DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
2. The Amendment filed on November 11, 2025 has been entered. The examiner acknowledges the amendments to claims 1, 11, and 16.
Rejections under 35 U.S.C. § 101: Applicant argues that a claim does not recite a mental process when it contains limitations that cannot practically be performed in the human mind, and thus are no longer mental processes. The Examiner will point out that adding the numbers from 1 to 454 cannot be practically performed in the human mind, yet simple addition is a mental process and employing a computer to practically perform the function much faster and on a larger scale should not obfuscate the underlying mental process being employed. Generic computing devices that facilitate the abstract concept is not enough to confer statutory subject matter eligibility. MPEP 2106.04(d) provides guidance for integrating a judicial exception into a practical application. Some of that guidance includes demonstrating an improvement to the functioning of a computer, or implementing a judicial exception with a particular machine or manufacture that is integral to the claim, or using the judicial exception in some other meaningful way beyond generally linking the use of the exception to a particular technological environment. These are often demonstrated through the application of the additional elements as part of the invention.
In the present case of onboarding an endpoint device, the improvement to the functioning of a computer is not apparent. Application of the judicial exception with a particular machine integral to the claim is not apparent, as the invention appears to prepare the new singular endpoint device to onboard to the distributed network, performing an independent and decentralized function. This function appears to performing administrative tasks for ownership, records and configurations for the single device. It is not apparent that these functions go beyond simple information and verification processes, or calling and executing software processes per the provided protocols. This invention also appears to run software on a processor, or a case of “Apply it,” which does not constitute a practical application. In view of the absence of a means to demonstrate a practical application, the rejections under 35 U.S.C. § 101 will not be withdrawn.
Per the Applicant’s request, Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. The use of the AIR tool provides the most efficient way to schedule and coordinate both the interview reservation and future correspondence as may be appropriate.
Rejections under 35 U.S.C. § 103: Applicant’s amendments to the independent claims 1, 11, 16, disclose significant additional detail. Additional detail revealing the innovative and novel concepts employed and how they improve the technological environment are always beneficial. Additional search addresses the amendments to the extent that the amendments are explained. In view of the results of search, the arguments in favor of claims 1, 11, and 16 are not compelling as distinguishing features are not evident.
In view of the above, the request for withdrawal of these rejections under 35 U.S.C. § 103 is denied.
Claim Rejections – 35 U.S.C. § 101
35 U.S.C. § 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. § 101 because the claimed invention is directed to non-statutory subject matter. The claims, 1-20 are directed to a judicial exception (i.e., law of nature, natural phenomenon, abstract idea) without providing significantly more.
Step 1
Step 1 of the subject matter eligibility analysis per MPEP § 2106.03, required the claims to be a process, machine, manufacture or a composition of matter. Claims 1-20 are directed to a process (method), machine (system), and product/article of manufacture, which are statutory categories of invention.
Step 2A
Claims 1-20 are directed to abstract ideas, as explained below.
Prong one of the Step 2A analysis requires identifying the specific limitation(s) in the claim under examination that the examiner believes recites an abstract idea, and determining whether the identified limitation(s) falls within at least one of the groupings of abstract ideas of mathematical concepts, mental processes, and certain methods of organizing human activity.
Step 2A-Prong 1
The claims recite the following limitations that are directed to abstract ideas, which can be summarized as being directed to a method, the abstract idea, of managing the authority of endpoint devices in a distributed system through an onboarding process
Claim 1 discloses: A method for completing an onboarding to a deployment the method comprising:
establishing redirection to manage the onboarding to the deployment, (following rules or instructions, observation, evaluation, judgment, opinion), the [redirection] being separate from and remote
establishing, upon being redirected and obtaining, one or more work orders, each of the one or more work orders comprising one or more operations to be executed to complete an onboarding, (following rules or instructions, observation, evaluation, judgment, opinion),
obtaining one or more configuration policies that permit or bar execution of the one or more operations; and (following rules or instructions, observation, evaluation, judgment, opinion),
executing permitted ones of the one or more operations of the one or more work orders based on the one or more configuration policies to complete the onboarding, (following rules or instructions, observation, evaluation, judgment, opinion).
