DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 1/29/2026 has been entered.
Response to Arguments
Applicant’s arguments, see pages 6-9, filed 1/29/2026, with respect to the rejection of claims 1, 8, and 15 under 35 USC 102(a)(2) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of REITSMA et al (Doc ID US 20170353308 A1) and PRICE et al (Doc ID US 20200195693 A1).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.
Claims 5-7, 12-14, 19, and 20 are rejected under 35 U.S.C. 112(d) as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.
Regarding claims 5-7, 12-14, 19, and 20:
The claim fails to further limit the depended-on claim because they are each ultimately dependent on a cancelled claim (claims 4, 11, and 18).
Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over MAHABIR et al (Doc ID US 20170346824 A1), and further in view of REITSMA et al (Doc ID US 20170353308 A1) and PRICE et al (Doc ID US 20200195693 A1).
Regarding claim 1:
MAHABIR teaches:
A method comprising: identifying an elevated risk factor of an endpoint device on a computing network according to one or more characteristics of the endpoint device ([0157] "At 330, the RAS 105 may determine a device risk level for the mobile device …");
automatically updating a group of devices having an elevated risk level to include the endpoint device having the elevated risk factor ([0166] "… Mobile devices having device risk levels greater than the network acceptable risk level may be identified as high risk devices.");
restricting access by the group of endpoint devices identified as having the elevated risk level to one or more computing systems and/or computing applications accessible on the computing network based on the elevated risk level ([0166] "At 335, the RAS 105 may prevent high risk devices from accessing the organizational network.").
REITSMA teaches the following limitation(s) not taught by MAHABIR:
identifying a user associated with the endpoint device having the elevated risk factor ([0033] "Upon determining that its security is compromised, the first communication device 105 generates a security status (at block 415) .... The security status may include … a user identifier …");
identifying one or more additional endpoint devices on the computing network associated with the identified user ([0033] "… the first and second communication devices 105, 110 may include the same user identifier but different device identifiers.");
Determining a device’s risk factor, including the device in a group of devices with a similar risk factor, and restricting access to a group of devices based on the risk factor are known techniques in the art, as demonstrated by MAHABIR. Further, identifying a user associated with a device and identifying other devices associated with that user are known techniques in the art, as demonstrated by REITSMA. It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to modify the security policy for elevated-risk devices of MAHABIR with the user-associated device identification of REITSMA with the motivation to extend the risk score of a device to other devices used by the same user, which may also be at risk of compromise.
PRICE teaches the following limitations not taught by the combination of MAHABIR and REITSMA:
including the one or more additional endpoint devices in the group of endpoint devices identified as having the elevated risk level ([0160] "… User “D” has a security risk score of 75, at time t0. The policy assignment system has determined that User “D” has a security score falling within a third predetermined range (e.g., 61-79). ... Accordingly, Group Policy III is communicated for enforcement at the devices associated with User “D”."); and
Including other devices associated with a user in a group governed by a policy based on a risk score associated with the user is a known technique in the art, as demonstrated by PRICE. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the security policy for elevated-risk devices of MAHABIR and REITSMA with the extended device grouping of PRICE with the motivation to group any devices, which are associated with a compromised device through their user, into a single group to prevent any user-originated actions from compromising further devices.
Regarding claim 8:
MAHABIR teaches:
An apparatus comprising: a processor; and a memory configured to store instructions that, when executed by the processor, cause the processor to ([0112] "Processor 232 is coupled ... to memory 236. … Non-volatile memory stores … computer-executable instructions, … for execution by processor 232 as needed."):
The remainder of this claim’s limitations are mapped and rejected with the same justification, mutatis mutandis, as its counterpart claim 1.
Regarding claim 15:
This claim is rejected with the same justification, mutatis mutandis, as its counterpart claims 1 and 8 above.
Claims 2, 9, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over MAHABIR et al (Doc ID US 20170346824 A1), REITSMA et al (Doc ID US 20170353308 A1), and PRICE et al (Doc ID US 20200195693 A1) as applied to claims 1, 8, and 15 above, and further in view of ABRAMOWITZ (Doc ID US 20160112445 A1).
Regarding claim 2:
The combination of MAHABIR, REITSMA, and PRICE teaches:
The method of claim 1,
ABRAMOWITZ teaches the following limitations not taught by the combination of MAHABIR, REITSMA, and PRICE:
wherein the one or more characteristics of the endpoint device includes a version of an installed operating system being out of date ([0052] "... the technology can determine that an asset with an old version of an operating system having known vulnerabilities ... has a high risk assessment value (e.g., 0.95) …").
