DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant's arguments filed 01/30/2026 have been fully considered but they are not persuasive.
A – Applicant argues:
For example, the qtip tool attempts a Microsoft "null account" login and, if successful, retrieves configuration policy information such as user/share names and password policy parameters; the gbg/dotmatrix tools grab service banners to identify application implementations and versions; nikto probes web servers for suspicious directories/files and can extract certificate information from an HTTPS server; and nessus is a generic vulnerability scanner. None of these tools are a disclosure of collecting cryptography configuration information for a network function (NF), as recited in Claim 1. The fact that nikto "extracts certificate information" as part of its web scanning does not transform Green into a system that collects cryptographic configuration of an NF; Green nowhere frames its data collection as a cryptography configuration inventory of cryptography information such as algorithms, cipher suites, protocol versions, key sizes, certificates, or key stores for a given NF, and thus does not teach or suggest same.
Equally important, Green's reporting artifacts are vulnerability-centric. Green's report generator produces uniform reports that classify potential vulnerabilities with descriptors such as low, medium, high, informational, or administrative risk and includes remediation suggestions.
See Green at paras. [0017]-[0018]. Green's client environment database stores scan parameters and the results of scans such as exposed systems and services, activity logs and related entries. See Green at paras. [0038], [0075]-[0077]. There is no disclosure of determining a cryptography status report comprising a determined cryptography state for a NF, as recited in Claim 1.
To the extent the Office Action points to paragraph [0089] of Green as teaching collecting cryptography configuration information for a NF and determining a cryptography status report for the NF, that paragraph concerns authentication/access control policy and banner identification, not cryptographic configuration information. Paragraph [0089] merely discusses password policy settings like minimum password length or account lockout, which are access control parameters and do not correspond structurally or functionally to the claim's recitation of collecting "cryptography configuration information for the NF," nor do they evidence any "cryptography status report" or "cryptography state."
A – The Examiner respectfully disagrees:
Green, paragraph 89 does describe cryptographic configuration information, specifically “information security policy settings, such as pass-word policies (e.g., minimum password length, interval for password lifetime, requirements for account lockout on repeated failed logins)…” for a user, which meets the limitations of claim 1 (and 10 and 19) relating to scanning, collecting and determining a status report which gives the state for the NF. Therefore the rejection is maintained.
A – Applicant argues:
Moore does not cure these deficiencies. Moore fails to teach or suggest "storing, in a database, the cryptography status report; analyzing the stored cryptography status report, and determining a type of determined cryptography state for the NF," as recited in Claim 1. For example, Moore merely discusses an agent-based security tool that can establish a virtual network interface or VPN and execute security testing using a vulnerability database that stores exploits, application programs, and commands used by the security tool. See Moore at paras. [0032]-[0036]. Moore thus shows, at most, that a security system can store and analyze security-related data, but Moore does not teach or suggest storing and analyzing a cryptography status report, nor determining a type of determined cryptography state, as recited in Claim 1.
A – The Examiner respectfully disagrees:
Moore in paragraphs 33, 42 stores and retrieves information and analyzes the retrieved information from the vulnerability database, thereby showing storing and analyzing the gathered information. Therefore the rejection is maintained.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 6, 10, 15, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Green et al., (US Publication No. 2004/0193918), hereinafter “Green”, and further in view of Moore, (US Publication No. 2012/0240235), and further in view of O’Connell et al., (US Publication No. 2007/0239604), hereinafter “O’Connell”).
Regarding claims 1, 10, 19 Green discloses
scanning a network for information related to a network function (NF) [Green, paragraph 89];
collecting, based on the scanning, cryptography configuration information for the NF [Green, paragraph 89];
determining, based on the collected cryptography configuration information, a cryptography status report, the cryptography status report comprising a determined cryptography state for the NF [Green, paragraph 89];
Green does not specifically disclose, however Moore teaches
storing, in a database, the cryptography status report [Moore, paragraphs 33, 42];
analyzing the stored cryptography status report, and determining a type of determined cryptography state for the NF [Moore, paragraphs 33, 42]; and
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include storing data in a database and analyzing the information in order to provide results for the gathered data. It would have been obvious to combine with Moore as all arts relate to a similar concept.
Green-Moore does not specifically disclose, however O’Connell teaches
causing performance of a next action of the NF based on the type of determined cryptography state [O’Connell, paragraph 57].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include requiring a password change based on an analyzation of data in order to protect the security of the system and users. It would have been obvious to combine with O’Connell as all arts relate to a similar concept.
Regarding claims 6, 15, Green-Moore-O’Connell further discloses
wherein the type of cryptography state for the NF comprises at least one of post-quantum cryptography (PQC) compliant, partially compliant, or non-compliant [Moore, paragraphs 33, 42].
Claim Rejections - 35 USC § 103
Claim(s) 2-3, 9, 11-12, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Green-Moore-O’Connell as applied to claims 1, 10 above, and further in view of Olalere, (US Publication No. 2021/0297441), hereinafter “Olalere”.
Regarding claims 2, 11, Green-Moore-O’Connell does not specifically disclose, however Olalere teaches
receiving, over the network, a request for the cryptography status report, the request comprising instructions for verifying reception of the request and digitally signing the cryptography status report [Olalere, paragraph 259].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include digitally signing a report in order to protect the report and information within the report. It would have been obvious to combine with Olalere as all arts relate to a similar concept.
Regarding claims 3, 12, Green-Moore-O’Connell-Olalere further discloses
storing the cryptography status report based on verification of the cryptography status report based on the digital signing of the cryptography status report [Olalere, paragraph 259].
Regarding claims 9, 18, Green-Moore-O’Connell-Olalere further discloses
wherein the storage of the cryptography status report [Olalere, paragraph 259] comprises updating entries into the database for the NF [Moore, paragraphs 33, 42].
Claim(s) 7, 16, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Green-Moore-O’Connell as applied to claims 6, 15 above, and further in view of Nix, (US Publication No. 2020/0280436), hereinafter “Nix”.
Regarding claims 7, 16, Green-Moore-O’Connell does not specifically disclose, however Nix teaches
wherein the determined cryptography state is further based on cryptography policy that corresponds to at least one of a classical algorithm, a post-quantum algorithm, or a hybrid cryptography algorithm [Nix, paragraphs 5, 74, 84].
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to include various types of algorithms in order to provide security for the system. It would have been obvious to combine with Nix as all arts relate to a similar concept.
Regarding claim 20, Green-Moore-O’Connell-Nix further discloses
wherein the type of cryptography state for the NF comprises at least one of post-quantum cryptography (PQC) compliant, partially compliant and non-compliant [Moore, paragraphs 33, 42], wherein the determined cryptography state is further based on cryptography policy that corresponds to at least one of a classical algorithm, post-quantum algorithm, hybrid cryptography algorithm [Nix, paragraphs 5, 74, 84].
Allowable Subject Matter
Claims 4-5, 8, 13-14, 17 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM J GOODCHILD whose telephone number is (571)270-1589. The examiner can normally be reached M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/William J. Goodchild/Primary Examiner, Art Unit 2433