Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detailed Action
This office action is responsive to communication filed on 09/23/2020. Claims 1 - 20
have been examined.



Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
Determining the scope and contents of the prior art.


Ascertaining the differences between the prior art and the claims at issue.

Resolving the level of ordinary skill in the pertinent art.

Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3 - 4, 6 - 7, 9, 11 - 12, 14 - 15, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Delker et al. (US8341717B1) hereinafter Delker in view of McGrew et al. (US20170374090A1) hereinafter McGrew further in view of Boyle et al. (US20200074571A1) hereinafter Boyle, and further in view of Jacobson (US20130276055A1) hereinafter Jacobson.

As per claim 1. A method comprising: receiving, at a device classification service, (Delker, col1 lines60-63 teaches a method of dynamically assigning network policies based on device classification is provided, the method comprises receiving a message from an access device, the message containing a device identity certificate, wherein the device identity certificate comprises the device classification).
data indicative of network traffic policies assigned to a plurality of device types; (Delker, col1 lines42-45 teaches the system comprises an at least one computer system, a configuration database, and a dynamic network policies application based on device classification).
associating, by the device classification service, measures of policy restrictiveness with the device types, (Delker, col3 lines20-29 teaches a server on the network uses the device classification and other information in the digital certificate to locate a policy to apply to the device that may allow the device access to the requested services, the digital certificate may also include additional information, for example an identity of the device manufacturer).
based on the received data indicative of the network traffic policies assigned to the plurality of device types; (Delker, col3 lines45-50 teaches network policies may be developed for each class of devices. Network policies group the network services required by each type of device. Network policies may be enforced by causing devices falling within a defined class to join virtual local area networks used only by devices in that class).
wherein the misclassification costs are determined, the measure of policy restrictiveness associated with the first device type and the measure of policy restrictiveness associated with the second device type (Delker, col11 lines14-30 teaches In the method 300, the user of the service requester device 150 may choose to activate the software or hardware functionality of the service requester device 150 that requires it to reclassify [the misclassification costs are determined based at least in part on] as a different device by submitting a second device identity certificate 158. The service requester device 150 terminates its association with the virtual local area network established at block 308. The initial preliminary step of port-based authentication may also have to be completed by the supplicant component 152 and the authenticator component 132 for the port on the access device 130 to be reopened. At block 312 the supplicant component 152 of the service requester device 150 submits the second device identity certificate 158 to initiate the process of reclassifying as a different device and receiving the network services associated with the second device classification[the measure of policy restrictiveness associated with the first device type is greater than the measure of policy restrictiveness associated with the second device type]).
          Delker however does not explicitly discloses determining, by the device classification service, misclassification costs associated with a machine learning-based 
          McGrew however disclose determining, by the device classification service, misclassification costs associated with a machine learning-based device type classifier of the service misclassifying an endpoint device of (McGrew, para0033 teaches classifier process 244 may employ any number of machine learning techniques, to classify the gathered traffic data. In general, machine learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., traffic data regarding traffic in the network) and recognize complex patterns in the input data. For example, some machine learning techniques use an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data).
and adjusting, by the device classification service, the machine learning-based device type classifier to account for the determined misclassification costs. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).

