DETAILED ACTION
Claims 1-9 are pending and have been examined.
This application is a CON of 18/055,218, now US 12,107,732.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-9 are rejected on the ground of nonstatutory double patenting as being unpatentable over Claims 1-3, 7, 8 and 10 of U.S. Patent No. 12,107,732. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent anticipates the instant application’s claims according to the table below.
Instant Application Patent
1. A method for securing a network infrastructure of a computing environment, comprising: creating a network configuration graph by abstracting nodes of the network infrastructure representing components that are associated with serving or consuming one or more computing interfaces; responsive to receipt of a query associated with a given component, traversing the network configuration graph to identify one or more flows involving the given component and related to the service or consumption of the one or more computing interfaces; based on traversing the network configuration graph, detecting a configuration of the given component related to service or consumption of the one or more computing interfaces; and performing an action with respect to the detected configuration.
1. A method for securing a computing environment using graphing of computing interfaces, comprising: traversing a network configuration graph with respect to a first component deployed in a computing environment, wherein traversing the network configuration graph results in a plurality of connections between a plurality of components in the computing environment represented by a plurality of nodes including at least one connection to a first node representing the first component, wherein the plurality of nodes includes at least one computing interface node and at least one other node, wherein each computing interface node represents a computing interface of a plurality of computing interfaces deployed in the computing environment; determining, based on the plurality of connections, a configuration of the first component with respect to service or consumption of at least one of the plurality of computing interfaces; and detecting a misconfiguration of the first component based on the determined configuration of the first component.
The method of claim 1, further comprising: performing at least one mitigation action with respect to the detected misconfiguration.
3. The method of claim 1, wherein traversing the network configuration graph further comprises: querying the network configuration graph using an identifier of the first component.
2. The method as described in claim 1, wherein the configuration is a misconfiguration, and the action is a mitigation action.
2. The method of claim 1, further comprising: performing at least one mitigation action with respect to the detected misconfiguration.
3. The method as described in claim 1, wherein the components are computing interface-related components that serve, consume, or interact with the one or more computing interfaces.
1. A method for securing a computing environment using graphing of computing interfaces, comprising: traversing a network configuration graph with respect to a first component deployed in a computing environment, wherein traversing the network configuration graph results in a plurality of connections between a plurality of components in the computing environment represented by a plurality of nodes including at least one connection to a first node representing the first component, wherein the plurality of nodes includes at least one computing interface node and at least one other node, wherein each computing interface node represents a computing interface of a plurality of computing interfaces deployed in the computing environment; determining, based on the plurality of connections, a configuration of the first component with respect to service or consumption of at least one of the plurality of computing interfaces; and detecting a misconfiguration of the first component based on the determined configuration of the first component.
4. The method as described in claim 1, wherein at least one computing interface is an Application Programming Interface (API).
10. The method of claim 1, wherein at least one of the at least one computing interface node represents an application programming interface.
5. The method as described in claim 1, wherein the action includes issuing a notification.
8. The method of claim 1, wherein the network configuration graph further includes a pointer to each of the plurality of components in association with the node representing the component, wherein the pointer launches a system for viewing information related to the respective component when interacted with.
6. The method as described in claim 1, wherein the detected configuration is associated with a vulnerability.
2. The method of claim 1, further comprising: performing at least one mitigation action with respect to the detected misconfiguration.
7. The method as described in claim 1, wherein the network configuration graph includes first nodes representing the one or more computing interfaces, and second nodes representing infrastructure components of the computing environment.
7. The method of claim 1, wherein the plurality of components includes at least one of: computing interfaces, cloud compute systems, virtual machines, network identifiers, networks, load balancers, software application services, and application gateways.
8. The method as described in claim 1, wherein the network configuration graph exposes at least one indirect or hidden connection from the given component to the one or more computing interfaces.
7. The method of claim 1, wherein the plurality of components includes at least one of: computing interfaces, cloud compute systems, virtual machines, network identifiers, networks, load balancers, software application services, and application gateways.
9. The method as described in claim 1, wherein abstracted nodes of the network configuration graph consist essentially of computing interface-related nodes.
