APPLICATION MONITORING PRIORITIZATION

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION 1. This action is in response to the amendment and argument field on 30 October 2025. 2. Claims 1, 9 and 17 have been amended. 3. Claims 1-20 remain Pending and Rejected. Responses to the Argument 4. The applicant’s arguments filed on 30 October 2025 are moot in view of new ground of rejection rendered. Claim Rejections - 35 USC § 103 5. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C §103 as being unpatentable over Hasan Cam (US Publication No. 20160248794), hereinafter Cam and in view of Chen et al. (US Publication No. 20090077666), hereinafter Chen and in view of Hudis et al. (US Publication No. 20080229422), hereinafter Hudis. Regarding claim 1: Cam in view Chen does not explicitly suggest, detecting an endpoint is compromised, wherein the endpoint is one of a plurality of endpoints in a network is compromised; however, in a same field of endeavor Hudis discloses this limitation (Hudis, ¶5-6, Table 1, ¶39). It would have been obvious to one of ordinary skill in the art at the time the invention filed to include the method of Cam in view of Chen with the method of identifying compromised node/device disclosed in Hudis so that detected incident at one endpoint triggers responses at multiple other endpoints, stated by Hudis at para.73-76. determining a first ranking of a first endpoint of the plurality of endpoints, wherein the first ranking is determined by metadata defining a criticality of the first endpoint to a network (Cam, ¶22-23). determining a second ranking of a second endpoint of the plurality of endpoints, wherein the second ranking is determined by metadata defining a criticality of the second endpoint to the network (Cam, ¶20, abstract). Cam does not explicitly suggest, comparing the first ranking and the second ranking to determine which endpoint has a greater criticality however, in a same field of endeavor Hudis discloses this limitation (Chen, ¶99, ¶179). and in response to the comparing, performing an operation on one of the first endpoint or the second endpoint with the greater criticality (Cam, ¶21). It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of determining critical node/endpoint of Cam with ranking compromised node of Chen to improve system security, the security manager identified three alternative plans: 1) patch server X and harden its Operating System, stated by Cam at para. 107. Regarding claim 2: further comprising: in response to the first ranking being greater than the second ranking, the operation including triaging the first endpoint (Cam, ¶64). Regarding claim 3: further comprising: in response to the second ranking being greater than the first ranking, the operation including triaging the second endpoint (Cam, ¶30-31). Regarding claim 4: further comprising: in response to the first ranking and the second ranking being substantially equal, the operation including a tie-breaker process including: determining, based on a first value of the first endpoint and a second value of the second endpoint, that one of the first endpoint and the second endpoint is a higher priority endpoint; and triaging the higher priority endpoint (Cam, ¶62-63). Regarding claim 5: wherein determining the first ranking and the second ranking are performed via machine learning (Cam, ¶32). Regarding claim 6: Cam in view Chen does not explicitly suggest, further comprising: detecting a compromised endpoint; however, in a same field of endeavor Hudis discloses this limitation (Hudis, ¶5-6, Table 1, ¶39). Same motivation for combining the respective features of Cam in view Chen and Hudis applies herein, as discussed in the rejection of claim 1. Regarding claim 7: wherein the detecting of the compromised endpoint includes analyzing flow data from a plurality of sensors associated with the compromised endpoint (Cam, ¶56). Regarding claim 8: wherein the comprised endpoint is either misconfigured, hacked, insecure or running malicious or unauthorized code (Cam, ¶21). Regarding claim 9: at least one processor (Cam, ¶27). and at least one memory including instructions that when executed by the at least one processor, cause the system to (Cam, ¶28): Cam in view Chen does not explicitly suggest, detecting an endpoint is compromised, wherein the endpoint is one of a plurality of endpoints in a network is compromised; however, in a same field of endeavor Hudis discloses this limitation (Hudis, ¶5-6, Table 1, ¶39). It would have been obvious to one of ordinary skill in the art at the time the invention filed to include the method of Cam in view of Chen with the method of identifying compromised node/device disclosed in Hudis so that detected incident at one endpoint triggers responses at multiple other endpoints, stated by Hudis at para.73-76. determine a first ranking of a first endpoint of the plurality of endpoints, wherein the first ranking is determined by metadata defining a criticality of the first endpoint to a network (Cam, ¶22-23). determine a second ranking of a second endpoint of the plurality of endpoints, wherein the second ranking is determined by metadata defining a criticality of the second endpoint to the network (Cam, abstract, ¶20). Cam does not explicitly suggest, comparing the first ranking and the second ranking to determine which endpoint has a greater criticality however, in a same field of endeavor Hudis discloses this limitation (Chen, ¶99, ¶179). and