Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Detailed Action
Claims 1-20 are pending
Priority
The present application for patent is a Continuation of U.S. patent application Ser. No. 18/626,087 filed Apr. 3, 2024, which is a Continuation of U.S. patent application Ser. No. 18/361,512 filed Jul. 28, 2023, which is a Continuation of U.S. patent application Ser. No. 17/161,398, now U.S. Pat. No. 11,765,129 filed Jan. 28, 2021. Therefore, the effective filing date of this application is 01/28/2021.
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description:
figure 4 reference number 400, 440
figure 5 reference number 500, 510, and 520.
Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Specification
The abstract of the disclosure is objected to because it contains legal phraseology of “configured to”. A corrected abstract of the disclosure is required and must be presented on a separate sheet, apart from any other text. See MPEP § 608.01(b).
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/31/2024. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements have been considered by the examiner.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph:
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function;
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation is:
“… the machine learning model is configured to” in claims 4, 13, and 18
Because this claim limitation(s) is being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it is being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
See specification para. [0050, 0053, 0054] for hardware support
See specification para. [0033-0036] for functional support
If applicant does not intend to have this limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-4, 10-13, and 14-18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 8 of U.S. Patent No. US 11,765,129 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the corresponding claims further recite similar/same limitation of the same subject matter.
Current application 18/977,293
U.S. Patent No. US 11,765,129 B2
1.) A method comprising:
obtaining information associated with a plurality of access requests to access computing resources of an organization, the plurality of access requests having respective statuses that are indicative of whether a corresponding access request of the plurality of access requests was successful;
determining a network perimeter of the organization in accordance with the information associated with the plurality of access requests and the respective statuses, the network perimeter associated with one or more network addresses based at least in part on one or more access requests of the plurality of access requests originating from the one or more network addresses having a respective status indicative of the one or more access requests being successful; and
implementing one or more network policies in accordance with the network perimeter.
1.) A computer-implemented method for determining network perimeters, the method comprising:
initializing a machine learning based model configured to receive a network zone as input and output a score indicating security of the network zone in relation to an organization;
receiving information describing connection requests received from client devices associated with the organization, each connection request originating from a network address, the information indicating whether each connection request was successful;
adjusting parameters of the machine learning based model based on the information describing the connection requests, the adjusting improving an accuracy of prediction based on the information describing the connection requests;
determining a network perimeter for the organization using the machine learning based model, wherein the network perimeter is used for implementing a network policy for the organization;
determining whether the network zone is within the network perimeter of the organization based on the score;
sending a recommendation based on the determination of whether the network zone is within the network perimeter of the organization based on the score;
determining a modification to a definition of the network perimeter subsequent to sending the recommendation;
determining whether the modification to the definition of the network perimeter conforms to the recommendation; and
adjusting the machine learning based model based on the modification to the definition of the network perimeter.
2) The method of claim 1, further comprising:
generating a recommendation for a network administrator of the organization based at least in part on the information associated with the plurality of access requests and the respective statuses.
1) … sending a recommendation based on the determination of whether the network zone is within the network perimeter of the organization based on the score;
determining a modification to a definition of the network perimeter subsequent to sending the recommendation;
determining whether the modification to the definition of the network perimeter conforms to the recommendation; and
3.) The method of claim 2, further comprising:
obtaining a score for the one or more network addresses via a machine learning model, the score representing a security of the one or more network addresses relative to a network, wherein the recommendation is based at least in part on the score.
1) …. initializing a machine learning based model configured to receive a network zone as input and output a score indicating security of the network zone in relation to an organization; …. adjusting parameters of the machine learning based model based on the information describing the connection requests, the adjusting improving an accuracy of prediction based on the information describing the connection requests; … determining a network perimeter for the organization using the machine learning based model, wherein the network perimeter is used for implementing a network policy for the organization; … determining a modification to a definition of the network perimeter subsequent to sending the recommendation; … adjusting the machine learning based model based on the modification to the definition of the network perimeter.
