Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
No IDS has been filed.
Drawings
The drawings filed 2/26/2019 are accepted.
Specification

The specification filed 12/31/2018 is accepted.



EXAMINER'S AMENDMENT



An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Justin Eurek  on  2/11/21.

The application has been amended as follows: 





	



A method of configurable device fingerprinting, the method comprising:
providing, by a server, a user interface comprising a list of selectable system attributes of a first client device that includes: 
a basic input/output system universal unique identifier (biosUuid) attribute;
an operating system product identification number (osProductId) attribute;
a system serial number;
a hard disk serial number; 
a media access control (MAC) address; 
an internet protocol (IP) address; and
a hostname;

rendering the list of selectable system attributes on the user interface;

receiving, from a second device via the user interface, a selection of at least three of the selectable system attributes to generate first information including respective values corresponding to the at least three of the selectable system attributes that correspond to the first client device, 

wherein the at least three of the selected system attributes includes:
the biosUuid; 
the osProductId; and
at least one of:
the system serial number; 
the hard disk serial number;  
the MAC address;
the IP address; or
the hostname;

storing, at the server, the first information;

receiving, at the server, a first signal requesting that a first client device be registered, the first signal including system information corresponding to the first client device; 

	determining a fingerprint of the first client device based on a matching of at least a portion of the system information with the stored first information;

	generating a first identifier corresponding to the first client device based at least in part on the portion of the system information that matched the stored first information; 

	storing, by the server, the fingerprint and corresponding first identifier;

sending, by the server, the first identifier to the first client device; 
	receiving, by the server, a first token request that includes the first identifier and the system information; 

	verifying, by the server, the first token request by comparing the received first identifier and the received system information with the stored fingerprint and the stored first identifier; and

	in response to the verification:
		determining that the first token request was sent by the first client; and 
sending a token to the first client, 
wherein subsequent communications between the first client and the server are secured using the token.

	2.	(Canceled). 

			3.	(Currently Amended) The method of claim [[2]] 1, wherein the server is a security agent backend server, wherein the user interface is a security operations center (SOC) user interface, and wherein the first signal is received by the security agent backend server at least indirectly from security agent software operating on the first client device.

1, 
wherein the first information is received from the user interface subsequent to the user interface receiving at least one input from a security operations center (SOC) user specifying the one or more selected system attributes, and

wherein the first identifier is a unique identifier, and wherein the unique identifier pertains to a security agent operating on the first client device.


          5. – 8. (Canceled)

          9. (Currently Amended) The method of claim [[8]] 1, further comprising:
receiving at the server a token renewal request signal after an expiration of a time limit associated with the first token, following the receipt by the first client device of the first token.

         10.  (Currently Amended) The method of claim 9, further comprising: after the token renewal 
	request signal is received, 
determining whether a change has occurred with respect to the system information pertaining to the first client device, such that matching portion[[s]] or the fingerprint 

when it is determined that the change has occurred such that either the matching portion[[s]] or the fingerprint is 
generating a second identifier pertaining to the first client device at least indirectly in response to extracting additional that match the stored first information[[,]]; 
generating and sending, for receipt by the first client device, a second token, in response to the receiving of a second token request signal, and 
linking the second identifier with the first identifier.

12.	(Currently Amended) The method of claim 10 wherein, [[if]] when it is determined that the change has not occurred, [[then]] the first token is renewed.

13.	(Currently Amended) The method of claim [[8]] 1, further comprising:
receiving, at the server, an additional signal concerning an instruction to replace the one  or more selected system attributes with one or more modified selected system attributes; 
receiving at the server a token renewal request signal after an expiration of a time limit associated with the first token,
extracting additional 
generating a second identifier pertaining to the first client device at least indirectly based upon the extracted additional 
linking the second identifier with the first identifier.

14. – 20.	(Canceled). 
A system comprising: 
one or more processors; 
one or more machine-readable, non-transitory storage mediums that 
include instructions configured to cause the one or more processors to perform operations including: 

providing, by a server, a user interface comprising a list of selectable system attributes of a first client device that includes: 
a basic input/output system universal unique identifier (biosUuid) attribute;
an operating system product identification number (osProductId) attribute;
a system serial number;
a hard disk serial number; 
a media access control (MAC) address; 
an internet protocol (IP) address; and
a hostname;

rendering the list of selectable system attributes on the user interface;

receiving, from a second device via the user interface, a selection of at least three of the selectable system attributes to generate first information including respective values corresponding to the at least three of the selectable system attributes that correspond to the first client device, 

wherein the at least three of the selected system attributes includes:
the biosUuid; 
the osProductId; and
at least one of:
the system serial number; 
the hard disk serial number;  
the MAC address;
the IP address; or
the hostname;

