NETWORK CONFIGURATION DEVICE, INFORMATION SYSTEM, NETWORK CONFIGURATION METHOD, AND RECORDING MEDIUM

DETAILED ACTION 1. This action is responsive to the communications filed on 12/30/2025. 2. Claims 1, 3-10, are pending in this application. 3. Claims 1, 4-6, 8-10, have been amended. 4. Claim 2 has been cancelled. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 5. Applicant’s argument with respect to claims 1, 3-10 have been considered but are moot in view of the new grounds of rejection. Although a new ground of rejection has been used to address additional limitations that have been added to claims 1, 3-10, a response is considered necessary for several of applicant's arguments since reference Bansal will continue to be used to meet several claimed limitations. In the remarks, applicant argued that: a. Applicant respectfully submits that the cited references, and any combination thereof, fail to teach or suggest the above features and, therefore, claim 1 is patentable for at least these reasons. For instance, one or more example embodiments consistent with claim 1 differ from the cited references, and any combination thereof, at least in that one or more example embodiments determine the authenticity of devices that serve as components of network infrastructure for constructing virtual networks. In contrast to claim 1, Bansal performs authentication of "end-user devices that access networks." In further contrast to claim 1, Fukushima is directed to visualizing the MAC/IP address and the authentication status of IoT devices. Therefore, the cited references, and any combination thereof, fail to teach or suggest all the features of claim 1 and, thus, claim 1 is patentable for at least these reasons (Applicant’s remarks, pages 7-8). In response: Applicant's arguments fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. For example, applicant argues that the references do not disclose the obtain, determine, and configure limitations. Applicant then gives a general overview of the references cited in one sentence and states that the references fail to disclose the limitations. Please see the examiner’s rejection regarding how the Bansal reference discloses the obtain and determine limitations and how newly cited Schroeder discloses the configure limitation. Claim Interpretation 6. Claims 1, 4-6, 8-10, recite the limitation “authenticity” and determining the “authenticity.” Applicant’s specification states: [0032] The authenticity determination unit 102 is a means that determines the authenticity of the network device based on the device information obtained by the device information acquisition unit 101. In the present example embodiment, the authenticity indicates a state where settings and the like of the hardware information and software information of the network device are not erased, falsified, replaced, or the like… As such, the examiner will construe determining “authenticity” in line with applicant’s specification where the settings of network device are not erased, falsified, or replaced. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 7. Claims 1, 3-10, are rejected under 35 U.S.C. 103 as being unpatentable over Bansal et al. (US 2017/0332238) in view of Schroeder et al. (US 10,574,654). Regarding claim 1, Bansal disclosed: A network configuration device (Figure 5, cloud node 502) comprising: a memory storing instructions (Paragraph 11, memory); and at least one processor (Paragraph 11, processor) configured to execute the instructions to: obtain, from a storage (Paragraph 9, client application), device information (Paragraph 9, posture data) in which a configuration (Paragraph 9, device fingerprint) and a risk (Paragraph 9, risk index) regarding a network infrastructure device (Paragraph 9, mobile device) that forms part of a physical network (Figure 5, Internet 504)(Paragraph 9, receiving posture data from the mobile device. The posture data is obtained from a client application executed on the mobile device and sent to the cloud node. The posture data, which is periodically updated, includes hardware parameters, applications installed, versions of applications, and operating system parameters and patches. Based on the posture data, a device fingerprint and risk index are determined for the mobile device. As the posture data is captured by the client application it is at least temporarily stored before sending to the cloud node. Paragraph 11, cloud node in the cloud based security system provides network access control of a mobile device based on multidimensional risk profiling of the mobile device. Paragraph 74, cloud nodes 502 are a part of the distributed security system 100. Paragraph 135, the multidimensional risk profiling process includes posture fingerprinting where the cloud based security system creates a mobile device fingerprint which includes a device fingerprint and a risk index. The posture fingerprinting is based on the nature of applications installed, OS vulnerabilities, anti-virus status, patch level, and device configuration); determine authenticity of the network infrastructure device based on the obtained device information (Paragraph 134, posture acquisition which includes collecting data such as device information. This device information includes OS upgrades, abrupt geolocation changes, device information deviation, and changes in the installed application list. This information is sent to the cloud based security system, which evaluates the changes and computes a risk index for the device); and configure a virtual network (Figure 9, secure tunnels 674/676) on the physical network (Figure 9, Paragraph 92-93, after the device is authenticated and enrolled (as shown in Figure 9, steps 662, 664), a secure tunnel is created for Internet access through the cloud node 502 or a secure tunnel to the virtual private network (VPN) 652 is created). While Bansal disclosed obtaining device information that includes a configuration and a risk regarding the