          Delker and McGrew do not explicitly disclose misclassifying an endpoint device of a first device type as a second device type; and determining, by a device classification service, misclassification costs associated with the misclassification.
          Boyle however discloses misclassifying an endpoint device of a first device type as a second device type. (Boyle, par0102 teaches meter misclassification detector 622 searches water utility meter and/or water utility billing data, and in certain embodiments of the present arrangements, external data, that is located on data storage device B 634, for water meters matching a set of predefined criteria that indicate that a meter may have been misclassified. Such predefined criteria include a “minimum percentile threshold” (i.e., a percentile threshold above which a water utility meter is deemed to have been misclassified). One example of a water meter that has been misclassified is a commercial water meter [a first device type] that has been incorrectly classified as a residential water meter[as a second device type]) ; 
(Boyle, par0155, 0157,  identifying the location address of one or more of the utility anomalies, a certainty score associated with one or more of the utility anomalies { misclassification }, then provide and estimate of how much cost savings a customer and/or a water utility company can save and/or earn if the water utility meter anomaly would no longer be deemed an anomaly by systems).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of misclassifying an endpoint device of a first device type as a second device type; and determining, by a device classification service, misclassification costs associated with the misclassification, as taught by Boyle in the system of Delker and McGrew, so a byproduct of providing water to their customers, multiple data streams are generated, collected, and/or otherwise available to the water utility companies, see Boyle para0004.
          Delker, McGrew and Boyle do not explicitly disclose are determined by computing a difference between the measure of policy restrictiveness associated.
          Jacobson however discloses are determined by computing a difference between the measure of policy restrictiveness associated. (Jacobson, Fig.36, par0145-0147 teaches the network compliance action undertaken is based on the severity of the network policy compliance violation; i.e., the difference between [computing a difference between] the baseline network policy compliance value and the user policy compliance value [measure of policy restrictiveness]. Upon recording the difference between the baseline network policy compliance value and the user policy compliance value, policy compliance and reporting module 115 records this information in network security policy database 506 and undertakes the appropriate network compliance action). 
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of are determined by computing a difference between the measure of policy restrictiveness associated, as taught by Jacobson in the system of Delker, McGrew and Boyle, so a network communications software program can offer an automated system with robust policy compliance assistance, policy effectiveness monitoring and reporting, to assist policy enforcement officers with proper policy enforcement procedure, and methods to measure policy effectiveness, appropriateness, user system activity and compliance, see Jacobson para0017.

As per claim 3, the combination of Delker, McGrew, Boyle and Jacobson disclose the system according to claim 1.
          Delker further discloses wherein the device classification service receives (Delker, col1 lines60-63 teaches a method of dynamically assigning network policies based on device classification is provided, the method comprises receiving a message from an access device).
the method further comprising: identifying, by the device classification service, one of the network traffic policies as not being implemented in one of the networks for one of the device types; (Delker, col7 line60 - col8 line4 teaches The gateway device 140 also may concurrently provide access to the Internet 192 to other devices on the network 190 unrelated to the service requester device 150 and unrelated to security levels and network traffic in connection with the virtual local area network instantiated for the service requester device 150. The gateway device 140 also may concurrently provide access to the Internet 192 to devices that are not components of the system 100. The gateway device 140 has functionality to segregate network traffic intended for the service requester device 150 on a virtual local area network from other traffic originating from the Internet 192 or elsewhere).
and sending, by the device classification service, (Delker, col1 lines48-55 teaches The application parses the device identity certificate to discover a device classification, references the configuration database to determine a network policy associated with the device classification, and associates the network policy with a virtual local area network definition. The application also sends a reply containing the virtual local area network definition to the virtual local area network access component in response to the request).
data regarding the identified traffic policy to a user interface associated with the network in which the identified traffic policy is not implemented. (Delker, col3 lines45-50 teaches network policies may be developed for each class of devices. Network policies group the network services required by each type of device. Network policies may be enforced by causing devices falling within a defined class to join virtual local area networks used only by devices in that class).
          Delker does not explicitly discloses the data indicative of the network traffic policies from a plurality of networks.
          McGrew however discloses the data indicative of the network traffic policies from a plurality of networks. (McGrew, FIG. 1B, para0024 - 0025. Para0025 teaches servers 152-154 may include, in various embodiments, a network management server (NMS), a dynamic host configuration protocol (DHCP) server, a constrained application protocol (CoAP) server, an outage management system (OMS), an application policy infrastructure controller (APIC), an application server, etc. As would be appreciated, network 100 may include any number of local networks, data centers, cloud environments, devices/nodes, servers, etc).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of the data indicative of the network traffic policies from a plurality of networks, as taught by McGrew in the system of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.