4.) The method of claim 1, further comprising:
training a machine learning model using the information associated with the plurality of access requests and the respective statuses, wherein the machine learning model is configured to output scores for the one or more network addresses input into the machine learning model, and wherein determining the network perimeter is based at least in part on an output of the machine learning model.1
1) …. initializing a machine learning based model configured to receive a network zone as input and output a score indicating security of the network zone in relation to an organization; …. adjusting parameters of the machine learning based model based on the information describing the connection requests, the adjusting improving an accuracy of prediction based on the information describing the connection requests; … determining a network perimeter for the organization using the machine learning based model, wherein the network perimeter is used for implementing a network policy for the organization; … adjusting the machine learning based model based on the modification to the definition of the network perimeter.
8) The computer-implemented method of claim 1, wherein the machine learning based model is initialized based on information describing connection requests for one or more network zones of one or more other organizations.
Claims 10-13, and 14-18 are parallel claims to claim 1-4. Therefore, claims 10-13, and 14-18 are rejected in a similar manner.
Claims 1-6 and 10-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 and 7 of U.S. Patent No. US 11,991,148 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the corresponding claims further recite similar/same limitation of the same subject matter.
Current application 18/977,293
U.S. Patent No. US 11,991,148 B2
1.) A method comprising:
obtaining information associated with a plurality of access requests to access computing resources of an organization, the plurality of access requests having respective statuses that are indicative of whether a corresponding access request of the plurality of access requests was successful;
determining a network perimeter of the organization in accordance with the information associated with the plurality of access requests and the respective statuses, the network perimeter associated with one or more network addresses based at least in part on one or more access requests of the plurality of access requests originating from the one or more network addresses having a respective status indicative of the one or more access requests being successful; and
implementing one or more network policies in accordance with the network perimeter.
1) A method comprising:
receiving connection data corresponding to network requests of client devices associated with a network, wherein an item of the connection data includes at least one network address;
training a machine learning model using the connection data, wherein the machine learning model is configured to output scores for network zones input into the machine learning model;
receiving a network zone;
inputting the network zone into the machine learning model to obtain a corresponding score, the corresponding score representing a security of the network zone relative to the network;
displaying data to a network administrator, the data representing the corresponding score and a recommendation;
receiving an approval of the recommendation from the network administrator; and
modifying a network operation of the network based on the corresponding score after receiving the approval.
2.) The method of claim 1, further comprising:
generating a recommendation for a network administrator of the organization based at least in part on the information associated with the plurality of access requests and the respective statuses.
1) … inputting the network zone into the machine learning model to obtain a corresponding score, the corresponding score representing a security of the network zone relative to the network;
displaying data to a network administrator, the data representing the corresponding score and a recommendation;
receiving an approval of the recommendation from the network administrator; and
modifying a network operation of the network based on the corresponding score after receiving the approval.
3.) The method of claim 2, further comprising:
obtaining a score for the one or more network addresses via a machine learning model, the score representing a security of the one or more network addresses relative to a network, wherein the recommendation is based at least in part on the score.
1) … training a machine learning model using the connection data, wherein the machine learning model is configured to output scores for network zones input into the machine learning model;
receiving a network zone;
inputting the network zone into the machine learning model to obtain a corresponding score, the corresponding score representing a security of the network zone relative to the network;
displaying data to a network administrator, the data representing the corresponding score and a recommendation; …
4.) The method of claim 1, further comprising:
training a machine learning model using the information associated with the plurality of access requests and the respective statuses, wherein the machine learning model is configured to output scores for the one or more network addresses input into the machine learning model, and wherein determining the network perimeter is based at least in part on an output of the machine learning model.
1) … training a machine learning model using the connection data, wherein the machine learning model is configured to output scores for network zones input into the machine learning model; …
5.) The method of claim 1, further comprising:
receiving an approval of the one or more network policies via a user interface of an application used by a network administrator of the organization, wherein the one or more network policies are implemented based at least in part on receiving the approval.