Considering an out-of-date operating system (OS) to be indicative of an elevated risk to a device is a known technique in the art, as demonstrated by ABRAMOWITZ. It would have been obvious to a person having ordinary skill in the art (PHOSITA) before the effective filing date of the claimed invention to modify the security policy for elevated-risk devices of MAHABIR, REITSMA, and PRICE with the current OS check of ABRAMOWITZ with the motivation to add specific functionality to the system which considers an out-of-date OS to indicate elevated risk for the device. It is obvious to use the currency of an OS as an indicator, as an out-of-date OS will often contain well-known vulnerabilities which may be exploited.
Regarding claims 9 and 16:
These claims are rejected with the same justification, mutatis mutandis, as their counterpart claim 2 above.
Claims 3, 5-7, 10, 12-14, 17, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over MAHABIR et al (Doc ID US 20170346824 A1), REITSMA et al (Doc ID US 20170353308 A1), and PRICE et al (Doc ID US 20200195693 A1) as applied to claims 1, 8, and 15 above, and further in view of RICAFORT et al (Doc ID US 20160050224 A1).
Examiner notes that claims 5-7, 12-14, 19, and 20 will be examined as though they were drafted as dependent on their independent claims, and with the assumption of a forthcoming amendment.
Regarding claim 3:
The combination of MAHABIR, REITSMA, and PRICE teaches:
The method of claim 1,
RICAFORT teaches the following limitations not taught by the combination of MAHABIR, REITSMA, and PRICE:
wherein the one or more characteristics of the endpoint device includes a geolocation of the endpoint device ([0029] "… the risk score may be based on a mismatch between a geographic location of devices associated with the enterprise network 122 …").
Considering the geolocation of a device to be potentially indicative of an elevated risk to a device is a known technique in the art, as demonstrated by RICAFORT. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the security policy for elevated-risk devices of MAHABIR, REITSMA, and PRICE with the geolocation check of RICAFORT with the motivation to add specific functionality to the system which considers an whether a geolocation indicates elevated risk for the device. It is obvious to consider the geolocation of a device as a potential indicator, as many devices may have an expected location, where a deviation from this expectation is an indicator of compromise.
Regarding claim 5:
The combination of MAHABIR, REITSMA, and PRICE teaches:
The method of claim 4,
RICAFORT teaches the following limitations not taught by the combination of MAHABIR, REITSMA, and PRICE:
further comprising: disabling user credentials associated with the user on one or more computing systems and/or computing applications accessible on the computing network based on the elevated risk factor ([0040] "… The monitoring device 150 may also automatically restrict access to the resources of the enterprise network 122 and/or block communications from … the user of the user devices.").
Preventing a user of a compromised device from accessing network resources is a known technique in the art, as demonstrated by RICAFORT. It would have been obvious to a PHOSITA before the effective filing date of the claimed invention to modify the security policy for elevated-risk devices of MAHABIR, REITSMA, and PRICE with the user-blocking policy of RICAFORT with the motivation to protect a network from compromise by additional untracked devices. It is obvious to block access of a user of a compromised device as they may also attempt access with a previously unidentified device which may also be compromised.
Regarding claim 6:
The combination of MAHABIR, REITSMA, and PRICE teaches:
The method of claim 5, further comprising: remediating the elevated risk factor associated with the group of endpoint devices (MAHABIR [0170] "The RAS 105 may also transmit notifications to the mobile device … when an updated device risk level is identified. These notifications to user may identify corrective actions for the user to reduce the updated device risk level …").
Regarding claim 7:
The combination of MAHABIR, REITSMA, and PRICE teaches:
The method of claim 6, further comprising: returning, in response to remediating the elevated risk factor, the group of endpoint devices to a membership status (MAHABIR [0170] "… Once the user has taken the corrective actions, the RAS 105 may again determine an updated device risk level, and may automatically approve the device to access the network if the updated device risk level is suitable.").
Regarding claims 10, 12-14, 17, 19, and 20:
These claims are rejected with the same justification, mutatis mutandis, as their counterpart claims 3 and 5-7 above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON BINCZAK whose telephone number is (703)756-4528. The examiner can normally be reached M-F 0800-1700.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached on (571) 270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BB/Examiner, Art Unit 2437
/BENJAMIN E LANIER/Primary Examiner, Art Unit 2437