Additional limitations employ the method where work orders are associated with a current owner and configuration policies with a previous owner that delegated ownership to the current owner (observation, evaluation, judgement, opinion - claim 2), where the ownership voucher comprises delegation information from the previous to current owner and the configuration policies are one of the delegation information, (observation, evaluation, judgment, opinion – claim 3), validating an integrity of each work order using other delegation information based on the configuration policy, (observation, evaluation, judgment, opinion – claim 4), defining a first work order and a first operation, executing the permitted operations of the first work order based on the configuration policies comprising determining if at least one configuration policy bars execution of the first operation and if so skipping the first operation and if it is not barred, executing the first operation as part of completing the onboarding of the device, (observation, evaluation, judgment, opinion – claim 5), and obtaining a first work order being associated with the current owner of the device and a second work order associated with the previous owner and where executing the permitted operations includes generating a final work order based on the first and second work orders and the configuration policies wherein the final set of operations are executed to complete the onboarding of the device, (observation, evaluation, judgment, opinion – claim 6), where the one or more configuration policies permit or bar execution of only operations of the first set of operations, (observation, evaluation, judgment, opinion – claim 7), after obtaining the first and second work orders, validating both are trusted before generating the final work order, (observation, evaluation, judgment, opinion – claim 8), and where there is a conflict between the first and second operations, generating the final work order comprises determining that the configuration policies bar execution of the first operation and including the second operation in the final set of operations instead of the first operation, (observation, evaluation, judgment, opinion – claim 9), and wherein the first set of operation contains a third operation, the second set a fourth operation, and the third operation conflicts with the fourth operation, generating the final work order comprises determining that the configuration policies permit execution of the third operation and including the third operation in the final set of operations instead of the fourth operation, (observation, evaluation, judgment, opinion – claim 10).
Each of these claimed limitations employ mental processes involving judgement, observation, evaluation and opinion, or managing personal behavior, following rules or instructions.
Claims 11-20 recite similar abstract ideas as those identified with respect to claims 1-10.
Thus, the concepts set forth in claims 1-20 recite abstract ideas.
Step 2A-Prong 2
As per MPEP § 2106.04, while the claims 1-20 recite additional limitations which are hardware or software elements such as an endpoint device, a hardware processor, a network connection, a rendezvous system, an orchestrator, software and applications, hardware components, a non-transitory machine-readable medium, an endpoint device comprising a processor and a memory coupled to the processor, wherein executing the permitted ones of the one or more operations by the hardware processor causes the hardware processor to install one or more software and applications onto the endpoint device and/or to configure
parameters of one or more hardware components of the endpoint device including the hardware processor, these limitations are not sufficient to qualify as a practical application being recited in the claims along with the abstract ideas since these elements are invoked as tools to apply the instructions of the abstract ideas in a specific technological environment. The mere application of an abstract idea in a particular technological environment and merely limiting the use of an abstract idea to a particular technological field do not integrate an abstract idea into a practical application (MPEP § 2106.05 (f) & (h)).
Evaluated individually, the additional elements do not integrate the identified abstract ideas into a practical application. Evaluating the limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually.
The claims do not amount to a “practical application” of the abstract idea because they neither (1) recite any improvements to another technology or technical field; (2) recite any improvements to the functioning of the computer itself; (3) apply the judicial exception with, or by use of, a particular machine; (4) effect a transformation or reduction of a particular article to a different state or thing; (5) provide other meaningful limitations beyond generally linking the use of the judicial exception to a particular technological environment.
Accordingly, claims 1-20 are directed to abstract ideas.
Step 2B
Claims 1-20 do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination, do not amount to significantly more than the abstract idea.
The analysis above describes how the claims recite the additional elements beyond those identified above as being directed to an abstract idea, as well as why identified judicial exception(s) are not integrated into a practical application. These findings are hereby incorporated into the analysis of the additional elements when considered both individually and in combination.
For the reasons provided in the analysis in Step 2A, Prong 1, evaluated individually, the additional elements do not amount to significantly more than a judicial exception. Thus, taken alone, the additional elements do not amount to significantly more than a judicial exception.