1) … inputting the network zone into the machine learning model to obtain a corresponding score, the corresponding score representing a security of the network zone relative to the network;
displaying data to a network administrator, the data representing the corresponding score and a recommendation;
receiving an approval of the recommendation from the network administrator; and
modifying a network operation of the network based on the corresponding score after receiving the approval.
6) The method of claim 1, wherein implementing the one or more network policies comprises automatically adjusting the network perimeter based at least in part on the information associated with the plurality of access requests and the respective statuses.
7.) The method of claim 6, wherein adjusting at least one network policy comprises automatically adjusting a network perimeter boundary based on the outputs of the machine learning model.
Claims 10-20 are parallel claims to claims 1-6. Therefore, claims 10-20 are rejected in a similar manner.
Claims 1-5 and 10-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-4, 8, and 10 of U.S. Patent No. U.S. Patent No. US 12,206,644 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the corresponding claims further recite similar/same limitation of the same subject matter.
Current application 18/977,293
U.S. Patent No. US 12,206,644 B2
1.) A method comprising:
obtaining information associated with a plurality of access requests to access computing resources of an organization, the plurality of access requests having respective statuses that are indicative of whether a corresponding access request of the plurality of access requests was successful;
determining a network perimeter of the organization in accordance with the information associated with the plurality of access requests and the respective statuses, the network perimeter associated with one or more network addresses based at least in part on one or more access requests of the plurality of access requests originating from the one or more network addresses having a respective status indicative of the one or more access requests being successful; and
implementing one or more network policies in accordance with the network perimeter.
1) A method comprising:
receiving connection data corresponding to network requests of client devices associated with a network, wherein an item of the connection data includes at least one network address and a status of a connection request corresponding to the at least one network address;
training a machine learning model using the connection data, wherein the machine learning model is configured to output scores for network zones input into the machine learning model;
receiving a network zone;
inputting the network zone into the machine learning model to obtain a corresponding score, the corresponding score representing a security of the network zone relative to the network; and
modifying a network operation of the network based on the corresponding score.
10.) The method of claim 9, wherein adjusting the at least one network policy comprises automatically adjusting a network perimeter boundary based on the outputs of the machine learning model.
2.) The method of claim 1, further comprising:
generating a recommendation for a network administrator of the organization based at least in part on the information associated with the plurality of access requests and the respective statuses.
2.) The method of claim 1, further comprising:
generating a recommendation for a network administrator based at least in part on the corresponding score.
3.) The method of claim 2, further comprising:
obtaining a score for the one or more network addresses via a machine learning model, the score representing a security of the one or more network addresses relative to a network, wherein the recommendation is based at least in part on the score.
1) … training a machine learning model using the connection data, wherein the machine learning model is configured to output scores for network zones input into the machine learning model; …
2) The method of claim 1, further comprising:
generating a recommendation for a network administrator based at least in part on the corresponding score.
4.) The method of claim 1, further comprising:
training a machine learning model using the information associated with the plurality of access requests and the respective statuses, wherein the machine learning model is configured to output scores for the one or more network addresses input into the machine learning model, and wherein determining the network perimeter is based at least in part on an output of the machine learning model.
1) … training a machine learning model using the connection data, wherein the machine learning model is configured to output scores for network zones input into the machine learning model; …
8) The method of claim 7, further comprising receiving updated connection data and re-training the neural network using the updated connection data.
5.) The method of claim 1, further comprising:
receiving an approval of the one or more network policies via a user interface of an application used by a network administrator of the organization, wherein the one or more network policies are implemented based at least in part on receiving the approval.
3.) The method of claim 1, further comprising:
displaying data to a network administrator via a user interface of an application used by the network administrator, the data representative of the corresponding score and a recommendation displaying the data.
4.) The method of claim 1, further comprising:
receiving an approval of a recommendation from a network administrator via a user interface of an application used by the network administrator.
