DETAILED ACTION
Claims 1-3 have been examined and are pending.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2019/0268378 to Zhou et al. (hereinafter “Zhou”) and further in view of US Pub. No. 2025/0392603 to Gomez et al. (hereinafter “Gomez”).
As to Claim 1, Zhou discloses a computer-implemented method in a network security device, on a data communication network, for an efficacy scoring metric for an access control policy list in [Zero Trust Network Access (ZTNA)], the method comprising:
generating a set of ZTNA access control policies for automatically securing the network (Paragraph [0060] of Zhou discloses after generating one or more candidate access rules 334, the access rule generation system 300 may provide the candidate access rules 334 to an access server to be used for determining access request outcomes);
applying the set of ZTNA access control policies against different sessions in real-time traffic of the network, to identify allowed sessions and blocked sessions (Paragraph [0031] of Zhou discloses the resource security system 100 may implement access rules 122 to identify fraudulent access requests based on the parameters of the access request);
detecting a false positive or a false negative from the allowed and blocked sessions from application of ZTNA rules, wherein the false positive comprises a blocked legitimate flow and the false negative comprises an allowed illegitimate flow (Paragraph [0077] of Zhou discloses the detection error percentage may be based on the percentage of “false positives” (e.g., a legitimate access request being determined to be fraudulent) and the percentage of “false negatives” (e.g., a fraudulent request being determined to be legitimate) for the conditions associated with a particular node);
periodically determining an ZTNA efficacy score representing a combination of ZTNA rule accuracy and ZTNA rule manageability (Paragraph [0028] of Zhou discloses periodically, the resource security system may change or update the access rules based on their performance), comprising:
scoring the ZNTA rule accuracy based on allowed legitimate flows and blocked illegitimate flows in relation to allowed illegitimate flows and blocked legitimate flows (Paragraph [0077] of Zhou discloses the detection error percentage may be based on the percentage of “false positives” (e.g., a legitimate access request being determined to be fraudulent) and the percentage of “false negatives” (e.g., a fraudulent request being determined to be legitimate) for the conditions associated with a particular node);
scoring the ZNTA rule manageability based on a volume of the ZTNA rules (Paragraph [0097] of Zhou discloses merging multiple conditions into a single condition may reduce the computation complexity of running the access rules since there may be fewer conditions to check); and
responsive to the ZNTA efficacy score, raising the ZTNA efficacy score by automatically adjusting the ZTNA rules, using machine learning, to maximize ZTNA rule accuracy and ZTNA rule manageability by reducing false positives and false negatives and by reducing the number of rules (Paragraph [0056] of Zhou discloses access rules 222 that having poor fraud detection performance may be updated or replaced by better performing access rules. Paragraph [0097] of Zhou discloses merging multiple conditions into a single condition may reduce the computation complexity of running the access rules since there may be fewer conditions to check); and
implementing updated ZTNA rule set to real-time (Paragraph [0028] of Zhou discloses periodically, the resource security system may change or update the access rules based on their performance).
Zhou does not explicitly disclose Zero Trust Network Access (ZTNA).
However, Gomez discloses this. Paragraph [0029] of Gomez discloses ZPA can include access control. ZPA provides Zero Trust Network Access (ZTNA). Paragraph [0061] of Gomez discloses by categorizing rules based on their importance and likelihood of detecting threats, the systems can ensure that the most critical rules are applied first. Additionally, using rule aggregation techniques, redundant or overlapping rules can be combined, reducing the overall number of rules that need to be processed. Paragraph [0059] of Gomez discloses include the integration of machine learning.
It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the access control system as disclosed by Zhou, with using ZTNA as disclosed by Gomez. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Zhou and Gomez are directed toward access control systems and as such it would be obvious to use the techniques of one in the other. Paragraph [0037] of Gomez discloses ZTNA reduces risk by eliminating the attack surface.
As to Claim 2, Zhou discloses a non-transitory computer-readable medium in a network security device, on a data communication network, storing code that when executed, performs a method for an efficacy scoring metric for an access control policy list in [Zero Trust Network Access (ZTNA)], the method comprising:
generating a set of ZTNA access control policies for automatically securing the network (Paragraph [0060] of Zhou discloses after generating one or more candidate access rules 334, the access rule generation system 300 may provide the candidate access rules 334 to an access server to be used for determining access request outcomes);
applying the set of ZTNA access control policies against different sessions in real-time traffic of the network, to identify allowed sessions and blocked sessions (Paragraph [0031] of Zhou discloses the resource security system 100 may implement access rules 122 to identify fraudulent access requests based on the parameters of the access request);
detecting a false positive or a false negative from the allowed and blocked sessions from application of ZTNA rules, wherein the false positive comprises a blocked legitimate flow and the false negative comprises an allowed illegitimate flow (Paragraph [0077] of Zhou discloses the detection error percentage may be based on the percentage of “false positives” (e.g., a legitimate access request being determined to be fraudulent) and the percentage of “false negatives” (e.g., a fraudulent request being determined to be legitimate) for the conditions associated with a particular node);
periodically determining an ZTNA efficacy score representing a combination of ZTNA rule accuracy and ZTNA rule manageability (Paragraph [0028] of Zhou discloses periodically, the resource security system may change or update the access rules based on their performance), comprising:
scoring the ZNTA rule accuracy based on allowed legitimate flows and blocked illegitimate flows in relation to allowed illegitimate flows and blocked legitimate flows (Paragraph [0077] of Zhou discloses the detection error percentage may be based on the percentage of “false positives” (e.g., a legitimate access request being determined to be fraudulent) and the percentage of “false negatives” (e.g., a fraudulent request being determined to be legitimate) for the conditions associated with a particular node);
scoring the ZNTA rule manageability based on a volume of the ZTNA rules (Paragraph [0097] of Zhou discloses merging multiple conditions into a single condition may reduce the computation complexity of running the access rules since there may be fewer conditions to check); and
responsive to the ZNTA efficacy score, raising the ZTNA efficacy score by automatically adjusting the ZTNA rules, using machine learning, to maximize ZTNA rule accuracy and ZTNA rule manageability by reducing false positives and false negatives and by reducing the number of rules (Paragraph [0056] of Zhou discloses access rules 222 that having poor fraud detection performance may be updated or replaced by better performing access rules. Paragraph [0097] of Zhou discloses merging multiple conditions into a single condition may reduce the computation complexity of running the access rules since there may be fewer conditions to check); and
implementing updated ZTNA rule set to real-time (Paragraph [0028] of Zhou discloses periodically, the resource security system may change or update the access rules based on their performance).
