11231986Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination
1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 4/7/2026 has been entered.
Claim Status
2. Claims 1-4, 10-14, and 18-19 have currently been amended.
Response to Arguments
3. The applicant’s arguments filed 4/7/2026 have been taken into consideration, but are moot in view of new grounds of rejection.
A. The rejection under 35 USC 101 has been withdrawn in light of the amended claim limitations.
B. In response to the applicant’s argument (disclosed on pg. 1-2 of the remarks segment) that the cited prior art doesn’t teach or suggest disclose using a device configuration manager for comparison of a current configuration against stored device configurations:
In light of the amended claimed limitation, newly cited prior art reference Bigian et al (US 2015/0149604) has been cited, which discloses using a configuration manager for comparing a live/current device configuration with a previously deployed configuration stored in a configuration repository (e.g., using a device configuration manager for comparison of a current configuration against stored device configurations).
Claim Objections
4. Claim 1 is objected to because of the following informalities:
Line 10 of claim 1 should be amended to include a semi-colon after the term “coupled to the device” to conclude the limitation. Appropriate correction is required.
Allowable Subject Matter
5. Claims 3, 5-6, 8-10, 13, 15-16, and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections – 35 USC 103
6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
7. Claims 1-2, 4, 7, 11-12, 14, and 17-19 are rejected under 35 USC 103 as being unpatentable over Shenoy et al (CN 111327452 A) in view of Bigian et al (US 2015/0149604).
Regarding claim 1, Shenoy et al teaches a system for securing a device executing program instructions (pg. 7, lines 21-25, which discloses a network device containing a configurable security feature), comprising:
said device comprising a processor and a memory (pg. 15, lines 32-35, “includes one or more processors…coupled to a memory”);
a first device agent module executing on the device (fig. 3, ‘16A, ‘118, & ‘120 and pg. 15, lines 25-35, which disclose the device ‘16A comprising a management daemon ‘118 and a configuration evaluation engine), for:
said first device agent module monitoring a current configuration of the device and execution of the program instructions (pg. 17, lines 20-30, which discloses the management daemon determining the device’s configuration data); and
generating current configuration information from the monitoring of the configuration of the device (fig. 3, ‘118/’120 & pg. 16, lines 39-42, which disclose determining the current configuration of the device ‘16A);
said device configuration manager, communicatively coupled to the device (fig. 3, ‘16A, ‘118, & ‘120, which discloses the management daemon and configuration evaluation engine coupled with the device);
accepting the current configuration information (pg. 16, lines 27-28, which discloses the management daemon validating the device configuration);
performing a comparison of said current configuration information with stored configuration information (pg. 20, lines 30-35, which discloses comparing the current device configuration with a predetermined configuration); and
a second device agent, executing on the device, for accepting and applying the management commands to change the current configuration of the device (fig. 3, ’20 & pg. 13, lines 1-15, which disclose the device also including a controller for changing the device configuration to a secondary configuration upon determining that the configuration change is permissible).
Shenoy et al does not explicitly teach sending said current configuration information to a device configuration manager; in response to said comparison if the current configuration is not permitted, generating management commands; and sending said management commands to the device based on said comparison.
However, Bigian et al further teaches sending said current configuration information to a device configuration manager (fig. 4, ‘414/’415 & par [0042], lines 1-5, which discloses a configuration manager receiving current device configuration data);
in response to said comparison if the current configuration is not permitted, generating management commands (fig. 5, ‘508, par [0042], lines 1-6 & par [0044], lines 1-10, which disclose comparing the current configuration with prior configurations to determine if the configuration is invalid and generating configuration data in the event that the configuration is invalid); and
sending said management commands to the device based on said comparison (fig. 4, ‘404, fig. 5, ‘502/’504 & par [0044], lines 1-10, which disclose generating a configuration data file for validating a configuration if the current configuration was not validated in comparison to the previous configuration).
It would have been obvious to one of ordinary skill in the art, before the effective day of the invention, that one would be motivated to combine the teachings of Bigian et al within the teachings of Shenoy et al in order to improve upon authenticating device configuration by utilizing configuration templates for managing and updating device configuration (as disclosed par [0022], lines 1-10 of Bigian et al) in order to ensure that each device configuration is authenticated when compared to prestored templates while preventing potential malicious device configurations from being implemented, upon determining that a potential configuration invalid when compared to stored, authenticated configuration data.