As per claim 4, the combination of Delker, McGrew, Boyle and Jacobson disclose the system according to claim 1.
          Delker does not explicitly discloses wherein adjusting the device type classifier to account for the determined misclassification costs comprises: applying a supervised discriminative algorithm to the device type classifier based in part on the determined misclassification costs.
          McGrew however disclose wherein adjusting the device type classifier to account for the determined misclassification costs (McGrew, para0033 teaches classifier process 244 may employ any number of machine learning techniques, to classify the gathered traffic data. In general, machine learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., traffic data regarding traffic in the network) and recognize complex patterns in the input data. For example, some machine learning techniques use an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data).
comprises: applying a supervised discriminative algorithm to the device type classifier based in part on the determined misclassification costs. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein adjusting the device type classifier to account for the determined misclassification costs comprises: applying a supervised discriminative algorithm to the device type classifier based in part on the determined misclassification costs, as taught by McGrew in the system of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.

As per claim 6, the combination of Delker, McGrew, Boyle and Jacobson disclose the system according to claim 1.
          Delker further discloses associating, by the device classification service, measures of criticality with 3 endpoint devices to which the network traffic policies were applied. (Delker, col8 lines29-41 and col10 lines29-63. Col8 lines29-41 teaches the service requester device 150 may be any electronic device that requests services on a network, whether that electronic device is functioning [criticality] primarily in a client role, such as a desktop computer, in a server role, such as a file server or database server, or other role, such as a printer or router. Col10 lines29-63 teaches at block 210, the policy/network matching component 114 matches the network policy found at block 208 corresponding to device classification with a virtual local area network in which the service requester device 150 will be placed. When the service requester device 150 is of a classification that has an established and continuing virtual local area network for all service requester devices 150 of that classification, that specific virtual local area network will be identified. File servers, web servers, printers, and cameras are examples of service requester devices 150 [first device] that may fall within this classification. When the service requester device 150 is of a classification that receives a dynamically created virtual local area network with one virtual local area network created per individual service requester device 150, the policy/network matching component 114 will draw from the dynamic virtual local area network pool 126 the tagging and internet protocol information necessary to dynamically create a virtual local area network for the service requester device 150. Computers, personal digital assistants, and media players are examples of service requester devices 150 [second device], 160 that fall within this classification. At block 210, the established virtual local area network is either identified for the service requester device 150 or a new virtual local area network is dynamically created for the service requester device 150. With dynamically created virtual local area networks, the policies for a specific virtual local area network may still at least in part be based on device classification.
At block 212, the service requester device 150 is associated with the virtual local area network identified or dynamically created for the service requester device 150 at block 210. At block 214, the authentication server 102 sends a message to the access device 130 directing that the service requester device 150 be notified that the service requester device 150 has been associated with a specific virtual local area network and may access network services associated with the virtual local area network. 
Turning now to FIG. 3, a method 300 for a service requester device 150 to submit a second device identity certificate 158 with a different device classification, reclassify in the system 100 as the different type of device, and receive different services is provided. The second device identity certificate 158 is subjected to a validation and parsing process similar to the process performed on the device identity certificate 154. The service requester device 150 [third device] is then associated with the different network policy and virtual local area network requested and begins receiving network services associated with the reclassification.

As per claim 7, the combination of Delker, McGrew, Boyle and Jacobson disclose the system according to claim 6.

          McGrew however disclose wherein the misclassification costs are determined based further on the measures of criticality associated with the endpoint devices. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0072 teaches the reputation score(s) [criticality] of the user, host, server, etc. combined with the output of the machine learning classifier).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the misclassification costs are determined based further on the measures of criticality associated with the endpoint devices, as taught by McGrew in the system of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.

