent,
receive, at an authority service, request data corresponding to the request, the authority service configured to update a transaction journal to include a transaction corresponding to a change to add the proposed intent for the network,
receive, at a second compiler, change data regarding the change from the authority service,
process, with the second compiler, the change data to generate third, validation testing output usable by a second test authority to perform a validation of the change, and
output an indication of a validation issue responsive to detecting a violation of one or more applied intents in the transaction journal based on the validation.
Claim 3. The computing system of claim 1, wherein the proposed intent is provided to the first compiler in a first language, and wherein the first compiler is configured to generate one or both of the first, verification testing output or the second, network updating output in a second language that is different from the first language.
Claim 4. The computing system of claim 3, wherein the second language is selected to be compatible with the first or second test authority or the network devices or services.
Claim 5. The computing system of claim 3, wherein the first compiler is configured to generate the first, verification testing output in the second language that is compatible with the first test authority and to generate the second, network updating output in a third language that is compatible with one or more of the network devices or services.
Claim 6. The computing system of claim 1, wherein verifying whether the proposed intent is allowed to be applied to the network comprises running a simulation to determine an effect of the proposed intent on the network and determining if the effect of the proposed intent violates another intent in the transaction journal, and wherein the first, verification testing output is generated in a language or format that is compatible with one or more devices used for the simulation.
Claim 7. A computer-implemented method comprising:
receiving, at a compiler, a request including an intent identifying an expectation for behavior in a network and one or more entity associations for the intent;
for respective entities of the one or more entity associations, determining artifacts for the respective entities based on the intent; and
outputting, to consumers included in the respective entities, instructions based on the artifacts for the consumers.
Claim 8. The computer-implemented method of claim 7, wherein the data relating to the artifacts includes instructions to perform a verification of the intent prior to applying the intent to the network, and wherein the consumers include a test authority or test scheduler for configuring and performing the verification.
Claim 9. The computer-implemented method of claim 7, wherein the data relating to the artifacts includes instructions to control network devices or services to comply with the intent, and wherein the consumers include the network devices or services.
Claim 10. The computer-implemented method of claim 9, wherein the data is output responsive to a determination that the intent is verified as being allowed to be applied to the network.
Claim 11. The computer-implemented method of claim 10,
wherein the determination that the intent is verified comprises determining that the intent is not predicted to violate one or more other applied intents of the network based on a performance of one or more tests.
Claim 12. The computer-implemented method of claim 7, wherein the data relating to the artifacts includes instructions to perform a validation of the intent.
Claim 13. The computer-implemented method of claim 12, wherein performing the validation comprises monitoring behavior of the network to determine observed behavior, comparing the observed behavior to intended behavior that is based on applied intents for the network, and outputting an indication of drift responsive to determining a difference between the intended behavior and the observed behavior or responsive to determining that the observed behavior violates an applied intent for the network.
Claim 14. The computer-implemented method of claim 7, wherein the intent is received at the compiler in a first language that is different from a native language used by the consumers.
Claim 15. The computer-implemented method of claim 14, wherein determining the artifacts for the respective entities based on the intent comprises determining an association between the intent and the respective entity using entity information and entity state retrieved from an authority service.
Claim 16. One or more computer-readable storage media comprising computer-executable instructions that, when executed, cause a computing system to perform a method comprising: receiving, at a compiler, a request including an intent identifying an expectation for behavior in a network and one or more associations of entities to the intent; processing, with the compiler, the intent using entity information and entity state retrieved from an authority service; and
generating output for one or more consumers corresponding to the intent, the output including one or more of: data for performing a verification of the intent prior to applying the intent to the network, data for controlling network devices or services to comply with the proposed intent, or data to perform a validation of the intent.
Claim 17. The one or more computer-readable storage media of claim 16, wherein the intent is received in a first language that is different from a respective native language for the one or more consumers.