7. The method of claim 1, wherein the plurality of components includes at least one of: computing interfaces, cloud compute systems, virtual machines, network identifiers, networks, load balancers, software application services, and application gateways.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-9 are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by US 2015/0139038 A1 (Riederer et al.).
As to Claim 1, Riederer et al. anticipate a method (***) for securing a network infrastructure of a computing environment, comprising:
creating a network configuration graph by abstracting nodes of the network infrastructure representing components that are associated with serving or consuming one or more computing interfaces (Riederer et al. disclose the visual network map {network graph} used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes {abstracting from each node information regarding bus configurations, power sequencing and operation information} - ¶¶ [0013, 0028-0029, 0073-0074]; and creating the network graph using each node to be included in the graph’s point of view to create the graph - ¶ [0011]. Riederer et al. recite: “[I]t is thus a feature of at least one embodiment of the invention to provide a visual network map to simplify diagnostics and technical support and create visualization during maintenance, debugging and replacement.”- ¶ [0029]. The process of debugging inherently includes comparing the observed configuration of an element against an expected configuration of said element in order to detect and correct problems in the element’s configuration, usually software or firmware configuration);
responsive to receipt of a query associated with a given component, traversing the network configuration graph to identify one or more flows involving the given component and related to the service or consumption of the one or more computing interfaces (Riederer et al. disclose the visual network map with device identifiers A-F – Fig.6 and ¶¶ [0073-0074]. Riederer et al. disclose the visual network map {network graph} used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes {traversing and abstracting from each node information regarding bus configurations, power sequencing and operation information} - ¶¶ [0013, 0028-0029, 0073-0074]);
based on traversing the network configuration graph, detecting a configuration of the given component related to service or consumption of the one or more computing interfaces (Riederer et al. recite: “[I]t is thus a feature of at least one embodiment of the invention to provide a visual network map to simplify diagnostics and technical support and create visualization during maintenance, debugging and replacement.”- ¶ [0029]. The process of debugging inherently includes comparing the observed configuration of an element against an expected configuration of said element in order to detect and correct problems in the element’s configuration, usually software or firmware configuration); and
performing an action with respect to the detected configuration (Riederer et al. recite: “[I]t is thus a feature of at least one embodiment of the invention to provide a visual network map to simplify diagnostics and technical support and create visualization during maintenance, debugging and replacement.”- ¶ [0029]; and recite: “It is also a feature of at least one embodiment of the invention to improve the ability to detect user error in a network configuration.” - ¶ [0015]. The process of debugging inherently includes comparing the observed configuration of an element against an expected configuration of said element in order to detect and correct problems in the element’s configuration, usually software or firmware configuration).
As to Claim 2, Riederer et al. anticipate the method as described in claim 1,
wherein the configuration is a misconfiguration, and the action is a mitigation action (Riederer et al. recite: “[I]t is thus a feature of at least one embodiment of the invention to provide a visual network map to simplify diagnostics and technical support and create visualization during maintenance, debugging and replacement.”- ¶ [0029]; and recite: “It is also a feature of at least one embodiment of the invention to improve the ability to detect user error in a network configuration.” - ¶ [0015]. The process of debugging inherently includes comparing the observed configuration of an element against an expected configuration of said element in order to detect and correct problems in the element’s configuration, usually software or firmware configuration).
As to Claim 3, Riederer et al. anticipate the method as described in claim 1,
wherein the components are computing interface-related components that serve, consume, or interact with the one or more computing interfaces (Riederer et al. disclose the visual network map {network graph} used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes {traversing and abstracting from each node information regarding bus configurations, power sequencing and operation information} - ¶¶ [0009, 0013, 0028-0029, 0073-0074]).
As to Claim 4, Riederer et al. anticipate the method as described in claim 1,
wherein at least one computing interface is an Application Programming Interface (API) (Riederer et al. disclose the visual network map with physical computing device identifiers A-F – Fig.6 and ¶¶ [0073-0074]. Riederer et al. also disclose the visual network map {network graph} used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes {traversing and abstracting from each node information regarding bus configurations, power sequencing and operation information} - ¶¶ [0009, 0013, 0028-0029, 0073-0074]).
As to Claim 5, Riederer et al. anticipate the method as described in claim 1,
wherein the action includes issuing a notification (Riederer et al. disclose the visual network map used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes - ¶¶ [0013, 0028-0029, 0073-0074]).