As per claim 9. An apparatus, comprising: one or more network interfaces to communicate with a network; (Delker, col7 lines52-54  teaches the gateway device 140 provides connection to the Internet 192 for devices on the network 190 through a secure network port or ports on the gateway device 140).
a processor coupled to the network interfaces and configured to execute one or more processes; (Delker, col15 line65 - col16 line3 teaches the computer system 780 includes a processor 782 (which may be referred to as a central processor unit or CPU) that is in communication with memory devices including secondary storage 784, read only memory (ROM) 786, random access memory (RAM) 788, input/output (I/O) devices 790, and network connectivity devices 792).
and a memory configured to store a process executable by the processor, the process when executed configured to: (Delker, col16 lines61-66 teaches the processor 782 executes instructions, codes, computer programs, scripts which it accesses from hard disk, floppy disk, optical disk (these various disk based systems may all be considered secondary storage 784), ROM 786, RAM 788, or the network connectivity devices 792).
receive data indicative of network traffic policies assigned to a plurality of device types; (Delker, col1 lines42-45 teaches the system comprises an at least one computer system, a configuration database, and a dynamic network policies application based on device classification).
associate measures of policy restrictiveness with the device types, (Delker, col3 lines20-29 teaches a server on the network uses the device classification and other information in the digital certificate to locate a policy to apply to the device that may allow the device access to the requested services, the digital certificate may also include additional information, for example an identity of the device manufacturer).
(Delker, col3 lines45-50 teaches network policies may be developed for each class of devices. Network policies group the network services required by each type of device. Network policies may be enforced by causing devices falling within a defined class to join virtual local area networks used only by devices in that class).
wherein the misclassification costs are determined, the measure of policy restrictiveness associated with the first device type and the measure of policy restrictiveness associated with the second device type (Delker, col11 lines14-30 teaches In the method 300, the user of the service requester device 150 may choose to activate the software or hardware functionality of the service requester device 150 that requires it to reclassify [the misclassification costs are determined based at least in part on] as a different device by submitting a second device identity certificate 158. The service requester device 150 terminates its association with the virtual local area network established at block 308. The initial preliminary step of port-based authentication may also have to be completed by the supplicant component 152 and the authenticator component 132 for the port on the access device 130 to be reopened. At block 312 the supplicant component 152 of the service requester device 150 submits the second device identity certificate 158 to initiate the process of reclassifying as a different device and receiving the network services associated with the second device classification[the measure of policy restrictiveness associated with the first device type is greater than the measure of policy restrictiveness associated with the second device type]).

          McGrew however disclose determine misclassification costs associated with a machine learning- based device type classifier misclassifying an endpoint device of; (McGrew, para0033 teaches classifier process 244 may employ any number of machine learning techniques, to classify the gathered traffic data. In general, machine learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., traffic data regarding traffic in the network) and recognize complex patterns in the input data. For example, some machine learning techniques use an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data).
and adjust the machine learning-based device type classifier to account for the determined misclassification costs. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).

