Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the application 15/170,605 filed on 12/17/2020; claims 32-51 have been amended; and claims 32, 42, and 51 are independent claims.  Claims 32-51 have been examined and are pending.  This Action is made FINAL.
Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 12/17/2020, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicants argue: DiValentin and Mumcuoglu, considered alone or in combination, fail to teach or suggest several features of claim 32. In particular, it is respectfully submitted that the cited references fail to teach or suggest at least the features of claim 32 which recite “receiving, by the computing asset, security parameters to be used by the computing asset to authenticate the administration system and to determine whether execution of the security action by the computing asset is approved, wherein the computing asset receives the security parameters from the administration system over the computing network, wherein the security parameters are transmitted over the computing network by the administration system, and wherein the administration system transmits the security parameters in conjunction with the security action.” (Remark, pages 9-10).
 The Examiner disagrees with the Applicants. The Examiner respectfully submits that DiValentin does disclose the aforementioned portions limitation as the following:
Divalenti discloses  receiving, by the computing asset, security parameters, wherein the computing asset receives the security parameters from the administration system over the computing network, wherein the security parameters are transmitted over the computing network by the administration system (DiValentin: par. 0002, receive one or more identified security threats from the threat information server and develop a response process applicable to each identified security threat..; See also pars. 0003, 0005-0006), and wherein the administration system transmits the security parameters in conjunction with the security action (DiValentin: pars. 0002-0003, 0005-0006);
Regarding to portion of limitation “security parameters to be used by the computing asset to authenticate the administration system and to determine whether execution of the security action by the computing asset is approved” have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.
Claims 32-33, 37-41, 42-43, and 47-51 are rejected under 35 U.S.C. 103 as being unpatentable over DiValentin et al. (“DiValentin,” US 2019/0132358, filed Aug. 29, 2014) in view of Mumcuoglu et al. (“Mumcuoglu,” US 2017/0054744, filed May 31, 2015), further in view of Gomez et al (“Gomez,” US 2008/0141339, published Jun. 12, 2008).
Regarding claim 32, DiValentin  teaches a method performed by a computing asset in a computing network, the computing network comprising a plurality of computing assets including the computing asset, the method comprising:
receiving, by the computing asset, a request to implement a security action at the computing asset, wherein the computing asset receives the security action over the computing network, wherein the security action is transmitted over the computing network by an administration system  wherein the administration system transmits the security action as an automated response to a security threat identified to the administration system (DiValentin: fig. 2; par. 0002, 0005-0006, receive one or more identified security threats from the threat information server and develop a response process applicable to each identified security threat..; par. 0008, Responses to threats can be automated, and systems and processes for providing mitigations can be coordinated.  Organizations can share information related to potential threats; See also; 0019, 0022, 0034, 0052, 0055, 0064), wherein the security action, when executed by the computing asset, mitigates an effect of the security threat on the computing network (Divalentin: par. 0005; identifying an occurrence of the security threat by detecting one or more of the threat indicators corresponding to the security threat, identifying a predetermined course of action to be performed in response to the identified security threat, and performing the predetermined course of action.  Performing the predetermined course of action can include identifying an endpoint under threat, performing a snapshot of a current session of the identified endpoint, based at least in part on the snapshot, recreating the current session of the identified endpoint in a honeypot environment, and redirecting network traffic intended for the endpoint to the honeypot environment; see also par. 0022);]
receiving, by the computing asset, security parameters, wherein the computing asset receives the security parameters from the administration system over the computing network, wherein the security parameters are transmitted over the computing network by the administration system (DiValentin: par. 0002, receive one or more identified security threats from the threat information server and develop a response process applicable to each identified security threat..; See also pars. 0003, 0005-0006), and wherein the administration system transmits the security parameters in conjunction with the security action (DiValentin: pars. 0002-0003, 0005-0006);
 executing, by the computing asset, the security action, wherein the computing asset executes the security action, wherein executing the security action causes the computing asset to execute a set of procedures that mitigates the effect of the security threat (DiValentin: par. 0029, executing a course of action to mitigate the particular threat).
DiValenti does not explicitly disclose performing, by the computing asset, a credential verification to determine whether the security action is approved for execution by the computing asset, wherein performing the credential verification includes using the security parameters; determining, by the computing asset, that the security action is approved for execution by the computing asset.