As to Claim 6, Riederer et al. anticipate the method as described in claim 1,
wherein the detected configuration is associated with a vulnerability (Riederer et al. recite: “It is also a feature of at least one embodiment of the invention to improve the ability to detect user error in a network configuration.” - ¶ [0015]).
As to Claim 7, Riederer et al. anticipate the method as described in claim 1,
wherein the network configuration graph includes first nodes representing the one or more computing interfaces, and second nodes representing infrastructure components of the computing environment (Riederer et al. recite: “[A]s the functions of a computer network change over time the nodes on the computer network often also change, requiring updates from their original configuration. For example, new nodes may be added to the network to increase its capability, while other nodes may be moved and/or removed from the network altogether. Despite such changes, protocols inherent in the computer network typically allow the nodes to continue to be logically aware of one another and communicate with one another.”- ¶ [0004]. Riederer et al. also disclose the visual network map {network graph} used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes {traversing and abstracting from each node information regarding bus configurations, power sequencing and operation information} - ¶¶ [0009, 0013, 0028-0029, 0073-0074]).
As to Claim 8, Riederer et al. anticipate the method as described in claim 1,
wherein the network configuration graph exposes at least one indirect or hidden connection from the given component to the one or more computing interfaces (Riederer et al. disclose the visual network map {network graph} used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes {abstracting from each node information regarding bus configurations, power sequencing and operation information} - ¶¶ [0013, 0028-0029, 0073-0074]; and creating the network graph using each node to be included in the graph’s point of view to create the graph - ¶ [0011]).
As to Claim 9, Riederer et al. anticipate the method as described in claim 1,
wherein abstracted nodes of the network configuration graph consist essentially of computing interface-related nodes (Riederer et al. disclose the visual network map {network graph} used to simplify diagnostics and create visualization during maintenance, debugging and replacement of components represented on the map; and to verify bus configurations, power sequencing configurations and operation of nodes {abstracting from each node information regarding bus configurations, power sequencing and operation information} - ¶¶ [0013, 0028-0029, 0073-0074]; and creating the network graph using each node to be included in the graph’s point of view to create the graph - ¶ [0011]).
Interview Practice
USPTO Automated Interview Request (AIR)
The USPTO AIR is a new optional online interview scheduling tool that allows Applicants to request an interview with an Examiner for their pending patent application.
The USPTO AIR form is available on our website at: http://www.uspto.gov/patent/laws-and-regulations/interview-practice.
By submitting this type of interview request, the pending patent application will be in compliance with the written authorization requirement for Internet communication in accordance with MPEP §502.03. This authorization will be in effect until the Applicant provides a written withdrawal of authorization to the Examiner of record.
If you have questions or need assistance with the USPTO AIR form or with interview practice at the USPTO, please contact an Interview Specialist at http://www.uspto.gov/patent/laws-and-regulations/interview-practice/interview-specialist or send an email to ExaminerInterviewPractice@USPTO.GOV.
Examiner Notes:
A) Prior to conducting any interview (whether using AIR or not), Applicant(s) must submit an agenda including the proposed date and time, all arguments in writing, and proposed claim amendments (if applicable). Any proposed amendments or arguments not presented in the agenda will only be heard by the Examiner, but because the Examiner will not have heard them in advance and been given an equitable opportunity to consider them, no decision will be rendered, nor agreement made. ALL AGENDAS MUST BE RECEIVED BY THE EXAMINER AT LEAST 24 HOURS PRIOR TO THE START OF THE INTERVIEW, OR THE PREVIOUS BUSINESS DAY, WHICHEVER IS LONGER, or the interview may have to be rescheduled.
B) After-final interviews may be granted, but the agenda must be in compliance with MPEP 713.09 which limits the interview only to discussions of proposed amendments, or clarification for appeal. After-final interviews are not to be conducted for the purpose of rehashing previously made arguments. After seeing the agenda, Examiner will decide whether to grant or deny the interview.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See Form PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD G KEEHN whose telephone number is (571)270-5007. The examiner can normally be reached M-F 9:00am - 5:00pm Eastern.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John A Follansbee can be reached at 571-272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RICHARD G KEEHN/Primary Examiner, Art Unit 2444