network device (see above), Bansal did not explicitly disclose configure a virtual network on the physical network by incorporating only the network infrastructure device determined to have authenticity as a component of the virtual network. However, in an analogous art, Schroeder disclosed configure a virtual network on the physical network by incorporating only the network infrastructure device determined to have authenticity as a component of the virtual network (Column 3, Lines 46-60, when a new computing device (i.e., network infrastructure device) is connected to the provisioning network, the networking device evaluates properties of the new computing device to determine which of the operating network segments (i.e., virtual networks) to assign the new computing device as each network segment provides different network access privileges. The network segments are considered ‘virtual networks’ as they are logical constructs implemented on the same underlying physical network infrastructure (see Figure 2). The new computing device is assigned a network segment based on properties of the new computing device. Highly trustworthy computing devices are assigned (i.e., a component) to an operating network with more privileges (e.g., a trusted network segment) than less trustworthy computing devices. Therefore, being connected to the more trusted network segment is conditional on the device being determined trustworthy and devices that do not satisfy that trust condition are not incorporated into the trusted segment). One of ordinary skill in the art would have been motivated to combine the teachings of Bansal and Schroeder because the references involve determining authenticity of connecting devices prior to allowing them to connect to the network, and as such, are within the same environment. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the authenticated device only of Schroeder with the teachings of Bansal in order to provide improved network security (Schroeder, Column 2, Lines 64-65). Regarding claims 8-10, the claims are substantially similar to claim 1. Claim 8 recites a service slicing management device (Bansal, Figure 2, authority node 120) and a device information storage device (Bansal, Figure 1, processing node 110, Paragraph 51). Therefore, the claims are rejected under the same rationale. Regarding claim 3, the limitations of claim 1 have been addressed. Bansal and Schroeder disclosed: wherein the device information obtained includes different types of information of configuration information, event information, and inspection information of the network device (Bansal, Paragraph 134, the information collected includes abrupt geolocation changes (i.e., event information) and device information deviation (i.e., inspection information) within the device/posture fingerprinting (i.e., configuration information)). Regarding claim 4, the limitations of claim 3 have been addressed. Bansal and Schroeder disclosed: wherein the at least one processor is further configured to execute the instructions to: obtain pieces of authenticity individual information determined from pieces of the different types of the device information; and to determine the authenticity of the network device based on the obtained authenticity individual information (Bansal, Paragraph 134, posture acquisition which includes collecting data such as device information. This device information includes OS upgrades, abrupt geolocation changes, device information deviation, and changes in the installed application list. This information is sent to the cloud based security system, which evaluates the changes and computes a risk index for the device). Regarding claim 5, the limitations of claim 1 have been addressed. Bansal and Schroeder disclosed: wherein the at least one processor is further configured to execute the instructions to: calculate a risk score that represents a degree of the authenticity; and(Bansal, Paragraphs 10,137-138,143, the risk index for the mobile device is determined and updated. The risk index is used in the multidimensional risk analysis to determine a risk score and allowing or denying the request based on the risk score). Regarding claim 6, the limitations of claim 1 have been addressed. Bansal and Schroeder disclosed: wherein the at least one processor is further configured to execute the instructions to: obtain the device information when the device information of the network device included in the virtual network is updated; determine the authenticity of the network device based on the obtained device information after the update, and to configure the virtual network based on a result of the determination on the authenticity of the network device after the update (Bansal, Paragraphs 10, 134, determining OS upgrades, geolocation changes, device information deviation, and changes to the installed application list and updates the cloud based security system. The changes are evaluated and a new risk index is computed for the device). Regarding claim 7, the limitations of claim 1 have been addressed. Bansal and Schroeder disclosed: wherein the at least one processor is further configured to execute the instructions to: assign a communication function of the network device included in the virtual network to the virtual network (Bansal, Figure 9, Paragraph 93, after the device is authenticated and enrolled, a secure tunnel (i.e., communication function) is created for Internet access through the cloud node 502 or a secure tunnel to the virtual private network (VPN) 652 is created). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Steven C. Nguyen whose telephone number is (571)270-5663. The examiner can normally be reached M-F 7AM - 3PM and alternatively, through e-mail at Steven.Nguyen2@USPTO.gov. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached at 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /S.C.N/Examiner, Art Unit 2451 /Chris Parry/Supervisory Patent Examiner, Art Unit 2451