PROCESS FOR ENHANCING NETWORK SECURITY

§102 §103 §112

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 10/31/2024 has been considered by the examiner. Specification The disclosure is objected to because of the following informalities: In page 5, line 11, “The more such Zero-trust services a user implements” should read “The more Zero-trust services a user implements.” In page 5, line 22, “sundry filter sets” should read “security filter sets.” In page 5, lines 24-25, “’user’ means a user of the process or game player’ an ‘entity’ is a hosing provider” should read “’user’ means a user of the process or ‘game player’, an ‘entity’ is a hosting provider.” In page 7-8, lines 26, 1, ”from nslookup (“name server lookup”)…… for an application)” should read ”from nslookup, (“name server lookup”…… for an application)” In page 8, line 9, “(e.g., www.0ffice356.com)” should read “(e.g., www.Office365.com).” In page 10, line 13, “assigned filter sets for administrative approval” should read “assigns filter sets for administrative approval.” In page 13, line 4, “The policy so provided locks down” should read “The policy provided locks down.” In page 24, line 16, “the IAM r options can be scored” should read “the IAM options can be scored.” Appropriate correction is required. Claim Objections Claims 1 and 18 is objected to because of the following informalities: Claim 1, there should be an “and” after part d, (e.g., “d) segmenting both networks…; and”). Claim 18, “b) identifying communities of interest employing the shared network” should read “b) identifying communities of interest employing the shared network;”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Regarding Claim 1, preamble, the claim recites “the network security of an entity”. There is insufficient antecedent basis for “the network security” in the claim limitation. For the purpose of examination, “the network security of an entity” will be interpreted as “network security of an entity.” Claim 1, part a, recites “the information including…”. There is insufficient antecedent basis for “the information” in the claim limitation. It is also unclear if “the information” is referencing network configuration or network environment. For the purpose of examination, “the information” will be interpreted as “the network environment information including…”. Claim 1, part a, recites “the identification of suppliers…”. There is insufficient antecedent basis for “the identification” for the claim limitation. For the purpose of examination, “the identification of suppliers” will be interpreted as “identification of suppliers”. Claim 1, part b, recites “the network environment”. There is insufficient antecedent basis for “the network environment”. For the purpose of examination, “the network environment” will be interpreted as “the network environment information.” Claim 1, part e, recites “changes to the network environment”. There is insufficient antecedent basis for “the network environment” in the claim limitation. For the purpose of examination, “the network environment” will be interpreted as “the network environment information.” Claims 2-8 inherit the above rejection by virtue of dependence. Claim 4 recites “the calculation” and “the number of sub-entities”. There is insufficient antecedent basis for the claim limitation. For the purpose of examination, “the calculation” and “the number of sub-entities” will be interpreted as “a calculation” and “a number of sub-entities”. Claim 7 recites “the identity of the user”. There is insufficient antecedent basis for “the identity”. For the purpose of examination, “the identity of the user” will be interpreted as “an identity of the user.” Claim 9 recites “assessing the configuration of an existing network”. There is insufficient antecedent basis for ‘the configuration”. For the purpose of examination, “the configuration” will be interpreted as “assessing a configuration of an existing network.” Claims 10-18 inherit this rejection. Claim 16 recites “the real-time security assessment”. There is insufficient antecedent basis for “the real-time security assessment”. For the purpose of examination, “the real-time security assessment” will be interpreted as “real-time security assessment.” Claim 16 recites “the security risk”. There is insufficient antecedent basis for “the security risk”. For the purpose of examination, “the security risk” will be interpreted as “security risk.” Claim 17, part a and b, recites “the information”. There is insufficient antecedent basis for these claim limitations. It is also unclear if “the information” in part a is the same or different as “the information” in part b. Claim 17, part a, recites “the identification of supplier's goods and services of the entity”. There is insufficient antecedent basis for “the identification” and “the entity” for the claim limitation. For the purpose of examination, “the identification of supplier's goods and services of the entity” will be interpreted as “identification of supplier's goods and services of an entity”. Claim 18 recites “b) identifying communities of interest employing the shared network”. There is insufficient antecedent basis for “the shared network”. For the purpose of examination, “b) identifying communities of interest employing the shared network” will be interpreted as “b) identifying communities of interest employing a shared network;”. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim(s) 1-5 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 20140351940 A1 to Loder et al. (Loder). Regarding claim 1, Loder teaches a process for enhancing the network security of an entity, the process comprising: a) collecting network configuration and network environment information from network users, the information including the identification of suppliers of goods and services to the entity (Loder [0030-0032], e.g., The security assessment tool 108 can scan the network environment 100 and the computer assets 102 to identify security information…… For example, the security information can include security details of the network environment 100, such as security polices of the network environment 100, details of computer assets 102 (e.g. firewalls) providing security in the network environment 100, and the like); b) parsing the network configuration and network environment information to identify individual security risks associated with hardware devices, the network configuration, and the network environment comprising individual suppliers of goods and services (Loder [0033-0034], e.g., Once the security information is determined, the security assessment tool 108 can determine potential security threats to the network…… the security assessment tool 108 can determine any potential security threats and any counter measures that are applicable to the particular OS or software program…… the security assessment tool 108 can determine any potential security threats and any counter measures that are associated with public networks), and assigning a value to each security risk identified (Loder [0036], e.g., The security score for each security threat can reflect the actual deployment of counter measures for each counter measure and the effectiveness of the deployed counter measures); c) determining a cumulative security score for each user including the values assigned to each security risk (Loder [0036], e.g., the security assessment tool 108 can determine an overall security score for the network based on the actual deployment of the counter measures, potential security threats, and an effectiveness of the counter measures…… The overall security score can be the combination of the security scores for each potential security threat); d) communicating the cumulative security score to each user (Loder [0040], e.g., the security assessment tool 108 can output the security score for each potential security threat and overall security score via the interface 116); e) offering the network users suggested changes to the network configuration including devices connected or connectable to the network, and/or changes to the network environment to each user to improve the cumulative security score (Loder [0039-0040], e.g., In 210, the security assessment tool 108 can determine recommendations for improving the overall security score. The recommendations can include any actions, procedures, processes, and the like for improving the security score relative to the potential security threats and the overall security score). Regarding claim 2, most of the limitations of this claim have been noted in the rejection of claim 1. Loder further teaches receiving at least one response from a network user to the suggested changes (Loder [0049], e.g., Likewise, a user or other computer system in the network environment 100 can implement the one or more recommendations), and recalculating the cumulative security score based on the at least one response (Loder [0051], e.g., In 312, the security assessment tool 108 can determine a new overall security score and the new recommendations for improving the security score. The overall security scores can represent the initial overall security scores before performing any of the recommendations). Regarding claim 3, most of the limitations of this claim have been noted in the rejection of claim 1. Loder further teaches wherein the entity is comprised of a plurality of sub-entities (Loder [0013], e.g., The network environment 100 can include a number of computer assets 102), each sub-entity including at least one network user (Loder [0014], e.g., the computer assets 102 can include laptop computers, desktop computers, tablet computers, mobile phones, and the like used by the personnel of the entities). Regarding claim 4, most of the limitations of this claim have been noted in the rejection of claim 3. Loder further teaches wherein the calculation of the cumulative security score is a function of the number of sub-entities (Loder [0011], e.g., The overall security score can represent an objective measure of the security of the network that considers potential security threats to the computer assets). Regarding claim 5, most of the limitations of this claim have been noted in the rejection of claim 3. Loder further teaches wherein each sub-entity has at least one attribute (Loder Fig. 4D, e.g., each asset has an IP address, username, OS, and risk score). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loder in view of US 20230351456 A1 to Hogg et al. (Hogg). Regarding claim 6, most of the limitations of this claim have been noted in the rejection of claim 1. Loder does not explicitly teach, but Hogg teaches wherein the suggested changes are offered at a cost to each user (Hogg [0175], e.g., The user interface 770, for example, may allow the user an opportunity to further understand the associated costs and timing of those costs in implementing recommended mitigations to identified risks). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of Loder with the teachings of Hogg with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of weighing the cost-to-improvement benefits when provided multiple recommendation for mitigating cyber risk (Hogg [0007], e.g., The enterprise may be assessed in view of a target vulnerability rating and/or peer benchmark vulnerability ratings to enable visual comparison of the enterprise's present state. Further, the platform and methods may provide one or more recommendations for mitigating one or more cyber security risks including, in some examples, products, services, and insurance policies. The user may be presented with a prospective vulnerability score representing an improvement in score upon applying one or more remedies). Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loder in view of Hogg, and in further view of U.S. Patent 7,165,041 B1 to Guheen et al (Guheen). Regarding claim 7, most of the limitations of this claim have been noted in the rejection of claim 6. Loder and Hogg do not explicitly teach, but Guheen teaches wherein the cost offered to each user is a function of the identity of the user (Guheen Col. 196, lines 62-67, e.g., Next provided is a method, system, and article of manufacture for selectively determining prices and availability of items, i.e. products or services, for purchase in a virtual shopping environment based on a user profile; Col. 201, lines 23-40, e.g., a user is allowed to request to utilize a software package after which user input relating to the user is requested and received. See operation 2104 and 2106, respectively. Such information may include identification information such as name, address, etc. In operation 2108, a tailored license agreement is then generated by utilizing the user input). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Loder and Hogg with the teachings of Guheen with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of presenting a comparison between different products and services and providing a financial analysis of the products/services (Guheen Col. 178-179, lines 64-67, 1-14, e.g., The comparison between different products and services could include a comparison to a competitor's product. Alternatively, the comparison between different products and services could include identification of at least one advantage of the at least one of products and services. Optionally, the recommendation of at least one of the products and services includes a financial analysis of at least one of the products and services. The features of at least one of the products and services may be generated by a product configuration) Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Loder in view of Hogg, and in further view of US 20200067986 A1 to DiDomenico et al. (DiDomenico). Regarding claim 8, most of the limitations of this claim have been noted in the rejection of claim 6. Loder and Hogg does not explicitly teach, but DiDomenico teaches [wherein the suggested changes include] Stealth™ security services (DiDomenico [0041], e.g., One example of such a security system that can be implemented is the Stealth enterprise security solution). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the combined teachings of Loder and Hogg with the teachings of DiDomenico with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of hiding computing resources from attackers (DiDomenico [0041], e.g., One particular attribute of the Stealth solution is that for entities not included within a particular community of interest, the resource that is protected using that solution is not visible, and therefore would not be a hacking target (e.g., for DDOS attacks, or other types of attacks) given that its network address would not be known). DiDomenico does not explicitly teach that the suggested changes include Stealth™ security services, however, it would have been obvious to one or ordinary skill in the art before the effective filing date of the invention to have modified Hogg’s recommendation system to list DiDomenico’s Stealth security services because the Stealth security service obscures computing resources from entities outside the network, therefore, reduce the system from being a hacking target (DiDomenico, see [0041] above). Claim(s) 9-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20200067986 A1 to DiDomenico et al. (DiDomenico) in view of US 20220337557 A1 to Head et al. (Head). Regarding claim 9, DiDomenico teaches an incremental process for providing a secured network, the process comprising: a) assessing the configuration of an existing network, including users and devices (DiDomenico [0084], e.g., The configuration user interface presents to a security administrator a simplified topology of an enterprise network, and allows for grouping of nodes (e.g., servers and endpoints) that are commonly secured using similar security policy settings, and allows for automatic grouping and default security settings to simplify security policy deployment); b) identifying communities of interest employing the existing network (DiDomenico [0046], e.g., Accordingly, users are, via a management system, separated into defined communities of interest (COIs) which allows for common access rights to a group of users); c) defining a network security policy (DiDomenico [0088], e.g., A security policy generation component 424 is configured to generate, based on the arrangement and settings defined using the configuration user interface of the enterprise security management configuration tool, to generate an exportable file that can be ingested by the management server 120 of FIG. 1, for population of the configuration database 122 and subsequent dispersion of security policy settings throughout the enterprise network); d) segmenting the existing network into client nodes, each client node being identified as belonging to at least one community of interest (DiDomenico [0085], e.g., An affinitization component 418 is configured to determine an extent of similarity among nodes in an enterprise network, and in some embodiments group those nodes into “profiles” or collections of similar-acting nodes. For example, a profile may contain a set of application servers that serve a common application, or redundant database servers, or web servers, or even user endpoints having common communication patterns); e) providing a security filter, consistent with the network securing policy, for each Network Access Control platform governing the existing network (DiDomenico [0085], e.g., the grouped nodes within the profile can be treated similar to one another, by assigning a set of common security settings (e.g., common filter lists, security enablement/disablement, communities of interest, etc.); and f) monitoring traffic, user behavior, and system processes on the existing network to detect unusual behavior associated with specific devices, users, or system processes (DiDomenico [0087], e.g., In a simulation mode or monitoring mode, various tests can be run to verify consistency of security within the enterprise network, and alerts can be generated and graphically presented to a user to indicate areas of an enterprise network that are not secured, or for which unsecured traffic might be allowed to access data that is intended to be secured (either in a realtime or simulated situation, depending on the mode); Also see [0120]), [and isolating devices, users, or system processes manifesting the unusual behavior from the existing network]. DiDomenico does not explicitly teach, but Head teaches isolating devices, users, or system processes manifesting the unusual behavior from the existing network (Head 0137], e.g., One of the fundamental aspects of the present invention is to employ systems, methods, devices, software, algorithms, and so on, for monitoring and recognizing malicious and illegal behavior, and to flip a trust switch from to “no” for all activities when a person or machine becomes untrustworthy). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to have modified the teachings of DiDomenico with the teachings of Head with reasonable expectation of success. One of ordinary skill in the art would have been motivated to make the modification for the benefit of discovering and controlling lateral spread of malicious activity (Head [0145], e.g., The present invention accomplishes this by providing for per-packet and/or per-relationship pass/block enforcement on all connections between all devices without needing the cooperation of the compromised end device. With these novel improvements, such as attribution to port and device as described above, lateral spread is both discoverable and controllable). Regarding claim 10, most of the limitations of this claim have been noted in the rejection of claim 9. DiDomenico does not explicitly teach, but Head teaches providing a centralized firewall for the existing network (Head [0161], e.g., with the implement of FIG. 2, no device on any port is permitted to communicate laterally with any other local port on the switch directly. Instead, as shown in FIG. 2, all traffic is on a different VLAN from all other ports, enabling monitoring of all data inside an enclave by one or more central monitor(s)/controller(s) at all times to immediately disconnect the devices in the event it is determined at least one of the devices has been compromised, is a bad actor, attempted spoofing, and so on). The motivation to combine is the same as that of claim 9. Regarding claim 11, most of the limitations of this claim have been noted in the rejection of claim 10. DiDomenico further teaches providing public cloud hosting for internal services (DiDomenico [0061], e.g., In the embodiment shown, the system 200 is distributed across one or more locations 202, shown as locations 202a-c. These can correspond to locations remote from each other, such as a data center owned or controlled by an organization, a third-party managed computing cluster used in a “cloud” computing arrangement, or other local or remote computing resources residing within a trusted grouping). Regarding claim 12, most of the limitations of this claim have been noted in the rejection of claim 11. DiDomenico further teaches providing a primary secure server for the existing network (DiDomenico [0049], e.g., each premises may include a secure appliance 114. The secure appliance can manage secure communications among endpoints 106 or between premises 102a-b; [0051], e.g., an authorization server 118 can be provided at one or more of the premises 102. The authorization server 118 can be accessed by an endpoint that is seeking authorization to access other resources within the network). Regarding claim 13, most of the limitations of this claim have been noted in the rejection of claim 12. DiDomenico further teaches identifying portions of the existing network servicing departmental business activities (DiDomenico [0046], e.g., Accordingly, users are, via a management system, separated into defined communities of interest (COIs) which allows for common access rights to a group of users. The common access rights may be, in a corporate context, access rights associated with a particular department or project; in other contexts, access rights may be defined by a particular security clearance, membership in a particular group, or having a particular interest in common data or applications) and providing secure servers for each such portion of the existing network (DiDomenico [0049], e.g., Referring to the premises 102a-b generally, it is noted that in the embodiment shown, each premises may include a secure appliance 114. The secure appliance can manage secure communications among endpoints 106 or between premises 102a-b). Regarding claim 14, most of the limitations of this claim have been noted in the rejection of claim 9. DiDomenico further teaches wherein the security filter is derived at least in part from a real-time security assessment for each local and public network portion of the existing network (DiDomenico [0059-0060], e.g., In the example shown, firewall devices 150a-b are shown at the public network interface to each of the premises. This allows the enterprise to control the extent to which public network access is allowed, while defining rules for trusted traffic (e.g., traffic originating from another of the premises of the enterprise). It is noted that such firewalls may or may not be located at such boundary points of an enterprise, but may be located elsewhere within an enterprise network…… some firewall devices, such as devices 150a-b, can include third party security software installed thereon. The third party security software may allow for custom configurations of the device, management of security policies (e.g., whitelists, encryption policies/standards, and other security features); Also see [0087], which discusses monitoring in real time). Regarding claim 15, most of the limitations of this claim have been noted in the rejection of claim 14. DiDomenico does not explicitly teach, but Head teaches wherein real-time security assessment is based on a machine learning process (Head [0125], e.g., The present invention enables the use of AI algorithms and machine