DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 13 February 2026 has been received and considered.
Claims 1, 2, and 4-20 are pending.
This Action is Final.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 4, 6, 8, 10-12, 14, 16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Rangamani et al. (US 7891000) in view of Ward (US 20070056020) and further in view of Hecht et al. (US 10148701) and Banginwar (US 20030195957).
As per claims 1, 10, and 18, Rangamani et al. discloses a system, medium (see Fig. 1 numeral 16 showing components that include processors and memory/media), and method comprising:
determining a type of entity to be monitored on a network (see column 4 lines 51-62 and column 5 line 61 through column 6 line 10 where the specific group, i.e. type, of entity is selected for monitoring);
monitoring, by a processing device, one or more entities on the network based on the type of entity to be monitored (see column 4 line 63 through column 5 line 11 the monitoring of activity and storage of activity).
Rangamani et al. fails to explicitly disclose polling the one or more entities according to a policy; determining, based on the polling, that an entity of the one or more entities is not compliant with the policy; and restricting access of the entity to the network based on the policy.
However, Ward teaches polling the one or more entities according to a policy; determining, based on the polling, that an entity of the one or more entities is not compliant with the policy; and restricting access of the entity to the network based on the policy (see paragraphs [0023]-[0025] where polling is performed either incrementally or continuously, i.e. a policy for polling, and based on non-compliance the network is restricted according to a policy).
At a time before the effective filing date, of the invention, it would have been obvious to one of ordinary skill in the art to include the polling for compliance of Ward in the Rangamani et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to ensure all entities are running valid protection thereby improving security of the network.
While the modified Rangamani et al. and Ward system discloses polling entities according to a policy, there lacks an explicit teaching that the polling is for access permission information according to a policy.
However, Hecht et al. teaches polling entities for access permission information according to a policy (see column 6 line 49 through column 7 line 49 and column 9 lines 4-15 and column 14 line 60 through column 15 line 63).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to poll for permission information in the modified Rangamani et al. and Ward system.
Motivation to do so would have been to enforce least-privilege policies for access to network resources (see Hecht et al. column 9 lines 1-15).
While the modified Rangamani et al., Ward, and Hecht et al. system generally discloses the use of IP addresses to filter collected data (see Rangamani et al. column 7 line 56 through column 8 line 2), there lacks an explicit recitation of scanning the network based on an internet protocol (IP) range configuration to determine one or more entities that match the type.
However, Banginwar teaches scanning the network based on an internet protocol (IP) range configuration to determine one or more entities that match the type (see paragraph [0032] where each proxy has a different range of IP addresses from which specific types of devices are returned).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to scan ranges or IP addresses to determine that entities to be monitored in the modified Rangamani et al., Ward, and Hecht et al. system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to split the network scanning among different devices thereby making the scanning more efficient.
As per claims 2, 11, and 19, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system discloses the type of entity is selected from endpoint and non-endpoint entities (see Rangamani et al. column 5 line 61 through column 6 line 10 servers v. desktops).
As per claims 12, and 20, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system discloses performing an action on an entity of the one or more entities based on a policy (see Rangamani et al. column 5 lines 50-60 where uninstalling applications with open ports is a policy that is implemented based on the received report data and Ward paragraph [0025]).
As per claim 4, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system discloses the type of entity is independent of at least one of an IP address or a media access control (MAC) address (see Rangamani et al. column 5 line 61 through column 6 line 10 where the type of device or configuration of the device is used).
As per claims 6 and 14, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system discloses monitoring entities with storage (see Rangamani et al. column 4 line 63 through column 5 line 11), but fails to explicitly disclose the storage is a cloud based storage resource. However, Official Notice is taken that at a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to include a cloud based storage resource as part of the monitored entities in the modified Rangamani et al., Ward, Hecht et al., and Banginwar system in order to allow for more widespread monitoring thereby increasing the robustness of the system.
As per claims 8 and 16, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system discloses the one or more entities comprises a network device configuration (see Rangamani et al. column 5 line 61 through column 6 line 10 the selection of servers configured to fun Apache).
Claims 5, 7, 13, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over the modified Rangamani et al., Ward, Hecht et al., and Banginwar system as applied to claims 1 and 10 above, in view of Iyer et al. (US 20180052994).
As per claims 5 and 13, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system generally discloses polling accounts on a network (see Hecht et al. column 6 lines 24-48), but fails to explicitly disclose monitoring entities that are accounts.
However, Iyer et al. teaches monitoring accounts on a network (see paragraph [0077]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to monitor accounts in the modified Rangamani et al., Ward, Hecht et al., and Banginwar system.
Motivation to do so would have been to assess risks of a security threat of account entities (see Iyer et al. paragraph [0077]).
As per claims 7 and 15, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system discloses monitoring to detect security weaknesses (see column 5 lines 50-60 where open ports are a security weakness), but fails to explicitly monitor indicators of compromise.
However, Iyer et al. teaches the use of indicators or compromise (see paragraphs [0077]-[0083], [0100], [0120], [0134]-[0137], and [0193]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to monitor indicators of compromise in the modified Rangamani et al., Ward, Hecht et al., and Banginwar system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to monitor for exploits on the network.
Claims 9 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over the modified Rangamani et al., Ward, Hecht et al., and Banginwar system as applied to claims 1 and 10 above, in view of Lingen (US 20120173704).
As per claims 9 and 17, the modified Rangamani et al., Ward, Hecht et al., and Banginwar system discloses disclose scanning the network for a plurality of entities, but communicating with a plurality of devices, wherein each of the plurality of devices comprises at least one entity matching the type.
However, Lingen teaches communicating with a plurality of devices, wherein each of the plurality of devices comprises at least one entity matching the type (see paragraphs [0029]-[0031]).
At a time before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to scan for the entities of the modified Rangamani et al., Ward, Hecht et al., and Banginwar system.
Motivation, as recognized by one of ordinary skill in the art, to do so would have been to allow the system to be more robust by detecting new entities that match the type to be monitored.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 2 and 4-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: the remaining references put forth on the PTO-892 form are directed to monitoring entities on a network.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J PYZOCHA whose telephone number is (571)272-3875. The examiner can normally be reached Monday-Thursday 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571) 270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Michael Pyzocha/ Primary Examiner, Art Unit 2409