Claims 10-19 are parallel claims to claims 1-5. Therefore, claims 10-14 and 15-19 are rejected in a similar manner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 6-10, 15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over BURSTEIN (US-20130133023-A1) in view of KENNEDY (US-20170230403-A1), hereinafter BURSTEIN-KENNEDY.
Regarding claim 1, BURSTEIN teaches “A method comprising: obtaining information associated with a plurality of access requests to access computing resources of an organization, the plurality of access requests having respective statuses that are indicative of whether a corresponding access request of the plurality of access requests was successful; ([BURSTEIN, abstract] “In an embodiment, the method is comprising, receiving an access request, from an authenticator device, to grant a supplicant device access to a data network; transmitting the access request to an authentication server”) ([BURSTEIN, para. 0074] “At block 300, a management module receives an access request from a network device 110 a (an authenticator) to allow a network device 110 b (a supplicant) to access a secure network 100.”) ([BURSTEIN, para. 0077] “Once the request reaches an authentication server, the authentication server determines whether access to a secure network can be granted to the supplicant.”) ([BURSTEIN, para. 0078] “If an authentication server determines that a supplicant can be granted access to the secure network, then the authentication server generates an access confirmation message indicating that the supplicants is granted access to the secure network, and transmits the access confirmation to the management module.”) ([BURSTEIN, para. 0043] “network devices 110 a, 110 b and AAA server 160 implement TrustSec software. As an example, network devices 110 a, 110 b are Cisco Catalyst 6500 switches hosting TrustSec software.”) ([BURSTEIN, para. 0044] “Cisco TrustSec creates a trusted enterprise network encompassing switches, routers and other devices with a wireless network of controllers.”) determining a network perimeter of the organization in accordance with the information associated with the plurality of access requests and the respective statuses, the network perimeter associated with one or more network … based at least in part on one or more access requests of the plurality of access requests originating from the one or more network … having a respective status indicative of the one or more access requests being successful; and ([BURSTEIN, para. 0081] “Upon receiving a message from an authentication server, a management module determines whether the message indicates that the access request from a supplicant was granted. If the access request to access the requested resources was granted, then, at block 350, the management module sends an access confirmation to network device 110 a and proceeds to step depicted in block 360.”) ([BURSTEIN, para. 0082] “At block 360, a management module updates one or more trust topology maps maintained by the management module. In an embodiment, the management module updates its trust topology maps based on information indicating which device identifies itself as an authenticator and which device identifies itself as a supplicant. The trust topology maps are created and maintained using the information that is exchanged in requests such as access requests and exchanged in responses to the access requests.”) ([BURSTEIN, para. 0060] “upon receiving a response to the access requests, trust topology map unit 118 can use the information included in the response to the access request to update a trust topology map for the network 110. For example, the information included in the response to the access request received by management module 130 can be used to update the trust topology map to indicate that network device 110 b (a supplicant) became a part of the trusted network 100.”) ([BURSTEIN, para. 0060] “a trust topology map 122 represents trust relationships or security relationships that have been established among devices in a secure network 100. Information stored in trust topology map 122 can be obtained by management module 130 by obtaining data that are communicated from network device 110 a to AAA server 160.”) implementing one or more network policies in accordance with the network perimeter. ([BURSTEIN, para. 0091] “At block 480, a management module updates its trust topology map. For example, upon receiving a peer policy for a supplicant, the management module can include in its trust topology map the information indicating the policy information for the supplicant, and that one or more roles are assigned to the supplicant, which is now a part of a secure network.”) ([BURSTEIN, para. 0044] “Cisco TrustSec creates a trusted enterprise network encompassing switches, routers and other devices with a wireless network of controllers. It provides a foundation for authenticating supplicant devices, assigning roles to the supplicant devices, enforcing access policies and delivering integrity and confidentiality to the network traffic.”)
However, BURSTEIN does not teach “network perimeter associated with one or more network addresses … requests originating from the one or more network addresses”.