Evaluating the claim limitations as an ordered combination adds nothing that is not already present when looking at the elements taken individually. In addition to the factors discussed regarding Step 2A, prong two, there is no indication that the combination of elements improves the functioning of a computer or improves any other technology. Their collective functions merely amount to instructions to implement the identified abstract ideas on a computer.
Therefore, since there are no limitations in the claims 1-20 that transform the exception into a patent eligible application such that the claims amount to significantly more than the exception itself, the claims are directed to non-statutory subject matter and are rejected under 35 U.S.C. § 101.
Claim Rejections 35 U.S.C. §103
The following is a quotation of 35 U.S.C. § 103 which forms the basis for all obviousness
rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1 is rejected under 35 U.S.C. § 103 as being taught by Smith, (US 11399285-B2),
hereafter Smith, “Secure Device Onboarding,” in view of Nguyen, (US 20220303338 A1), hereafter Nguyen, “Commissioning Distributed Control Nodes.”
Regarding Claim 1, A method for completing an onboarding of an endpoint device to a deployment comprising other endpoint devices, the method being executed by a hardware processor of the endpoint device and comprising: Smith teaches, (systems and methods for establishing network connectivity and onboarding, for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed, [Abstract], and these and like examples to a processor-based system shall be taken to include any set of one or more machines that are controlled by or operated by a processor, set of processors, or processing circuitry (e.g., a computer) to individually or jointly execute instructions to perform any one or more of the methodologies discussed herein, [21: 4-10]).
establishing a first network connection with a rendezvous system that is configured to redirect the endpoint device to an orchestrator configured to manage the onboarding of the endpoint device to the deployment, (receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; [27: 43-50], and the Device Owner Transfer Service (DOTS) 330—The network service (e.g., OCF Service) that implements the Zero-Touch OTM operations and interfaces with the Rendezvous Service 340 and the New Device 310), [10:21-25]), the rendezvous system being separate from and remote to the orchestrator; (In an example, the ZTOTM architecture depicted in FIG. 3 includes the New Device 310, three services (DOTS 330, Mediator Service 320, and Rendezvous Service 340), five interfaces (IF_A 305,IF_B 315, IF_C 325, IF_WES 345, and ZTOTM 335), and a Manifest file 350 that is obtained from the device manufacturer or supply chain 360, [10:9-14], and FIG. 3).
establishing, after terminating the first network connection with the rendezvous system upon being redirected by the rendezvous system to the orchestrator, a second network connection with the orchestrator; (the device (in the second step below) then uses this IP address and UUID to authenticate a second time to the mediator service who verifies the onboarding server is expecting a connection from the new device, [9: 5-9]), obtaining, from the orchestrator and after establishing the second network connection with the orchestrator, one or more work orders, each of the one or more work orders comprising one or more operations to be executed to complete an onboarding of the endpoint device; (FIG 18 illustrates a method for device attribute registration and verification using a blockchain, [20: 18-20], the flowchart 1800 then continues with request-verification operations based on the commitment. First, the verifying device (e.g., an owner device) requests the subject device attributes from an entity such as the subject device (operation 1830) and receives the proffered subject device attributes from the requested entity such as the subject device (operation 1840), [20: 34-40], Finally, network operations may be performed using the subject device attributes (operation 1870), based on a successful verification online, [20: 50-52]),
obtaining one or more configuration policies that permit or bar execution of the one or more operations; Smith does not teach, Nguyen teaches, (implementations are described herein for automatically discovering types and/or operational technology (OT) capabilities of devices such as distributed control nodes (DCNs) that are added to process automation networks, such as process automation networks that comply with open standards that allow for the integration of heterogeneous components from various vendors, [0017], and each DCN may include circuitry or logic 112 that may take various forms, such as processor(s) that execute instructions in memory, a field-programmable gate array (FPGA), an application-specific integrated circuit (ASIC), and so forth. Each DCN 110 may have a particular role to play in process automation network 106, [0026]),
and
executing permitted ones of the one or more operations of the one or more work orders based on the one or more configuration policies to complete the onboarding of the endpoint device, Smith teaches, (processing of security contexts in an IoT device interconnection setting through the use of a zero-touch IoT device onboarding using an authenticator obtained from a rendezvous service. For context, secure device onboarding often involves one or more touch points where security information is configured to overcome a variety of isolation barriers, [2; 57-63]), wherein executing the permitted ones of the one or more operations by the hardware processor causes the hardware processor to install one or more software and applications onto the endpoint device and/or to configure parameters of one or more hardware components of the endpoint device including the hardware processor. Smith does not teach, Nguyen teaches, (These types and/or (operational technology (OT) capabilities may include, for instance, software and hardware specifications, supported OT capabilities (e.g., protocol, signal types, control runtime engine, etc.), open standard conformance profiles, and so forth. In addition, techniques are proposed for automatically configuring devices based on the information collected during the discovery process, [0017]).