(Mumcuoglu:  par. 0021, administrative activities are defined as actions requiring elevated levels of privilege, which are normally permitted only to users who can present credentials verifying their identity as administrators.).
determining, by the computing asset, that the security action is approved for execution by the computing asset (Mumcuoglu:  par. 0021, administrative activities are defined as actions requiring elevated levels of privilege, which are normally permitted only to users who can present credentials verifying their identity as administrators.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Mumcuoglu with the method and system of DiValenti, wherein performing, by the computing asset, a credential verification to determine whether the security action is approved for execution by the computing asset, wherein performing the credential verification includes using the security parameters; determining, by the computing asset, that the security action is approved for execution by the computing asset; executing, by the computing asset the security action, wherein the computing asset executes the security action in response to determining that the security action is approved for execution, to provide users with means for realizing tolerant of changes in system configuration and errors of configuration, thus detecting suspicious anomalies reliably with low rate of false alarms (Mumcuoglu: par. 0028).

However, in an analogous art, Gomez disclose method and system for authentication, wherein security parameters to be used by the computing asset to authenticate the administration system and to determine whether execution of the security action by the computing asset is approved (Gomez: par. 0096, n authorization service 22, which may be located on the authorization service 2 checks whether the received credentials, i.e. whether the security token comply with a policy 23 and grants or denies access to the service 20 (S5)).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Gomez with the method and system of DiValenti and Mumcuoglu, wherein security parameters to be used by the computing asset to authenticate the administration system and to determine whether execution of the security action by the computing asset is approved  to provide users with means for allowing authentication of the user of the mobile device for the service, in a consistent and reliable manner (Gomez: pars. 0003-0004, 0012).
 Regarding claim 33, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32. DiValentin further discloses wherein the computing asset comprises at least one of: a firewall, a server, an end user computing system, a virtual machine, or a router (DiValentin: fig. 2, pars. 0023-0025, servers)
Regarding claim 37, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32. The combination of DiValentin, Mumcuoglu, and Gomez further teaches wherein the request to implement the security action at the computing asset is included in the security parameters exchanged with the administration system (DiValentin: par. 0002, receive one or more identified security threats from the threat information server and develop a response process applicable to each identified security threat..; See also pars. 0003, 0005-0006; Gomez: par. 0096,).
Regarding claim 38, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32. The combination of DiValentin, Mumcuoglu, and Gomez further teaches wherein the request is a first request, the security action is a first security action, and wherein the method further comprises:
receiving a second request to implement a second security action at the computing asset (DiValentin: par. 0021, … Based on insights 118 from the threat intelligence component 102 and/or incident activity information 130 from the security information and analytics component 104, See also pars. 0026-0027; Gomez: par. 0096); 
determining, based on the security parameters, that implementation of the second security actions by the computing asset is not permitted (DiValentin: par. 0021, …, the defense component 106 can provide automated or semi-automated infrastructure changes and service management ticketing to mitigate the impact of identified threats or breaches.  The defense component 106, for example, can perform particular actions in response to particular indicators, such as blocking an IP address, blocking a process executed by an endpoint; See also pars. 0026-0027; Gomez: par. 0096); and 
(DiValentin: par. 0021, …, the defense component 106 can provide automated or semi-automated infrastructure changes and service management ticketing to mitigate the impact of identified threats or breaches.  The defense component 106, for example, can perform particular actions in response to particular indicators, such as blocking an IP address, blocking a process executed by an endpoint; See also pars. 0026-0027).
Regarding claim 39, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32. The combination of DiValentin, Mumcuoglu, and Gomez further teaches wherein the computing asset is a first computing asset, the security parameters are first security parameters, and wherein a second computing asset of the plurality of computing assets exchanges second security parameter with the administration system that are different from the first security parameters (DiValentin: par. 0002, receive one or more identified security threats from the threat information server and develop a response process applicable to each identified security threat..; See also pars. 0003, 0005-0006; Gomez: par. 0096).
Regarding claim 40, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32.  The combination of DiValentin, Mumcuoglu, and Gomez further teaches wherein the plurality of computing assets includes a plurality of computing asset types (DiValentin: fig. 2, pars. 0023-0025).
Regarding claim 41, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32. The combination of DiValentin, Mumcuoglu, and Gomez further teaches wherein the security action includes one or more of: blocking an internet (DiValentin: par. 0021, …, the defense component 106 can provide automated or semi-automated infrastructure changes and service management ticketing to mitigate the impact of identified threats or breaches.  The defense component 106, for example, can perform particular actions in response to particular indicators, such as blocking an IP address, blocking a process executed by an endpoint; See also pars. 0026-0027).
Regarding claim 42, claim 42 is directed to a computing asset comprising: a processor (DiValentin: fig. 2, pars. 0025, 0063), non-transitory computer readable storage media medium storing instruction which (DiValentin: par. 0067), when executed by the processing system, direct the processor to associated with the method claimed in claim 42; claim 32 is similar in scope to claim 32, and is therefore rejected under similar rationale.