In analogous teaching KENNEDY teaches “network perimeter associated with one or more network addresses … requests originating from the one or more network addresses” ([KENNEDY, para. 0058] “At 502, an IP address of a received message is identified. For example, the IP address of the last server that sent the received message is identified.”) ([KENNEDY, para. 0063] “At 512 it is determined whether the identified IP address is contained within or adjacent to a network neighborhood authorized or historically known to send legitimate email for the sender of the message. … determining whether the identified IP address is within an authorized neighborhood includes determining whether the identified IP address is within the boundaries of the block of adjacent IP addresses contained within the selected sender models. In some embodiments, determining whether the identified IP address is within an authorized neighborhood includes matching the hostname of the server at the identified IP address with an organization network domain name for all servers authorized to send for the sender per the selected sender models.”) ([KENNEDY, para. 0035] “determining whether an identifier of the sender (e.g., domain name, sub domain, IP address) is included in a list of senders known to be reputable for the recipient. For example, there exists a predetermined list of entities and their associated identifiers that are known to be reputable for the specific recipient. ”)
Thus, given the teaching of KENNEDY, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of network address by KENNEDY into the teaching of determining network perimeter and implementing a policy by BURSTEIN. One of ordinary skill in the art would have been motivated to do so because KENNEDY recognizes the need to detect security risk of senders ([KENNEDY, para. 0003] “Therefore, there exists a need for a more flexible way to identify authenticity and security risk of a message and reputation of a sender.”) ([KENNEDY, para. 0012] “Performing a risk assessment of a message is disclosed. In some embodiments, a message is received.”)
Regarding claim 10, this claim recites of a device that performs the steps of method claim 1. Therefore, claim 10 is rejected in a similar manner as in the rejection of claim 1.
Regarding claim 15, this claim recites of a non-transitory computer-readable storage medium for tangibly storing computer program instructions capable of being executed by at least one computer processor that performs the steps of method claim 1. Therefore, claim 15 is rejected in a similar manner as in the rejection of claim 1.
Regarding claims 6 and 20, BURSTEIN-KENNEDY teach all limitations of claims 1 and 15. BURSTEIN further teaches “wherein implementing the one or more network policies comprises automatically adjusting the network perimeter based at least in part on the information associated with the plurality of access requests and the respective statuses. ([BURSTEIN, para. 0091] “At block 480, a management module updates its trust topology map. For example, upon receiving a peer policy for a supplicant, the management module can include in its trust topology map the information indicating the policy information for the supplicant, and that one or more roles are assigned to the supplicant, which is now a part of a secure network.”) ([BURSTEIN, para. 0044] “Cisco TrustSec creates a trusted enterprise network encompassing switches, routers and other devices with a wireless network of controllers. It provides a foundation for authenticating supplicant devices, assigning roles to the supplicant devices, enforcing access policies and delivering integrity and confidentiality to the network traffic.”) ([BURSTEIN, para. 0082] “The trust topology maps are created and maintained using the information that is exchanged in requests such as access requests and exchanged in responses to the access requests.”)
Regarding claim 7, BURSTEIN-KENNEDY teach all limitations of claim 1. BURSTEIN further teaches “wherein the respective statuses are further indicative of whether the corresponding access request was unsuccessful. ([BURSTEIN, para. 0081] “Upon receiving a message from an authentication server, a management module determines whether the message indicates that the access request from a supplicant was granted … If the access request to access the requested resources was not granted, then, optionally, the management module can send an access denial message to network device 110 a.”)
Regarding claim 8, BURSTEIN-KENNEDY teach all limitations of claim 1. BURSTEIN further teaches “wherein a successful access request is indicative that a network … from which the corresponding access request originated successfully established a connection with a requested computing resource of the computing resources of the organization. ([BURSTEIN, para. 0081] “a method is performed at management device such as an access router or other computing device, and comprises receiving an access request, from an authenticator device, to grant a supplicant device access to a trusted network; transmitting the access request to an authentication server; after sending a response that the access request was granted, updating a trust topology map by including in the trust topology map information that was obtained from the response and that is about a secure link established between the authenticator device and the supplicant device.”)