Smith and Nguyen are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding of Smith with the distributed infrastructure policy techniques of Nguyen to save time, effort, reduce human mistakes, and/or mitigate against occurrences of system downtime and/or failure, [0017].
Claims 11 and 16 are rejected for reasons corresponding to those provided for claim 1. In these claims, the addition of a non-transitory machine-readable medium having instructions stored there in (claim 11), and an endpoint device comprising a processor and a memory coupled to the processor, (claim 16), does not change the rational for the rejections under 35 U.S.C § 103 or the referenced prior art. (Smith teaches the instructions provided via the memory , the storage , or the processor may be embodied as a non-transitory, machine readable medium a system having non-transitory computer-readable media storing computer-executable instructions that, when executed by one or more processors, performs the techniques described above, Smith [26: 1-3]).
Claims 2-3 are rejected under 35 U.S.C. § 103 as being taught by Smith, (US 11399285-
B2), hereafter Smith, “Secure Device Onboarding,” in view of Nguyen, (US 20220303338 A1), hereafter Nguyen, “Commissioning Distributed Control Nodes,” in further view of Plenderleith (US 11102243 B1), hereafter Plenderleith, “Resource Address Resolution Based on Resource Ownership Change to Block Communications With Computing resources.”
Regarding claim 2, The method of claim 1, wherein the one or more work orders are associated with a current owner of the endpoint device, and the one or more configuration policies are associated with a previous owner of the endpoint device, Smith does not teach, Plenderleith teaches, (A system examines current ownership information associated with the resource instance in the computing environment and determines that the resource instance is potentially compromised based, at least in part, on a determination that the ownership information associated with the resource instance has changed from the owner identified in a historical record to a second owner, [Abstract]), that delegated ownership of the endpoint device to the current owner via an ownership voucher of the endpoint device, (FIG. 2 illustrates example operations for resolving requests to interact with a resource instance in a computing environment based on comparisons of historical ownership records and current ownership information associated with the resource instance, [1:24-28]).
Smith and Plenderleith are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding of Smith with the ownership configuration policy techniques of Plenderleith to prevent inadvertent communications with potentially compromised computing resources in the network, Plenderleith, [1:12-14].
Regarding claim 3, The method of claim 2, wherein the ownership voucher comprises delegation information associated with delegation of the endpoint device from the previous owner to the current owner, the one or more configuration policies being one of the delegation information. Smith does not teach, Plenderleith teaches, (Resource processor 122 can additionally use other information about the previous and current owners of resource instances to determine whether a resource instance is potentially compromised, [6:7-10], and
request processor 122 may configure firewalls or other security applications executing on client device 110 to block requests to communicate with potentially compromised resource instance 140. In another example, request processor 122 may freeze or otherwise disable potentially compromised resource instances 140 until request processor 122 receives information indicating that the resource instances 140 have been reverted back to their previous owners or otherwise is not a security risk, [6:22-34]).
Smith and Plenderleith are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding of Smith with the ownership records and configuration policy techniques of Plenderleith to prevent inadvertent communications with potentially compromised computing resources in the network, Plenderleith, [1:12-14].