learning routines which provide advantages over the security expert's very limited capacity to manually monitor traffic at a single node at a time and to determine where that traffic went and what may have changed during the transfer of data between the single node being monitored and any number of nodes that cannot be possibly monitored by the expert). The motivation to combine is the same as that of claim 9. Regarding claim 16, most of the limitations of this claim have been noted in the rejection of claim 9. DiDomenico does not explicitly teach, but Head teaches wherein the real-time security assessment includes a numerical score reflective of the security risk (Head [0115], e.g., In some cases, systems and methods described herein may include assigning a risk score or level based on past activity, suspicious behavior… ), a set of security filter sets (Head [0260], e.g., the present invention is readily adaptable to new threats, with AI and machine learning for example, through the use of one or more active monitors/controllers/filters to continuously monitor internet traffic and updating its database of filters including blocklists, approve lists, ownership lists, geolocation lists, and so on), and a set of commands to implement the security filter sets on each Network Access Control platform (Head [0148], e.g., differential auditing… is provided so that adversaries with control over compromised devices on a network to hide their activities are discoverable; [0152], e.g., an overlay using standard network protocols can be used to prevent unaudited and/or uncontrolled peer-to-peer communications within the network; [0188], e.g., the present invention, enables tagging recognition, statistics, accounting, making and logging of block or pass decisions, seeing mismatches from expected values for each port and device, and provides real-time lookup of translation tables for VLAN switching or higher protocol switching as needed). The motivation to combine is the same as that of claim 9. Regarding claim 17, most of the limitations of this claim have been noted in the rejection of claim 9. DiDomenico further teaches a) collecting public network hosting providers for services (DiDomenico [0089], e.g., That third party security software may be accessible via the third party integration component 425 which is configured to (1) include a definition of how to access third party software security policies for the one or more third party devices, and (2) translate the third party software security policies so that an overall security assessment can be provided for the enterprise network), the information including the identification of supplier's goods and services of the entity (DiDomenico [0090], e.g., third party networking devices can include third party firewall devices, such as those provided by Palo Alto Networks); [b) scaling hosting configuration for all users, the information including an automated, self-service, repeatable configuration including setup, operations, and support]. DiDomenico does not explicitly teach, but Head teaches b) scaling hosting configuration for all users (Head [0243], e.g., The IPV4 and IPV6 subnetworking approach is more scalable than the VLAN solution because the Layer 2 networks can be made larger with IP subnetting than with VLAN-based subnetting), the information including an automated, self-service, repeatable configuration including setup, operations, and support (Head [0256], e.g., Allowing More Trusted Flow to Bypass Network-Based Security Device to Decrease Latency and Load on Security Device and Routers…… This can be a manual, automatic, dynamic, or periodic bypass). Regarding claim 18, most of the limitations of this claim have been noted in the rejection of claim 9. DiDomenico further teaches a) defining a shared access network security policy (DiDomenico [0085], e.g., the grouped nodes within the profile can be treated similar to one another, by assigning a set of common security settings (e.g., common filter lists, security enablement/disablement, communities of interest, etc.)); b) identifying communities of interest employing the shared network (DiDomenico [0046], e.g., Accordingly, users are, via a management system, separated into defined communities of interest (COIs) which allows for common access rights to a group of users); c) defining a network security policy exchange process (DiDomenico [0114], e.g., In such example embodiments, user credentials can be logged and stored in the tool 412 to allow exchange of data between the tool 412 and the third party software, so that the tool may be notified or may monitor for changes in configuration in the third party software. In example embodiments, a fetch or node-rest-client configuration can be used, with the tool 412 acting as a client of the third party tool for purposes of detecting firewalls); d) segmenting both networks into user and server client nodes, each client node being identified as having a shared community of interest (DiDomenico [0085], e.g., An affinitization component 418 is configured to determine an extent of similarity among nodes in an enterprise network, and in some embodiments group those nodes into “profiles” or collections of similar-acting nodes. For example, a profile may contain a set of application servers that serve a common application, or redundant database servers, or web servers, or even user endpoints having common communication patterns). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20180190146 A1 to Bodnarium discloses generating a security score for components of a network or for users of a network. Administrators use the security score to determine control rights for different components and users. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to LAWRENCE Q TRUONG whose telephone number is (571)272-6973. The examiner can normally be reached Monday - Friday, 7:30 am - 5 pm ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /LAWRENCE Q TRUONG/Examiner, Art Unit 2434 /TESHOME HAILU/Primary Examiner, Art Unit 2434