Zhou does not explicitly disclose Zero Trust Network Access (ZTNA).
However, Gomez discloses this. Paragraph [0029] of Gomez discloses ZPA can include access control. ZPA provides Zero Trust Network Access (ZTNA). Paragraph [0061] of Gomez discloses by categorizing rules based on their importance and likelihood of detecting threats, the systems can ensure that the most critical rules are applied first. Additionally, using rule aggregation techniques, redundant or overlapping rules can be combined, reducing the overall number of rules that need to be processed. Paragraph [0059] of Gomez discloses include the integration of machine learning.
Examiner recites the same rationale to combine used for claim 1.
As to Claim 3, Zhou discloses a network security device, on a data communication network, for an efficacy scoring metric for an access control policy list in [Zero Trust Network Access (ZTNA)], the network security device comprising: a processor; a network interface communicatively coupled to the processor and to a data communication network; and a memory, communicatively coupled to the processor and storing:
a access control policy module to generate a set of ZTNA access control policies for automatically securing the network (Paragraph [0060] of Zhou discloses after generating one or more candidate access rules 334, the access rule generation system 300 may provide the candidate access rules 334 to an access server to be used for determining access request outcomes);
a session evaluator to apply the set of ZTNA access control policies against different sessions in real-time traffic of the network, to identify allowed sessions and blocked sessions (Paragraph [0031] of Zhou discloses the resource security system 100 may implement access rules 122 to identify fraudulent access requests based on the parameters of the access request),
an efficacy scoring module to detect a false positive or a false negative from the allowed and blocked sessions from application of ZTNA rules, wherein the false positive comprises a blocked legitimate flow and the false negative comprises an allowed illegitimate flow (Paragraph [0077] of Zhou discloses the detection error percentage may be based on the percentage of “false positives” (e.g., a legitimate access request being determined to be fraudulent) and the percentage of “false negatives” (e.g., a fraudulent request being determined to be legitimate) for the conditions associated with a particular node),
wherein the efficacy scoring module periodically determines an ZTNA efficacy score representing a combination of ZTNA rule accuracy and ZTNA rule manageability (Paragraph [0028] of Zhou discloses periodically, the resource security system may change or update the access rules based on their performance), comprising:
scoring the ZNTA rule accuracy based on allowed legitimate flows and blocked illegitimate flows in relation to allowed illegitimate flows and blocked legitimate flows (Paragraph [0077] of Zhou discloses the detection error percentage may be based on the percentage of “false positives” (e.g., a legitimate access request being determined to be fraudulent) and the percentage of “false negatives” (e.g., a fraudulent request being determined to be legitimate) for the conditions associated with a particular node);
scoring the ZNTA rule manageability based on a volume of the ZTNA rules (Paragraph [0097] of Zhou discloses merging multiple conditions into a single condition may reduce the computation complexity of running the access rules since there may be fewer conditions to check),
wherein the efficacy scoring module, responsive to the ZNTA efficacy score, raises the ZTNA efficacy score by automatically adjusting the ZTNA rules, using machine learning, to maximize ZTNA rule accuracy and ZTNA rule manageability by reducing false positives and false negatives and by reducing the number of rules (Paragraph [0056] of Zhou discloses access rules 222 that having poor fraud detection performance may be updated or replaced by better performing access rules. Paragraph [0097] of Zhou discloses merging multiple conditions into a single condition may reduce the computation complexity of running the access rules since there may be fewer conditions to check); and
a ZTNA rule module to implement an updated ZTNA rule set to real-time (Paragraph [0028] of Zhou discloses periodically, the resource security system may change or update the access rules based on their performance).
Zhou does not explicitly disclose Zero Trust Network Access (ZTNA).
However, Gomez discloses this. Paragraph [0029] of Gomez discloses ZPA can include access control. ZPA provides Zero Trust Network Access (ZTNA). Paragraph [0061] of Gomez discloses by categorizing rules based on their importance and likelihood of detecting threats, the systems can ensure that the most critical rules are applied first. Additionally, using rule aggregation techniques, redundant or overlapping rules can be combined, reducing the overall number of rules that need to be processed. Paragraph [0059] of Gomez discloses include the integration of machine learning.
Examiner recites the same rationale to combine used for claim 1.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KEVIN S MAI/Primary Examiner, Art Unit 2499