in response to the comparing, perform an operation on one of the first endpoint or the second endpoint with the greater criticality (Cam, ¶21). It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of determining critical node/endpoint of Cam with ranking compromised node of Chen to improve system security, the security manager identified three alternative plans: 1) patch server X and harden its Operating System, stated by Cam at para. 107. Regarding claim 10: further comprising: in response to the first ranking being greater than the second ranking, the operation including triaging the first endpoint (Cam, ¶64). Regarding claim 11: further comprising: in response to the second ranking being greater than the first ranking, the operation including triaging the second endpoint (Cam, ¶30-31). Regarding claim 12: further comprising: in response to the first ranking and the second ranking being substantially equal, the operation including a tie-breaker process including additional instructions that when executed by the at least one processor, cause the system to: determine, based on a first value of the first endpoint and a second value of the second endpoint, that one of the first endpoint and the second endpoint is a higher priority endpoint; and triage the higher priority endpoint (Cam, ¶62-63). Regarding claim 13: wherein determining the first ranking and second ranking are performed via machine learning (Cam, ¶32). Regarding claim 14: Cam in view Chen does not explicitly suggest,, further comprising instructions that when executed by the at least one processor, cause the system to:detect a compromised endpoint; however, in a same field of endeavor Hudis discloses this limitation (Hudis, ¶5-6, Table 1, ¶39). Same motivation for combining the respective features of Cam in view Chen and Hudis applies herein, as discussed in the rejection of claim 1. Regarding claim 15: wherein the detecting of the compromised endpoint includes analyzing flow data from a plurality of sensors associated with the compromised endpoint. (Cam, ¶56). Regarding claim 16: wherein the comprised endpoint is either misconfigured, hacked, insecure or running malicious or unauthorized code (Cam, ¶21). Regarding claim 17: At least one non-transitory computer-readable medium having computer readable instructions that, when executed by at least one processor, cause the at least one processor to:(Cam, ¶28): Cam in view Chen does not explicitly suggest, detect an endpoint is compromised, wherein the endpoint is one of a plurality of endpoints in a network; however, in a same field of endeavor Hudis discloses this limitation (Hudis, ¶5-6, Table 1, ¶39). It would have been obvious to one of ordinary skill in the art at the time the invention filed to include the method of Cam in view of Chen with the method of identifying compromised node/device disclosed in Hudis so that detected incident at one endpoint triggers responses at multiple other endpoints, stated by Hudis at para.73-76. determine a first ranking of a first endpoint of the plurality of endpoints, wherein the first ranking is determined by metadata defining a criticality of the first endpoint to a network (Cam, ¶22-23). determine a second ranking of a second endpoint of the plurality of endpoints, wherein the second ranking is determined by metadata defining a criticality of the second endpoint to the network (Cam, abstract, ¶20). Cam does not explicitly suggest, compare the first ranking and the second ranking to determine which endpoint has a greater criticality however, in a same field of endeavor Hudis discloses this limitation (Chen, ¶99, ¶179). and in response to the comparing, perform an operation on one of the first endpoint or the second endpoint with the greater criticality (Cam, ¶21). It would have been obvious to one of ordinary skill in the art at the time the invention was filed to include the method of determining critical node/endpoint of Cam with ranking compromised node of Chen to improve system security, the security manager identified three alternative plans: 1) patch server X and harden its Operating System, stated by Cam at para. 107. Regarding claim 18: further comprising: in response to the first ranking being greater than the second ranking, the operation including triaging the first endpoint (Cam, ¶64). Regarding claim 19: further comprising: in response to the second ranking being greater than the first ranking, the operation including triaging the second endpoint (Cam, ¶30-31). Regarding claim 20: further comprising: in response to the first ranking and the second ranking being substantially equal, the operation including a tie-breaker process including additional instructions that when executed by the at least one processor, cause the at least one processor to: determine, based on a first value of the first endpoint and a second value of the second endpoint, that one of the first endpoint and the second endpoint is a higher priority endpoint; and triage the higher priority endpoint (Cam, ¶62-63). Conclusion 6. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure (See form “PTO-892 Notice of reference cited). Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONJUR RAHIM whose telephone number is (571)270-3890. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Monjur Rahim/ Patent Examiner United States Patent and Trademark Office Art Unit: 2436; Phone: 571.270.3890 E-mail: monjur.rahim@uspto.gov Fax: 571.270.4890