KENNEDY teaches of a network address as seen in claim 1. The same rejection and motivation apply.
Regarding claim 9, BURSTEIN-KENNEDY teach all limitations of claim 1. BURSTEIN further teaches “wherein the network perimeter is inclusive of the one or more network .... ([BURSTEIN, para. 0061] “a trust topology map 122 represents trust relationships or security relationships that have been established among devices in a secure network 100. Information stored in trust topology map 122 can be obtained by management module 130 by obtaining data that are communicated from network device 110 a to AAA server 160. For example, trust topology map 122 can be created from information pertaining to access requests, responses to access requests, authentication/authorization requests, responses to authentication/authorization requests, policy requests, responses to policy requests, security protocol interactions such as IPSec negotiations, and other communications related to trust relationships or security relationships.”)
KENNEDY teaches of a network address as seen in claim 1. The same rejection and motivation apply.
Claims 2, 3, 5, 11, 12, 14, 16, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over BURSTEIN-KENNEDY in view of LONG (US-20170250915-A1), hereinafter BURSTEIN-KENNEDY-LONG.
Regarding claims 2, 11, and 16, BURSTEIN-KENNEDY teach all limitations of claims 1, 10, and 15. However, BURSTEIN-KENNEDY does not teach “generating a recommendation for a network administrator of the organization based at least in part on the information associated with the plurality of access requests and the respective statuses”
In analogous teaching LONG teaches “generating a recommendation for a network administrator of the organization based at least in part on the information associated with the plurality of access requests and the respective statuses. ([LONG, para. 0147] “The label feature module 724 uses contextual information about a device to generate features for input to a machine learning model that scores candidate label values.”) ([LONG, para. 0148] “The label feature module 724 also generates numerical features quantifying network traffic having the device as an endpoint. For example, the features indicate total or average data transferred through connections, average frequency of establishing connections, average duration of connections, or number of established connections, proportion of network traffic using a given protocol). Such features may include only inbound network traffic, only outbound network traffic, or may include both.”) ([LONG, para. 0171] “The labeling engine 710 assigns 820 labels to devices based on the collected contextual information. For example, the labeling engine 710 extracts features based on the collected contextual information and either determines the labels based on a weighted aggregate value based on the features or using a machine learning based model.”) ([LONG, para. 0171] “For example, the rule simplification module 738 identifies (a) a general rule with a scope portion specifying a set of label values and (b) a specific rule with a scope portion specifying the same set of label values as the general rule as well as additional label values for additional label dimensions. … the rule simplification module 738 sends recommendations of proposed simplifications to an administrator through the rule creation interface 740 rather than performing rule simplification automatically. ”)
Thus, given the teaching of LONG, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of sending a recommendation to an administrator by LONG into the teaching of determining network perimeter and implementing a policy by BURSTEIN-KENNEDY. One of ordinary skill in the art would have been motivated to do so because LONG recognizes the need to improve setting up policies ([LONG, para. 0006] “Conventional techniques for setting up policies use whitelist models based on rules that exhaustively list permissible actions. Configuring such lists can be very time consuming for administrative domains with large numbers of servers.”) ([LONG, para. 0008] “embodiment of a method regulates network traffic of a network domain comprising a plurality of computing devices. … A communication rule is generated for regulating communications between the consumer computing device and the provider computing device.”)
Regarding claims 3, 12, and 17, BURSTEIN-KENNEDY-LONG teach all limitation of claims 2, 11, and 16. KENNEDY further teaches “obtaining a score for the one or more network addresses via a machine learning model, the score representing a security of the one or more network addresses relative to a network, … ([KENNEDY, para. 0016] “In some embodiments, a risk analysis is performed for an incoming message at least in part by performing an authenticity and/or reputation analysis to determine an overall measure of risk (e.g., risk score). Performing authenticity analysis may include determining a measure of confidence that a sender identified in the message (e.g., domain of sender) is the actual sender of the message.”) ([KENNEDY, para. 0018] “For example, analysis server 102 is in communication with a plurality of different recipient message servers and the analysis server 102 at least in part automatically determines a reputation score for a sender (e.g., network/Internet domain, email address, etc.) at least in part by using machine learning to analyze messages from the sender that have been received at one or more recipient message servers.”) ([KENNEDY, para. 0054] “For example, because the address of the sender identified in the message may have been spoofed, a likelihood measure (e.g., score value) that the sender identified by the message actually sent the message is determined.”)