Regarding claim 2, Shenoy et al and Bigian et al teach the limitations of claim 1.
Shenoy et al further teaches wherein:
the device configuration manager is communicatively coupled to a database containing said stored configuration information (Abstract, “configuration database”), said stored configuration information comprising permitted device configurations and operations (pg. 13, lines 1-4, “configuration change is permissible”), authorized applications and libraries (pg. 15, lines 32-43) and user permissions and rules (pg. 18, lines 41-42).
Regarding claim 4, Shenoy et al does not explicitly teach wherein said comparison comprises comparing permitted device configurations and operations to executing device configurations and operations using the current configuration information.
Bigian et al further teaches wherein said comparison comprises comparing permitted device configurations and operations to executing device configurations and operations using the current configuration information (par [0040], lines 1-5, “comparing against the last deployment”).
It would have been obvious to one of ordinary skill in the art, before the effective day of the invention, that one would be motivated to combine the teachings of Bigian et al within the teachings of Shenoy et al according to the motivation disclosed regarding claim 1.
Regarding claim 7, Shenoy et al and Bigian et al teach the limitations of claim 1.
Shenoy et al further teaches wherein the device configuration manager is cloud-based (pg. 9, lines 23-25).
Regarding claim 11, Shenoy et al teaches a method of securing a device having a processor and a memory executing program instructions (pg. 15, lines 32-35 & pg. 16, lines 1-5), comprising:
the current configuration information generated from the first device agent module monitoring a configuration state of the device and execution of the program instructions (fig. 3, ‘118/’120 & pg. 16, lines 39-42, which disclose determining the current configuration of the device ‘16A & pg. 17, lines 20-30, which discloses the management daemon determining the device’s configuration data);
performing in said device configuration manager a comparison of said current configuration information with stored configuration information (pg. 20, lines 30-35, which discloses comparing the current device configuration with a predetermined configuration);
providing the management commands to a second device agent to change the configuration state of the device (fig. 3, ’20 & pg. 13, lines 1-15, which disclose the device also including a controller for changing the device configuration to a secondary configuration upon determining that the configuration change is permissible).
Shenoy et al does not explicitly teach receiving in a device configuration manager, from a first device agent module executing on the device, current configuration information of the device; generating in response to said comparison if the current configuration is not permitted, in said device configuration manager, management commands.
However, Bigian et al further teaches receiving in a device configuration manager, from a first device agent module executing on the device, current configuration information of the device (fig. 4, ‘414/’415 & par [0042], lines 1-5, which discloses a configuration manager receiving current device configuration data); and
generating in response to said comparison if the current configuration is not permitted, in said device configuration manager, management commands (fig. 5, ‘508, par [0042], lines 1-6 & par [0044], lines 1-10, which disclose comparing the current configuration with prior configurations to determine if the configuration is invalid and generating configuration data in the event that the configuration is invalid & fig. 4, ‘404, fig. 5, ‘502/’504 & par [0044], lines 1-10, which disclose generating a configuration data file for validating a configuration if the current configuration was not validated in comparison to the previous configuration).
It would have been obvious to one of ordinary skill in the art, before the effective day of the invention, that one would be motivated to combine the teachings of Bigian et al within the teachings of Shenoy et al in order to improve upon authenticating device configuration by utilizing configuration templates for managing and updating device configuration (as disclosed par [0022], lines 1-10 of Bigian et al) in order to ensure that each device configuration is authenticated when compared to prestored templates while preventing potential malicious device configurations from being implemented, upon determining that a potential configuration invalid when compared to stored, authenticated configuration data.
Regarding claim 12, Shenoy et al and Bigian et al teach the limitations of claim 11.
Shenoy et al further teaches wherein:
the device configuration manager is communicatively coupled to a database containing said stored configuration information (Abstract, “configuration database”), said stored configuration information comprising permitted device configurations and operations (pg. 13, lines 1-4, “configuration change is permissible”), authorized applications and libraries (pg. 15, lines 32-43) and user permissions and rules (pg. 18, lines 41-42).