storing, at the server, the first information;

receiving, at the server, a first signal requesting that a first client device be registered, the first signal including system information corresponding to the first client device; 

	determining a fingerprint of the first client device based on a matching of at least a portion of the system information with the stored first information;

	generating a first identifier corresponding to the first client device based at least in part on the portion of the system information that matched the stored first information; 

	storing, by the server, the fingerprint and corresponding first identifier;

	sending, by the server, the first identifier to the first client device; 

	receiving, by the server, a first token request that includes the first identifier and the system information; 

	verifying, by the server, the first token request by comparing the received first identifier and the received system information with the stored fingerprint and the stored first identifier; and
	in response to the verification:
		determining that the first token request was sent by the first client; and 
sending a token to the first client, 
wherein subsequent communications between the first client and the server are secured using the token.


22.  (New)  The system of claim 21, wherein the server is a security agent backend server, wherein the user interface is a security operations center (SOC) user interface, and wherein the first signal is received by the security agent backend server at least indirectly from security agent software operating on the first client device.

23. (New)	 The system of claim 21, wherein the first information is received from the user interface subsequent to the user interface receiving at least one input from a security operations center (SOC) user specifying the one or more selected system attributes, and wherein the first identifier is a unique identifier, and wherein the unique identifier pertains to a security agent operating on the first client device.

24.  (New) The system of claim 21 wherein the instructions are further configured to cause the one or more processors to perform operations including:
receiving at the server a token renewal request signal after an expiration of a time limit associated with the first token, following the receipt by the first client device of the first token.


The system of claim 24 wherein the instructions are further configured to cause the one or more processors to perform operations including:
after the token renewal request signal is received, determining whether a change has
occurred with respect to the system information pertaining to the first client device, such that either the matching portion or the fingerprint is no longer consistent with the changed system information.

26.	(New)  The system of claim 24 wherein when it is determined that the change has occurred such that either the matching portion or the fingerprint is no longer consistent with the changed system information, the instructions are further configured to cause the one or more processors to perform operations including:
generating a second identifier pertaining to the first client device at least indirectly in response to extracting additional portions of the changed system information that match the stored first information; 

generating and sending, for receipt by the first client device, a second token, in 
response to the receiving of a second token request signal, and 

linking the second identifier with the first identifier.


A non-transitory computer-program product tangibly embodied in a 
machine-readable non-transitory storage medium that includes instructions configured to cause one or more processors to perform operations including:
providing, by a server, a user interface comprising a list of selectable system attributes of a first client device that includes: 
a basic input/output system universal unique identifier (biosUuid) attribute;
an operating system product identification number (osProductId) attribute;
a system serial number;
a hard disk serial number; 
a media access control (MAC) address; 
an internet protocol (IP) address; and
a hostname;

rendering the list of selectable system attributes on the user interface;

receiving, from a second device via the user interface, a selection of at least three of the selectable system attributes to generate first information including respective values corresponding to the at least three of the selectable system attributes that correspond to the first client device, 

wherein the at least three of the selected system attributes includes:
the biosUuid; 
the osProductId; and
at least one of:
the system serial number; 
the hard disk serial number;  
the MAC address;
the IP address; or
the hostname;
storing, at the server, the first information;

receiving, at the server, a first signal requesting that a first client device be registered, the first signal including system information corresponding to the first client device; 

	determining a fingerprint of the first client device based on a matching of at least a portion of the system information with the stored first information;

	generating a first identifier corresponding to the first client device based at least in part on the portion of the system information that matched the stored first information; 

	storing, by the server, the fingerprint and corresponding first identifier;

	sending, by the server, the first identifier to the first client device; 

	receiving, by the server, a first token request that includes the first identifier and the system information; 

	verifying, by the server, the first token request by comparing the received first identifier and the received system information with the stored fingerprint and the stored first identifier; and
	in response to the verification:
		determining that the first token request was sent by the first client; and 

sending a token to the first client, 

wherein subsequent communications between the first client and the server are secured using the token.

The computer program product of claim 27, wherein the server is a security agent backend server, wherein the user interface is a security operations center (SOC) user interface, and wherein the first signal is received by the security agent backend server at least indirectly from security agent software operating on the first client device.

29. (New)	 The computer program product of claim 27, wherein the first information is received from the user interface subsequent to the user interface receiving at least one input from a security operations center (SOC) user specifying the one or more selected system attributes, and
wherein the first identifier is a unique identifier, and wherein the unique identifier pertains to a security agent operating on the first client device.