          Delker and McGrew do not explicitly disclose misclassifying an endpoint device of a first device type as a second device type; and determining, by a device classification service, misclassification costs associated with the misclassification.
          Boyle however discloses misclassifying an endpoint device of a first device type as a second device type. (Boyle, par0102 teaches meter misclassification detector 622 searches water utility meter and/or water utility billing data, and in certain embodiments of the present arrangements, external data, that is located on data storage device B 634, for water meters matching a set of predefined criteria that indicate that a meter may have been misclassified. Such predefined criteria include a “minimum percentile threshold” (i.e., a percentile threshold above which a water utility meter is deemed to have been misclassified). One example of a water meter that has been misclassified is a commercial water meter [a first device type] that has been incorrectly classified as a residential water meter[as a second device type]) ; 
(Boyle, par0155, 0157,  identifying the location address of one or more of the utility anomalies, a certainty score associated with one or more of the utility anomalies { misclassification }, then provide and estimate of how much cost savings a customer and/or a water utility company can save and/or earn if the water utility meter anomaly would no longer be deemed an anomaly by systems).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of misclassifying an endpoint device of a first device type as a second device type; and determining, by a device classification service, misclassification costs associated with the misclassification, as taught by Boyle in the apparatus of Delker and McGrew, so a byproduct of providing water to their customers, multiple data streams are generated, collected, and/or otherwise available to the water utility companies, see Boyle para0004.
          Delker, McGrew and Boyle do not explicitly disclose are determined by computing a difference between the measure of policy restrictiveness associated.
          Jacobson however discloses are determined by computing a difference between the measure of policy restrictiveness associated. (Jacobson, Fig.36, par0145-0147 teaches the network compliance action undertaken is based on the severity of the network policy compliance violation; i.e., the difference between [computing a difference between] the baseline network policy compliance value and the user policy compliance value [measure of policy restrictiveness]. Upon recording the difference between the baseline network policy compliance value and the user policy compliance value, policy compliance and reporting module 115 records this information in network security policy database 506 and undertakes the appropriate network compliance action). 
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of are determined by computing a difference between the measure of policy restrictiveness associated, as taught by Jacobson in the apparatus of Delker, McGrew and Boyle, so a network communications software program can offer an automated system with robust policy compliance assistance, policy effectiveness monitoring and reporting, to assist policy enforcement officers with proper policy enforcement procedure, and methods to measure policy effectiveness, appropriateness, user system activity and compliance, see Jacobson para0017.

As per claim 11, the combination of Delker, McGrew, Boyle and Jacobson disclose an apparatus according to claim 9.
          Delker further discloses wherein the apparatus receives (Delker, col1 lines60-63 teaches a method of dynamically assigning network policies based on device classification is provided, the method comprises receiving a message from an access device).
wherein the process when executed is further configured to: identify one of the network traffic policies as not being implemented in one of the networks for one of the device types; (Delker, col7 line60 - col8 line4 teaches The gateway device 140 also may concurrently provide access to the Internet 192 to other devices on the network 190 unrelated to the service requester device 150 and unrelated to security levels and network traffic in connection with the virtual local area network instantiated for the service requester device 150. The gateway device 140 also may concurrently provide access to the Internet 192 to devices that are not components of the system 100. The gateway device 140 has functionality to segregate network traffic intended for the service requester device 150 on a virtual local area network from other traffic originating from the Internet 192 or elsewhere).
send data (Delker, col1 lines48-55 teaches The application parses the device identity certificate to discover a device classification, references the configuration database to determine a network policy associated with the device classification, and associates the network policy with a virtual local area network definition. The application also sends a reply containing the virtual local area network definition to the virtual local area network access component in response to the request).
regarding the identified traffic policy to a user interface associated with the network in which the identified traffic policy is not implemented. (Delker, col3 lines45-50 teaches network policies may be developed for each class of devices. Network policies group the network services required by each type of device. Network policies may be enforced by causing devices falling within a defined class to join virtual local area networks used only by devices in that class).
          Delker does not explicitly discloses the data indicative of the network traffic policies from a plurality of networks.
          McGrew however discloses the data indicative of the network traffic policies from a plurality of networks. (McGrew, FIG. 1B, para0024 - 0025. Para0025 teaches servers 152-154 may include, in various embodiments, a network management server (NMS), a dynamic host configuration protocol (DHCP) server, a constrained application protocol (CoAP) server, an outage management system (OMS), an application policy infrastructure controller (APIC), an application server, etc. As would be appreciated, network 100 may include any number of local networks, data centers, cloud environments, devices/nodes, servers, etc).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of the data indicative of the network traffic policies from a plurality of networks, as taught by McGrew in the apparatus of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.

As per claim 12, the combination of Delker, McGrew, Boyle and Jacobson disclose an apparatus according to claim 9.
          Delker does not explicitly discloses wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs by: selecting splits of decision trees in the classifier based in part on the determined misclassification costs.
          McGrew however disclose wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs by (McGrew, para0033 teaches classifier process 244 may employ any number of machine learning techniques, to classify the gathered traffic data. In general, machine learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., traffic data regarding traffic in the network) and recognize complex patterns in the input data. For example, some machine learning techniques use an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data).
selecting splits of decision trees in the classifier based in part on the determined misclassification costs. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points [splits of the decision tree]. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs by: selecting splits of decision trees in the classifier based in part on the determined misclassification costs, as taught by McGrew in the apparatus of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.