The same motivation to modify BURSTEIN with KENNEDY as in the rejection of claim 1 applies.
However, BURSTEIN-KENNEDY does not teach “wherein the recommendation is based at least in part on the score”.
In analogous teaching LONG teaches “wherein the recommendation is based at least in part on the score” ([LONG, para. 0147] “The label feature module 724 uses contextual information about a device to generate features for input to a machine learning model that scores candidate label values.”) ([LONG, para. 0171] “The labeling engine 710 assigns 820 labels to devices based on the collected contextual information. For example, the labeling engine 710 extracts features based on the collected contextual information and either determines the labels based on a weighted aggregate value based on the features or using a machine learning based model.”) ([LONG, para. 0171] “For example, the rule simplification module 738 identifies (a) a general rule with a scope portion specifying a set of label values and (b) a specific rule with a scope portion specifying the same set of label values as the general rule as well as additional label values for additional label dimensions. … the rule simplification module 738 sends recommendations of proposed simplifications to an administrator through the rule creation interface 740 rather than performing rule simplification automatically.”)
The same motivation to modify BURSTEIN-KENNEDY with LONG as in the rejection of claim 2 applies.
Regarding claims 5, 14, and 19, BURSTEIN-KENNEDY teach all limitations of claims 1, 10, and 15. However, BURSTEIN-KENNEDY does not teach “receiving an approval of the one or more network policies via a user interface of an application used by a network administrator of the organization, wherein the one or more network policies are implemented based at least in part on receiving the approval.”
In analogous teaching LONG teaches “receiving an approval of the one or more network policies via a user interface of an application used by a network administrator of the organization, wherein the one or more network policies are implemented based at least in part on receiving the approval. ([LONG, para. 0054] “Descriptions of managed servers 130, unmanaged devices 140, and labeled devices 150 can be loaded into the administrative domain state 320 in various ways, such as by interacting with the global manager 120 via a graphical user interface (GUI)”) ([LONG, para. 0171] “For example, the rule simplification module 738 identifies (a) a general rule with a scope portion specifying a set of label values and (b) a specific rule with a scope portion specifying the same set of label values as the general rule as well as additional label values for additional label dimensions. … the rule simplification module 738 sends recommendations of proposed simplifications to an administrator through the rule creation interface 740 rather than performing rule simplification automatically. ”) ([LONG, para. 0185] “ The communication rules creation module 390 generates a rule for the web service that specifies the labels that characterize the provider devices as the provided-by portion of the rule and the set of labels that characterize the consumer devices as the used-by portion of the rule. The global manager 120 may provide the generated rule to an administrator for approval. The administrator may modify the generated rule if necessary. The global manager 120 enforces the generated rule across devices of the administrative domain”).
The same motivation to modify BURSTEIN-KENNEDY with LONG as in the rejection of claim 2 applies.
Claims 4, 13, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over BURSTEIN-KENNEDY in view of ZAWOAD (US-20190387005-A1).