30. (New)  The computer program product of claim 27 wherein the instructions are further configured to cause the one or more processors to perform operations including:
receiving at the server a token renewal request signal after an expiration of a time limit associated with the first token, following the receipt by the first client device of the first token.

31. (New) The computer program product of claim 27 wherein the instructions are further configured to cause the one or more processors to perform operations including:
after the token renewal request signal is received, determining whether a change has 
occurred with respect to the system information pertaining to the first client device, such that either the matching portion or the fingerprint is longer consistent with the changed system information.


Allowable Subject Matter
Claim 1, 3, 4, 9-13 and 21-31 allowed.
The following is an examiner’s statement of reasons for allowance: 
The closest art include:
	Kumar et al (US 9503452) teaches a  token generation process based on device attribute verification  as 
shown in  Fig 3A
Li (US 10,499,246) teaches a user interface to allow a user to configure a device profile including a 
hardware identifier. see  Column 4 line 9-15 and  Column 7 lines 35-42
	Etchegoyen (US 2010/0333213 ) teaches in [0039] that a device fingerprint may be determined using a 
virtual machine specification including virtual BIOS
	Molinet et al (US 2016/0142858) teaches in [0017 ] that a unique fingerprint may be generated using an 
operating system provided identifier
With respect to claim 1, the prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
providing, by a server, a user interface comprising a list of selectable system attributes of a 
first client device that includes: 
a basic input/output system universal unique identifier (biosUuid) attribute;
an operating system product identification number (osProductId) attribute;
a system serial number;
a hard disk serial number; 
a media access control (MAC) address; 
an internet protocol (IP) address; and
a hostname;

receiving, from a second device via the user interface, a selection of at least three of the  
selectable system attributes to generate first information including respective values corresponding to the at least three of the selectable system attributes that correspond to the first client device, wherein the at least three of the selected system attributes includes:
the biosUuid; 
the osProductId; and
at least one of:
the system serial number; 
the hard disk serial number;  
the MAC address;
the IP address; or
the hostname;
receiving, at the server, a first signal requesting that a first client device be registered, the first signal including system information corresponding to the first client device; 

generating a first identifier corresponding to the first client device based at least in part on the portion of the system information that matched with the stored first information; 

receiving, by the server, a first token request that includes the first identifier and the system information; 

verifying, by the server, the first token request by comparing the received first identifier and the received system information with the stored fingerprint and the stored first identifier;

With respect to claim 21, the prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
providing, by a server, a user interface comprising a list of selectable system attributes of a 
first client device that includes: 
a basic input/output system universal unique identifier (biosUuid) attribute;
an operating system product identification number (osProductId) attribute;
a system serial number;
a hard disk serial number; 
a media access control (MAC) address; 
an internet protocol (IP) address; and
a hostname;

receiving, from a second device via the user interface, a selection of at least three of the  
selectable system attributes to generate first information including respective values corresponding to the at least three of the selectable system attributes that correspond to the first client device, wherein the at least three of the selected system attributes includes:
the biosUuid; 
the osProductId; and
at least one of:
the system serial number; 
the hard disk serial number;  
the MAC address;
the IP address; or
the hostname;
receiving, at the server, a first signal requesting that a first client device be registered, the first signal including system information corresponding to the first client device; 

generating a first identifier corresponding to the first client device based at least in part on the portion of the system information that matched with the stored first information; 

receiving, by the server, a first token request that includes the first identifier and the system information; 

verifying, by the server, the first token request by comparing the received first identifier and the received system information with the stored fingerprint and the stored first identifier;

With respect to claim 27, the prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
providing, by a server, a user interface comprising a list of selectable system attributes of a 
first client device that includes: 
a basic input/output system universal unique identifier (biosUuid) attribute;
an operating system product identification number (osProductId) attribute;
a system serial number;
a hard disk serial number; 
a media access control (MAC) address; 
an internet protocol (IP) address; and
a hostname;

receiving, from a second device via the user interface, a selection of at least three of the  
selectable system attributes to generate first information including respective values corresponding to the at least three of the selectable system attributes that correspond to the first client device, wherein the at least three of the selected system attributes includes:
the biosUuid; 
the osProductId; and
at least one of:
the system serial number; 
the hard disk serial number;  
the MAC address;
the IP address; or
the hostname;
receiving, at the server, a first signal requesting that a first client device be registered, the first signal including system information corresponding to the first client device; 

generating a first identifier corresponding to the first client device based at least in part on the portion of the system information that matched with the stored first information; 

receiving, by the server, a first token request that includes the first identifier and the system information; 

verifying, by the server, the first token request by comparing the received first identifier and the received system information with the stored fingerprint and the stored first identifier;

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RICHARD A MCCOY/Examiner, Art Unit 2431