Regarding claim 43, claim 43 is similar in scope to claim 33, and is therefore rejected under similar rationale.
Regarding claim 47, claim 47 is similar in scope to claim 37, and is therefore rejected under similar rationale.
Regarding claim 48, claim 48 is similar in scope to claim 38, and is therefore rejected under similar rationale.
Regarding claim 49
Regarding claim 50, claim 50 is similar in scope to claim 41, and is therefore rejected under similar rationale.
Regarding claim 51, claim 51 is directed to a non-transitory computer readable storage medium storing instruction which, when executed by a processor, cause the processor to perform operations associated with the method claimed in claim 32; claim 51 is similar in scope to claim 32, and is therefore rejected under similar rationale.
Claims 34-35 and 44-45 are rejected under 35 U.S.C. 103 as being unpatentable over DiValentin et al. (“DiValentin,” US 2019/0132358, filed Aug. 29, 2014) in view of Mumcuoglu et al. (“Mumcuoglu,” US 2017/0054744, filed May 31, 2015), further in view of Gomez et al (“Gomez,” US 2008/0141339, published Jun. 12, 2008), and Ramasamy (“Ramasamy,” US 2016/0019043, filed Jul. 15, 2014).
Regarding claim 34, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32.  The combination of DiValentin, Mumcuoglu, and Gomez discloses wherein the security parameters comprise security credentials for the computing asset but does not disclose explicitly the security credentials obtained from an administrator of the administration system.
However, in an analogous art, Ramasamy discloses automatic generation and execution of server update processes, wherein the security credentials obtained from an administrator of the administration system (Ramasamy: par. 0042, While the username and password are used here by way of example, it will be understood that the credentials provided by the system administrator may include any identifying information, such as a hardware dongle, encryption keys, biometric information, and/or the like).
(Ramasamy: pars. 0043,  0055).
Regarding claim 35, the combination of DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32.  The combination of DiValentin, Mumcuoglu, and Gomez discloses wherein the security parameters comprise security credentials for the computing asset but does not explicitly wherein the security credentials comprise at least a username and password for the computing asset.
However, in an analogous art, Ramasamy discloses automatic generation and execution of server update processes, wherein the security credentials comprise at least a username and password for the computing asset (Ramasamy: par. 0042, While the username and password are used here by way of example, it will be understood that the credentials provided by the system administrator may include any identifying information, such as a hardware dongle, encryption keys, biometric information, and/or the like).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Ramasamy with the method and system of DiValentin, Mumcuoglu, and Gomez, wherein the  security (Ramasamy: pars. 0043, 0055).
Regarding claim 44, claim 44 is similar in scope to claim 34, and is therefore rejected under similar rationale.
Regarding claim 45, claim 45 is similar in scope to claim 35, and is therefore rejected under similar rationale.
Claims 36 and 46 are rejected under 35 U.S.C. 103 as being unpatentable over DiValentin et al. (“DiValentin,” US 2019/0132358, filed Aug. 29, 2014) in view of Mumcuoglu et al. (“Mumcuoglu,” US 2017/0054744, filed May 31, 2015), further in view of Gomez et al (“Gomez,” US 2008/0141339, published Jun. 12, 2008), and Maret et al. (“Maret,” US 2015/0101030, published Apr. 9, 2015).
Regarding claim 36, the combination of and DiValentin, Mumcuoglu, and Gomez teaches the method of claim 32.  DiValentin, Mumcuoglu, and Gomez do not explicitly disclose wherein executing the security action comprises sending a notification to the administration system indicating that the security action was successfully implemented.
However, in an analogous art, Maret discloses user collision detection and handling, wherein implementing the security action comprises sending a notification to the (Maret: pars. 0045, 0047, receiving a notification from the authentication service indicating whether authentication of the resource user was successful).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Maret with the method and system of DiValentin, Mumcuoglu, and Gomez, wherein implementing the security action comprises sending a notification to the administration system indicating that the security action was successfully implemented to provide users with means for preventing the user from being authenticated as a different user associated with an existing user profile, thus preventing the user from accessing the network resource based on the existing user profile, and hence protecting user information and user resources from unauthorized access. The system ensures that the resource user is correctly identified and differentiated from the other users before permitting the resource user to access the network resource (Maret: pars. 0006, 0057).
Regarding claim 46, claim 46 is similar in scope to claim 36, and is therefore rejected under similar rationale


Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  
Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Canh Le/
Examiner, Art Unit 2439

January 16th, 2021 



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439