Claim 18. The one or more computer-readable storage media of claim 16, wherein the verification comprises determining an effect of the intent on the network and determining if the effect of the intent violates another intent for the network.
Claim 19. The one or more computer-readable storage media of claim 16, wherein the verification comprises determining if the intent is allowed to be applied to the network based on one or more rules regarding timing of applying changes to the network.
Claim 20. The one or more computer-readable storage media of claim 16, wherein the validation comprises performing a comparison of monitored behavior of the network or the network devices or services to an intended behavior of the network or the network devices or services.
9. Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1 and 3-20 of U.S. Patent No. 12,155,530 substantially contains limitations of claims 1, 3-7 and 10-20 of the instant application, except the limitation “the first compiler operates as a polyglot that selects a language or format of the verification testing output or the network updating output based on a respective targeted consumer of the verification testing output or the network updating output” of claim 1.
However, U.S. Patent No. 12,155,530 does teach “Claim 3: the first compiler is configured to generate one or both of the first, verification testing output or the second, network updating output in a second language that is different from the first language” and “Claim 4: wherein the second language is selected to be compatible with the first or second test authority or the network devices or services”.
Hence, claim 1 of the instant application is either anticipated by, or would have been obvious over claims 1 and 3-4 of U.S. Patent No. 12,155,530. Claims 1, 3-7 and 10-20 of the instant application therefore are not patently distinct from the earlier patent claims 1 and 3-20 of U.S. Patent No. 12,155,530 and as such are unpatentable over obvious-type double patenting. A later application claim is not patently distinct from an earlier claim if the later claim is anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus)”. ELI LILLY AND COMPANY vs. BARR LABORATORIES INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Claim Rejections - 35 USC § 102
10 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
11. Claims 7-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by RUNGTA et al. (US 2022/0191253 A1), hereinafter “RUNGTA”.
12. As to claim 7, RUNGTA teaches a computer-implemented method comprising:
receiving, at a compiler, a request including an intent identifying an expectation for behavior in a network and one or more entity associations for the intent ([43-44]: receiving one or more intent statements associated with user resources expressing at least one type of action allowed to be performed on the user resources);
for respective entities of the one or more entity associations, determining data relating to one or more configurations for the respective entities based on the intent ([44-45]: compiling the one or more intent statements into at least one access control policy, associating the at least one access control policy with the user resources); and
outputting, to consumers included in the respective entities, instructions based on the one or more configurations for the consumers ([32-41]: when an intent statement is received, it can be parsed. The parsed grammar is lowered to an abstract syntax tree where names have been resolved … Once parsed, the intent statement can be compiled into a policy. As discussed, a compiler is responsible for formatting the policy correctly and for determining the attachment point for the policy).
13. As to claim 8, RUNGTA teaches the computer-implemented method of claim 7, wherein the one or more configurations includes a file, instructions, or data consumable by the respective entities or devices in the respective entities to control the respective entities or devices in the respective entities to operate in compliance with the intent ([44-45]: the intent statements are parsed and type checked to identify the intent of the statements and the resources to which the intent is to be applied; compiling the one or more intent statements into at least one access control policy; associating the at least one access control policy with the user resources).
14. As to claim 9, RUNGTA teaches the computer-implemented method of claim 7, wherein the one or more configurations includes an API call to a controller, a network policy for a network device, or a test that is to be run for the network device or a network service ([15]: Users may interact with a provider network 100 through use of application programming interface (API) calls; [44-45]: the intent statements are parsed and type checked to identify the intent of the statements and the resources to which the intent is to be applied; compiling the one or more intent statements into at least one access control policy; associating the at least one access control policy with the user resources).
15. As to claim 10, RUNGTA teaches the computer-implemented method of claim 7, wherein the data relating to the one or more configurations includes instructions to perform a verification of the intent prior to applying the intent to the network ([44]: prior to compiling the one or more intent statements, the intent statements are parsed, and type checked to identify the intent of the statements and the resources to which the intent is to be applied), and wherein the consumers include a test authority or test scheduler for configuring and performing the verification ([22-24]: if the intent statement is that no resources should be shared outside of the user’s organization, the intent-based governance service 102 can generate a policy and check that policy against existing access patterns of the organizations resources).