Claims 12-13, and 17-18, are rejected for reasons corresponding to those provided for claims 2-3. In these claims, the addition of a non-transitory machine-readable medium having instructions stored there in (claims 12-13), and an endpoint device comprising a processor and a memory coupled to the processor, (claims 17-18), does not change the rational for the rejections under 35 U.S.C § 103 or the referenced prior art. (Smith teaches the instructions provided via the memory , the storage , or the processor may be embodied as a non-transitory, machine readable medium a system having non-transitory computer-readable media storing computer-executable instructions that, when executed by one or more processors, performs the techniques described above, Smith [26: 1-3]).
Claim 4 is rejected under 35 U.S.C. § 103 as being taught by Smith, (US
11399285-B2), hereafter Smith, “Secure Device Onboarding,” in view of Nguyen, (US 20220303338 A1), hereafter Nguyen, “Commissioning Distributed Control Nodes,” in further view of Plenderleith (US 11102243 B1), hereafter Plenderleith, “Resource Address Resolution Based on Resource Ownership Change to Block Communications With Computing resources,” in further view of Warkhedi, (US 11522755 B1), hereafter Warkhedi, “Automated Provisioning of Endpoint Devices With Management Connectivity.”
Regarding claim 4, The method of claim 3, further comprising:
after obtaining the one or more work orders and before executing the permitted ones of the one or more operations, validating an integrity of each of the one or more work orders using other ones of the delegation information beside the one or more configuration policies. Smith does not teach, Warkhedi teaches, (the cloud management platform is then able to authenticate the connection request from the child/server by using the public key of the parent FI to validate the signed security digest sent from the child/server. Then, the server/child is registered and claimed into the same user account as the parent FI in the cloud management platform. In this way, each server or other network device that is introduced to a switching fabric can be registered and claimed into the same user account as the parent FI devices such that users do not need to manually authenticate and claim their devices that are being provisioned. To manage all of the devices for a user, the devices must be onboarded with a user account that is registered with the cloud management platform. It is critical that parent devices (e.g., FIs, switches, etc.) are onboarded in or registered with the same user account as child devices (e.g., servers, blade servers, etc.). In order to ensure that a device is installed, set up, and being managed by the cloud management platform on behalf of a user, the devices need to be claimed by the user account (e.g., onboarded into the account), [4:56 – 5:11]).
Smith and Warkhedi are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding of Smith with the validation procedures of Warkhedi to provide an automated process to distribute connectivity information to the network devices to allow them to be managed by the cloud management platform, [Abstract].
Claims 14 and 19 are rejected for reasons corresponding to those provided for claim 4. In these claims, the addition of a non-transitory machine-readable medium having instructions stored there in (claim 14), and an endpoint device comprising a processor and a memory coupled to the processor, (claim 19), does not change the rational for the rejections under 35 U.S.C § 103 or the referenced prior art. (Smith teaches the instructions provided via the memory , the storage , or the processor may be embodied as a non-transitory, machine readable medium a system having non-transitory computer-readable media storing computer-executable instructions that, when executed by one or more processors, performs the techniques described above, Smith [26: 1-3]).
Claim 5 is rejected under 35 U.S.C. § 103 as being taught by Smith, (US11399285-B2),
hereafter Smith, “Secure Device Onboarding,” in view of Nguyen, (US 20220303338 A1), hereafter Nguyen, “Commissioning Distributed Control Nodes,” in further view of Plenderleith (US 11102243 B1), hereafter Plenderleith, “Resource Address Resolution Based on Resource Ownership Change to Block Communications With Computing resources,” in further view of Warkhedi, (US 11522755 B1), hereafter Warkhedi, “Automated Provisioning of Endpoint Devices With Management Connectivity,” in further view of Adam, (US20230085001A1), hereafter Adam, “Testing and Remediating Compliance Controls.”