Regarding claim 14, Shenoy et al does not explicitly teach wherein said comparison comprises comparing permitted device configurations and operations to executing device configurations and operations using the current configuration information.
Bigian et al further teaches wherein said comparison comprises comparing permitted device configurations and operations to executing device configurations and operations using the monitored information (par [0040], lines 1-5, “comparing against the last deployment”).
It would have been obvious to one of ordinary skill in the art, before the effective day of the invention, that one would be motivated to combine the teachings of Bigian et al within the teachings of Shenoy et al according to the motivation disclosed regarding claim 11.
Regarding claim 17, Shenoy et al and Bigian et al teach the limitations of claim 11.
Shenoy et al further teaches wherein the device configuration manager is cloud-based (pg. 9, lines 23-25).
Regarding claim 18, Shenoy et al teaches an apparatus of securing a device executing program instructions (pg. 7, lines 21-25, which discloses a network device containing a configurable security feature), comprising:
a processor (pg. 16, lines 1-5, “programmable processor”);
a memory, communicatively coupled to the processor (pg. 15, lines 32-35, “includes one or more processors…coupled to a memory”), the memory storing processing instructions (pg. 15, lines 32-35) including processing instructions for:
the current configuration information generated from the first device agent module monitoring a configuration state of the device and execution of the program instructions (fig. 3, ‘118/’120 & pg. 16, lines 39-42, which disclose determining the current configuration of the device ‘16A & pg. 17, lines 20-30, which discloses the management daemon determining the device’s configuration data);
performing in said device configuration manager a comparison of said current configuration information with stored configuration information (pg. 20, lines 30-35, which discloses comparing the current device configuration with a predetermined configuration);
providing, the management commands to a second device agent to change the configuration state of the device (fig. 3, ’20 & pg. 13, lines 1-15, which disclose the device also including a controller for changing the device configuration to a secondary configuration upon determining that the configuration change is permissible).
Shenoy et al does not explicitly teach receiving in a device configuration manager, from a first device agent module executing on the device, current configuration information; generating, in said device configuration manager in response to said comparison if the current configuration is not permitted, management commands.
However, Bigian et al further teaches receiving in a device configuration manager, from a first device agent module executing on the device, current configuration information (fig. 4, ‘414/’415 & par [0042], lines 1-5, which discloses a configuration manager receiving current device configuration data); and
generating, in said device configuration manager in response to said comparison if the current configuration is not permitted, management commands (fig. 5, ‘508, par [0042], lines 1-6 & par [0044], lines 1-10, which disclose comparing the current configuration with prior configurations to determine if the configuration is invalid and generating configuration data in the event that the configuration is invalid & fig. 4, ‘404, fig. 5, ‘502/’504 & par [0044], lines 1-10, which disclose generating a configuration data file for validating a configuration if the current configuration was not validated in comparison to the previous configuration).
It would have been obvious to one of ordinary skill in the art, before the effective day of the invention, that one would be motivated to combine the teachings of Bigian et al within the teachings of Shenoy et al in order to improve upon authenticating device configuration by utilizing configuration templates for managing and updating device configuration (as disclosed par [0022], lines 1-10 of Bigian et al) in order to ensure that each device configuration is authenticated when compared to prestored templates while preventing potential malicious device configurations from being implemented, upon determining that a potential configuration invalid when compared to stored, authenticated configuration data.
Regarding claim 19, Shenoy et al does not explicitly teach wherein said comparison comprises comparing permitted device configurations and operations to executing device configurations and operations using the monitored information.
Bigian et al further teaches wherein said comparison comprises comparing permitted device configurations and operations to executing device configurations and operations using the monitored information (par [0040], lines 1-5, “comparing against the last deployment”).
It would have been obvious to one of ordinary skill in the art, before the effective day of the invention, that one would be motivated to combine the teachings of Bigian et al within the teachings of Shenoy et al according to the motivation disclosed regarding claim 17.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RANDY A SCOTT/Primary Examiner, Art Unit 2439
20260417