16. As to claim 11, RUNGTA teaches the computer-implemented method of claim 7, wherein the data relating to the one or more configurations includes instructions to control network devices or services to comply with the intent, and wherein the consumers include the network devices or services ([28]: ensuring the intent is being effected across new services and/or features as they are implemented; [30]: if a new area has been added to Europe, and the customer has an intent-based governance policy to exclude European area from hosting their resources, then upon recompilation of the intent-based governance policy, the new area will also automatically be excluded).
17. As to claim 12, RUNGTA teaches the computer-implemented method of claim 11, wherein the data is output responsive to a determination that the intent is verified as being allowed to be applied to the network, and wherein the determination that the intent is verified comprises determining that the intent is not predicted to violate one or more other applied intents of the network based on a performance of one or more tests ([32]: an intent statement could be structured such that services were only accessible in European Areas. As a result, if a new area is added to Europe, the policies would be automatically updated to allow for the services to be accessed from the new region).
18. As to claim 13, RUNGTA teaches the computer-implemented method of claim 7, wherein the data relating to the one or more configurations includes instructions to perform a validation of the intent, and wherein performing the validation comprises monitoring behavior of the network to determine observed behavior ([22]: if the intent statement is that no resources should be shared outside of the user’s organization, the intent-based governance service 102 can generate a policy and check that policy against existing access patterns of the organizations resources), comparing the observed behavior to intended behavior that is based on applied intents for the network, outputting an indication of drift responsive to determining a difference between the intended behavior and the observed behavior or responsive to determining that the observed behavior violates an applied intent for the network ([23]: if a new policy restricts access to resources 120 to area A 118, but resource access service 116 indicates that the resources are regularly accessed from one or more of area B 122 to area N 124, then an alert can be returned to the user indicating the new policy is inconsistent with existing access patterns), and performing a drift correction including performing a rollback of one or more transactions in an applied intents journal to reverse the one or more transactions, wherein the applied intents journal includes intents that are actively applied to the network ([23]: The user can then confirm the new policies to be created based on the intent statements previously provided at numeral 1 or update the intent statements to allow some or all of the conflicts. For example, the intent statement can be updated to restrict access from other areas other than the existing access patterns).
19. As to claim 14, RUNGTA teaches the computer-implemented method of claim 7, wherein the intent is received at the compiler in a first language ([11]: A user can write intent statements using the domain specific language (e.g., “my resources should be tagged by their cost-center”, “my resources can be not shared across accounts, “only the security admin can alter configurations of the security services”, etc.) that is different from a native language used by the consumers ([32-41]: when an intent statement is received, it can be parsed. The parsed grammar is lowered to an abstract syntax tree where names have been resolved … Once parsed, the intent statement can be compiled into a policy. As discussed, a compiler is responsible for formatting the policy correctly and for determining the attachment point for the policy).
20. As to claim 15, RUNGTA teaches the computer-implemented method of claim 14, wherein determining the one or more configurations for the respective entities based on the intent comprises determining an association between the intent and a targeted entity of the respective entities using entity information and entity state retrieved from an authority service ([23]: if a new policy restricts access to resources 120 to area A 118, but resource access service 116 indicates that the resources are regularly accessed from one or more of area B 122 to area N 124, then an alert can be returned to the user indicating the new policy is inconsistent with existing access patterns).