Regarding claims 4, 13, and 18, BURSTEIN-KENNEDY teach all limitations of claims 1, 10, and 15. KENNEDY further teaches “… wherein the machine learning model is configured to output scores for the one or more network addresses input into the machine learning model, and wherein determining the network perimeter is based at least in part on an output of the machine learning model. ([KENNEDY, para. 0018] “analysis server 102 is in communication with a plurality of different recipient message servers and the analysis server 102 at least in part automatically determines a reputation score for a sender (e.g., network/Internet domain, email address, etc.) at least in part by using machine learning to analyze messages from the sender that have been received at one or more recipient message servers.”) ([KENNEDY, para. 0026] “In some embodiments, machine learning or another automated process is utilized to determine the measure of global reputation based on gathered/generated information about the sender of the global reputation.”) ([KENNEDY, para. 0027] “determining the measure of global reputation for the sender includes determining whether an identifier of the sender (e.g., domain name, sub domain, IP address) is included in a list of senders known to be reputable.”) ([KENNEDY, para. 0041] “the sender model is automatically determined. For example, using one or more repositories storing messages received from the sender, a list of server IP addresses authorized or historically known to send messages for the sender is automatically determined. … Machine learning may be utilized to automatically detect sources of and properties that are characteristic of authentic messages from the sender using historical information about messages previously sent by or on behalf of the sender.”) ([KENNEDY, para. 0047] “For example, using a repository storing messages received from the sender to only the recipient, individual or neighborhoods of IP addresses associated with the sender model for a sender are automatically determined.”).
The same motivation to modify BURSTEIN with KENNEDY as in the rejection of claim 1 applies.
However, BURSTEIN-KENNEDY does not teach “training a machine learning model using the information associated with the plurality of access requests and the respective statuses …”.
In analogous teaching ZAWOAD teaches “training a machine learning model using the information associated with the plurality of access requests and the respective statuses” ([ZAWOAD, para. 0225] “The model training engine 602 may train and/or update one or more machine-learning models.”) ([ZAWOAD, para. 0226] “To train the machine-learning model, the model training engine 602 may obtain training data including a list of network identifiers (e.g., one or more IP addresses and/or one or more network domain names) with an preassigned maliciousness scores. In some examples, the training data may include historical maliciousness activity information obtained from one or more malicious activity sources (e.g., the third-party servers described in connection to FIG. 1).”) ([ZAWOAD, para. 0232] “At 706, the scoring engine 606 may access the machine learning model. Utilizing common feature types as those used to train the machine-learning model 704, the scoring engine 606 may input such features into the machine-learning model 704 to calculate a maliciousness score. By way of example, the scoring engine 606 may input the features associated with an IP address into the machine-learning model 704”) ([para. 0079] “Such features may include malicious files downloaded from an IP address, malicious files communicating with an IP address, and/or malicious URLs tied to an IP address.”).
Thus, given the teaching of ZAWOAD, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of training a machine learning model by ZAWOAD into the teaching of determining network perimeter and implementing a policy by BURSTEIN-KENNEDY. One of ordinary skill in the art would have been motivated to do so because ZAWOAD recognizes the need to detect malicious activity ([ZAWOAD, para. 0028] “Additionally, techniques provided herein for expanding the feature set by determining related IP addresses and/or network domain names can improve the accuracy of malicious activity analysis, resulting in more accurate malicious activity detection”)
Pertinent Art
The prior art made of record and not relied upon is considered pertinent to applicant’s
disclosure.
HUTCHINSON (US-20200244699-A1): This prior art teaches of network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.
HARJULA (US-20150242594-A1): This prior art teaches of a user interface is presented for interacting with a trust map identifying trust relationships between clients/users and servers/hosts. The trust relationships are defined by public/private key pairs in Secure Shell (SSH), Secure File Transfer Protocol (SFTP), Transport Layer Security/Secure Sockets Layer (TLS/SSL), Secure Multipurpose Internet Mail Extensions (S/MIME), Internet Protocol Security (IPsec), and so forth. A selected entity such as a server, client, client/server, key set, policy, and so forth is selected and displayed at the center of a hub/spoke diagram. Non-selected entities having a trust relationship with the hub entity are displayed as spokes. Similar spoke entitles may be grouped together. Trust relationships and related properties are displayed as lines between the hub and spoke entities. A user performs actions on the entities by manipulation of the hub, spoke, trust relationship and related user interface elements.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ALI SHAYANFAR can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/A.A./
02/25/2026
/AFAQ ALI/Examiner, Art Unit 2434
/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434