As per claim 14, the combination of Delker, McGrew, Boyle and Jacobson 
          Delker does not explicitly discloses wherein the process when executed is further configured to: associate measures of criticality with endpoint devices to which the network traffic policies were applied.
          McGrew however disclose wherein the process when executed is further configured to: associate measures of criticality with endpoint devices to which the network traffic policies were applied. (McGrew, para0069 teaches as shown in FIG. 5B, another factor that can be used to affect the storage priority is the concept of a reputation score [criticality]. In particular, traffic data 404 can be stored for later analysis not only based on the output of the machine learning classifier, but also on any reputation scores [criticality] associated with the corresponding user, host, and/or server involved in the traffic flow. In various embodiments, traffic data collector 406 or another device in communication therewith may calculate a reputation score based on static parameters. For example, traffic data collector 406 may use one or more reputation scores regarding a user profile, user group to which the user belongs, the role of the user in the company, the device type operated by user, the port(s) and/or address(es) of the traffic flow, an application associated with the traffic flow, a protocol used by the traffic flow, etc).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the process when executed is further configured to: associate measures of criticality with endpoint devices to which the network traffic policies were applied, as taught by McGrew in the apparatus of Delker, so capturing traffic characteristics 

As per claim 15, the combination of Delker, McGrew, Boyle and Jacobson disclose a system according to claim 14.
          Delker does not explicitly discloses disclose wherein the misclassification costs are determined based further on the measures of criticality associated with the endpoint devices.
          McGrew however disclose wherein the misclassification costs are determined based further on the measures of criticality associated with the endpoint devices. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0072 teaches the reputation score(s) [criticality] of the user, host, server, etc. combined with the output of the machine learning classifier).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of disclose wherein the misclassification costs are determined based further on the measures of criticality associated with the endpoint devices, as taught by McGrew in the 