Regarding claim 5, The method of claim 4, wherein the one or more work orders comprise a first work order and the one or more operations of the first work order comprise a first operation, and
executing the permitted ones of the one or more operations of the first work order based on the one or more configuration policies comprises:
determining whether at least one of the one or more configuration policies bar
execution of the first operation;
in an instance where the execution of the first operation is barred by at least one
of the one or more configuration policies, skipping the first operation without executing the first operation as part of completing the onboarding of the endpoint device; and
in an instance where the execution of the first operation is not barred by at least
one of the one or more configuration policies, executing the first operation as part of completing the onboarding of the endpoint device. Smith does not teach, Adam teaches, (The execution component 102 can launch compliance checks at the endpoint device 132based on policies generated at the process management component 118 as noted herein. For example, a policy violation can be assessed at the endpoint device 132 by executing a script associated with the policy at the endpoint device 132. In some embodiments, scripts can be invoked based on a determination of the specific application running on the endpoint device 132. Further, in some embodiments, a dynamic wrapper can ensure that only scripts that are required to be executed are run at the endpoint device. A determination of required scripts can be made based on an evaluation of a configuration of the endpoint device 132. One or more updates can be provided to the endpoint device 132, [0040]).
Smith and Adam are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding techniques of Smith with compliance controls and techniques of Adam to enable testing endpoint devices for violations and remediating the endpoint devices based on the violations, [0001].
Claims 15 and 20 are rejected for reasons corresponding to those provided for claim 5. In these claims, the addition of a non-transitory machine-readable medium having instructions stored there in (claim 15), and an endpoint device comprising a processor and a memory coupled to the processor, (claim 20), does not change the rational for the rejections under 35 U.S.C § 103 or the referenced prior art. (Smith teaches the instructions provided via the memory , the storage , or the processor may be embodied as a non-transitory, machine readable medium a system having non-transitory computer-readable media storing computer-executable instructions that, when executed by one or more processors, performs the techniques described above, Smith [26: 1-3]).
Claims 6-10 are rejected under 35 U.S.C. § 103 as being taught by Smith, (US
11399285-B2), hereafter Smith, “Secure Device Onboarding,” in view of Nguyen, (US 20220303338 A1), hereafter Nguyen, “Commissioning Distributed Control Nodes,” in further view of Plenderleith (US 11102243 B1), hereafter Plenderleith, “Resource Address Resolution Based on Resource Ownership Change to Block Communications With Computing resources,” in further view of Adam, (US20230085001A1), hereafter Adam, “Testing and Remediating Compliance Controls.”
Regarding claim 6, The method of claim 2, wherein
obtaining the one or more work orders comprises:
obtaining a first work order comprising a first set of operations, the first work order being associated with the current owner of the endpoint device; and
obtaining a second work order comprising a second set of operations, the second
work order being associated with the previous owner of the endpoint device, and
executing the permitted ones of the one or more operations comprises:
generating a final work order based on the first work order, the second work
order, and the one or more configuration policies, the final work order comprising a final set of operations,
wherein the final set of operations are executed to complete the onboarding of
the endpoint device. Smith does not teach, Adam teaches, (In some embodiments, the script can be used to determine the current state of the endpoint device 132 (e.g., test mode, maintenance mode, remediation mode, etc.) and/or initiate a state change for the endpoint device 132. The scripts can also comprise endpoint device configuration data, generated by a configuration component of the execution component 102 that can be employed to configure the endpoint device 132 to perform certain, defined functions. The execution component 102 can upload scripts to the script database 110, manage user accounts, orchestrate onboarding or removal of endpoint devices 132, and/or apply entity-defined overrides to the system 100 in various embodiments, [0043], see also Figs 7 and 8, [0063], [0066]).
Smith and Adam are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding techniques of Smith with compliance controls and techniques of Adam to enable testing endpoint devices for violations and remediating the endpoint devices based on the violations, [0001], and to facilitate onboarding, [0066].
Regarding claim 7, The method of claim 6, wherein the one or more configuration policies permit or bar execution of only operations of the first set of operations, Smith does not teach, Adam teaches, (In some embodiments, scripts can be invoked based on a determination of the specific application running on the endpoint device 132. Further, in some embodiments, a dynamic wrapper can ensure that only scripts that are required to be executed are run at the endpoint device. A determination of required scripts can be made based on an evaluation of a configuration of the endpoint device 132. One or more updates can be provided to the endpoint device 132, [0040]).