21. As to claim 16, RUNGTA teaches one or more computer-readable storage media comprising computer-executable instructions that, when executed, cause a computing system to perform a method comprising:
receiving, at a compiler, a request including an intent identifying an expectation for behavior in a network and one or more associations of entities to the intent ([43-44]: receiving one or more intent statements associated with user resources expressing at least one type of action allowed to be performed on the user resources);
processing, with the compiler, the intent using entity information and entity state retrieved from an authority service for one or more respective entities associated with the intent ([44-45]: compiling the one or more intent statements into at least one access control policy, associating the at least one access control policy with the user resources); and
generating output for one or more consumers corresponding to the intent, the output including one or more of: data for performing a verification of the intent prior to applying the intent to the network, data for controlling network devices or services to comply with the intent ([44]: prior to compiling the one or more intent statements, the intent statements are parsed, and type checked to identify the intent of the statements and the resources to which the intent is to be applied), or data to perform a validation of the intent after applying the intent to the network ([22-24]: if the intent statement is that no resources should be shared outside of the user’s organization, the intent-based governance service 102 can generate a policy and check that policy against existing access patterns of the organizations resources), wherein the output is generated to include types and formats of data that are suited for the one or more consumers based on the entity information and entity state information ([32-41]: when an intent statement is received, it can be parsed. The parsed grammar is lowered to an abstract syntax tree where names have been resolved … Once parsed, the intent statement can be compiled into a policy. As discussed, a compiler is responsible for formatting the policy correctly and for determining the attachment point for the policy).
22. As to claim 17, RUNGTA teaches the one or more computer-readable storage media of claim 16, wherein the intent is received in a first language ([11]: A user can write intent statements using the domain specific language (e.g., “my resources should be tagged by their cost-center”, “my resources can be not shared across accounts”, etc.) that is different from a respective native language for the one or more consumers ([32-41]: when an intent statement is received, it can be parsed. The parsed grammar is lowered to an abstract syntax tree where names have been resolved … Once parsed, the intent statement can be compiled into a policy. As discussed, a compiler is responsible for formatting the policy correctly and for determining the attachment point for the policy).
23. As to claim 18, RUNGTA teaches the one or more computer-readable storage media of claim 16, wherein the verification comprises determining an effect of the intent on the network and determining if the effect of the intent violates another intent for the network ([23]: if a new policy restricts access to resources 120 to area A 118, but resource access service 116 indicates that the resources are regularly accessed from one or more of area B 122 to area N 124, then an alert can be returned to the user indicating the new policy is inconsistent with existing access patterns).
24. As to claim 19, RUNGTA teaches the one or more computer-readable storage media of claim 16, wherein the verification comprises determining if the intent is allowed to be applied to the network based on one or more rules regarding timing of applying changes to the network ([29]: automatically generating update policies by an intent-based access control based on [when] service changes; [30]: [when] a new area has been added to Europe, and the customer has an intent-based governance policy to exclude European area from hosting their resources, then upon recompilation of the intent-based governance policy, the new area will also automatically be excluded).
25. AS to claim 20, RUNGTA teaches the one or more computer-readable storage media of claim 16, wherein the validation comprises performing a comparison of monitored behavior of the network or the network devices or services to an intended behavior of the network or the network devices or services ([23]: if a new policy restricts access to resources 120 to area A 118, but resource access service 116 indicates that the resources are regularly accessed from one or more of area B 122 to area N 124, then an alert can be returned to the user indicating the new policy is inconsistent with existing access patterns).
Allowable Subject Matter
26. Claims 1-6 are rejected, but would be allowable, if a proper Terminal Disclaimer is filed to overcome the rejection(s) under non-statutory double patenting set forth in this Office Action. The prior art of records, individually or in combination, fail to explicitly teach or render obvious the claimed limitations.
27. Further references of interest are cited on Form PTO-892, which is an attachment to this Office Action.
28. A shortened statutory period for reply to this action is set to expire THREE (3) months from the mailing date of this communication. See 37 CFR 1.134.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUANG N NGUYEN whose telephone number is (571) 272-3886.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMAL B. DIVECHA, can be reached at (571) 272-5863. The fax phone number for the organization is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/QUANG N NGUYEN/
Primary Examiner, Art Unit 2441