Smith and Adam are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding of Smith with compliance controls and techniques of Adam to enable testing endpoint devices for violations and remediating the endpoint devices based on the violations, [0001], and to facilitate onboarding, [0066].
Regarding claim 8, The method of claim 6, further comprising:
after obtaining the first work order and the second work order and before generating the final work order, validating that the first work order and the second work order are both trusted using the ownership voucher, Smith does not teach, Plenderleith teaches, (receiving, from a requesting process, a request to interact with the computing instance in the computing environment; resolving an address of the computing instance; retrieving a currently valid certificate from the computing instance using the resolved address and a specified port on which a certificate is bound; identifying differences between information from the currently valid certificate to the information and the certificate information in the record; based on the identified differences, determining that the computing instance is potentially compromised; and taking action to manage communications with the computing instance so as to prevent the requesting process from sharing information with the computing instance, Plenderleith, [claim 10]).
Smith and Plenderleith are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding techniques of Smith with the ownership records and configuration policy techniques of Plenderleith to prevent inadvertent communications with potentially compromised computing resources in the network, Plenderleith, [1:12-14].
Regarding claim 9, The method of claim 6, wherein
the first set of operations comprises a first operation;
the second set of operations comprises a second operation, the first operation conflicts with the second operation; and
generating the final work order comprises:
determining that at least one of the one or more configuration policies bar execution of the first operation; and including the second operation in the final set of operations instead of the first
operation, Smith does not teach, Adam teaches, (The execution component 102 can launch compliance checks at the endpoint device 132based on policies generated at the process management component 118 as noted herein. For example, a policy violation can be assessed at the endpoint device 132 by executing a script associated with the policy at the endpoint device 132. In some embodiments, scripts can be invoked based on a determination of the specific application running on the endpoint device 132. Further, in some embodiments, a dynamic wrapper can ensure that only scripts that are required to be executed are run at the endpoint device. A determination of required scripts can be made based on an evaluation of a configuration of the endpoint device 132. One or more updates can be provided to the endpoint device 132, [0040]).
Smith and Adam are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding techniques of Smith with compliance controls and techniques of Adam to enable testing endpoint devices for violations and remediating the endpoint devices based on the violations, [0001].
Regarding claim 10, The method of claim 9, wherein
the first set of operations comprises a third operation;
the second set of operations comprises a fourth operation, the third operation conflicts
with the fourth operation; and
generating the final work order comprises:
determining that the one or more configuration policies permit execution of the
third operation; and
including the third operation in the final set of operations instead of the fourth
operation, Smith does not teach, Adam teaches, (The execution component 102 can launch compliance checks at the endpoint device 132 based on policies generated at the process management component 118 as noted herein. For example, a policy violation can be assessed at the endpoint device 132 by executing a script associated with the policy at the endpoint device 132. In some embodiments, scripts can be invoked based on a determination of the specific application running on the endpoint device 132. Further, in some embodiments, a dynamic wrapper can ensure that only scripts that are required to be executed are run at the endpoint device. A determination of required scripts can be made based on an evaluation of a configuration of the endpoint device 132. One or more updates can be provided to the endpoint device 132, [0040]).
Smith and Adam are both considered analogous to the claimed invention as both are in the field of managing modern networks and components. It would be obvious to one of ordinary skill in the art before the effective filing date to combine the secure device onboarding Smith with compliance controls and techniques of Adam to enable testing endpoint devices for violations and remediating the endpoint devices based on the violations, [0001].
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as
set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
The prior art made of record and not relied upon is considered pertinent to
applicant's disclosure or directed to the state of the art is listed on the enclosed PTO-892.
Any inquiry concerning this communication or earlier communications from the
examiner should be directed to MICHAEL BOROWSKI whose telephone number is (703)756-1822. The examiner can normally be reached M-F 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jerry O’Connor can be reached on (571) 272-6787. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/MB/
Patent Examiner, Art Unit 3624
/MEHMET YESILDAG/Primary Examiner, Art Unit 3624