As per claim 17. receiving, at the device classification service, (Delker, col1 lines60-63 teaches a method of dynamically assigning network policies based on device classification is provided, the method comprises receiving a message from an access device).
data indicative of network traffic policies assigned to a plurality of device types; (Delker, col1 lines42-45 teaches the system comprises an at least one computer system, a configuration database, and a dynamic network policies application based on device classification).
associating, by the device classification service, measures of policy restrictiveness with the device types, (Delker, col3 lines20-29 teaches a server on the network uses the device classification and other information in the digital certificate to locate a policy to apply to the device that may allow the device access to the requested services, the digital certificate may also include additional information, for example an identity of the device manufacturer).
based on the received data indicative of the network traffic policies assigned to the plurality of device types; (Delker, col3 lines45-50 teaches network policies may be developed for each class of devices. Network policies group the network services required by each type of device. Network policies may be enforced by causing devices falling within a defined class to join virtual local area networks used only by devices in that class).
wherein the misclassification costs are determined, the measure of policy restrictiveness associated with the first device type and the measure of policy restrictiveness associated with the second device type (Delker, col11 lines14-30 teaches In the method 300, the user of the service requester device 150 may choose to activate the software or hardware functionality of the service requester device 150 that requires it to reclassify [the misclassification costs are determined based at least in part on] as a different device by submitting a second device identity certificate 158. The service requester device 150 terminates its association with the virtual local area network established at block 308. The initial preliminary step of port-based authentication may also have to be completed by the supplicant component 152 and the authenticator component 132 for the port on the access device 130 to be reopened. At block 312 the supplicant component 152 of the service requester device 150 submits the second device identity certificate 158 to initiate the process of reclassifying as a different device and receiving the network services associated with the second device classification[the measure of policy restrictiveness associated with the first device type is greater than the measure of policy restrictiveness associated with the second device type]).
          Delker however does not explicitly discloses a tangible, non-transitory, computer-readable medium storing program instructions that cause device classification service to execute a process comprising: determining, by the device classification service, misclassification costs associated with a machine learning-based device type classifier 
          McGrew however discloses a tangible, non-transitory, computer-readable medium storing program instructions that cause device classification service to execute a process comprising: (McGrew, para0081 teaches software being stored on a tangible (non-transitory) computer-readable medium (e.g., disks/CDs/RAM/EEPROM/etc.) having program instructions executing on a computer, hardware, firmware, or a combination thereof).
determining, by the device classification service, misclassification costs associated with a machine learning-based device type classifier of the service misclassifying an endpoint device (McGrew, para0033 teaches classifier process 244 may employ any number of machine learning techniques, to classify the gathered traffic data. In general, machine learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., traffic data regarding traffic in the network) and recognize complex patterns in the input data. For example, some machine learning techniques use an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data).
and adjusting, by the device classification service, the machine learning-based device type classifier to account for the determined misclassification costs. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of a tangible, non-transitory, computer-readable medium storing program instructions that cause device classification service to execute a process comprising: determining, by the device classification service, misclassification costs associated with a machine learning-based device type classifier of the service misclassifying an endpoint device of; and adjusting, by the device classification service, the machine learning-based device type classifier to account for the determined misclassification costs, as taught by McGrew in the computer-readable medium of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.
          Delker and McGrew do not explicitly disclose misclassifying an endpoint device of a first device type as a second device type; and determining, by a device classification service, misclassification costs associated with the misclassification.
          Boyle however discloses misclassifying an endpoint device of a first device type as a second device type. (Boyle, par0102 teaches meter misclassification detector 622 searches water utility meter and/or water utility billing data, and in certain embodiments of the present arrangements, external data, that is located on data storage device B 634, for water meters matching a set of predefined criteria that indicate that a meter may have been misclassified. Such predefined criteria include a “minimum percentile threshold” (i.e., a percentile threshold above which a water utility meter is deemed to have been misclassified). One example of a water meter that has been misclassified is a commercial water meter [a first device type] that has been incorrectly classified as a residential water meter[as a second device type]) ; 
and determining, by a device classification service, misclassification costs associated with the misclassification. (Boyle, par0155, 0157,  identifying the location address of one or more of the utility anomalies, a certainty score associated with one or more of the utility anomalies { misclassification }, then provide and estimate of how much cost savings a customer and/or a water utility company can save and/or earn if the water utility meter anomaly would no longer be deemed an anomaly by systems).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of misclassifying an endpoint device of a first device type as a second device type; and determining, by a device classification service, misclassification costs associated with the misclassification, as taught by Boyle in the computer-readable medium of Delker and McGrew, so a byproduct of providing water to their customers, multiple data streams are generated, collected, and/or otherwise available to the water utility companies, see Boyle para0004.
          Delker, McGrew and Boyle do not explicitly disclose are determined by computing a difference between the measure of policy restrictiveness associated.
(Jacobson, Fig.36, par0145-0147 teaches the network compliance action undertaken is based on the severity of the network policy compliance violation; i.e., the difference between [computing a difference between] the baseline network policy compliance value and the user policy compliance value [measure of policy restrictiveness]. Upon recording the difference between the baseline network policy compliance value and the user policy compliance value, policy compliance and reporting module 115 records this information in network security policy database 506 and undertakes the appropriate network compliance action). 
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of are determined by computing a difference between the measure of policy restrictiveness associated, as taught by Jacobson in the computer-readable medium of Delker, McGrew and Boyle, so a network communications software program can offer an automated system with robust policy compliance assistance, policy effectiveness monitoring and reporting, to assist policy enforcement officers with proper policy enforcement procedure, and methods to measure policy effectiveness, appropriateness, user system activity and compliance, see Jacobson para0017.

As per claim 19, the combination of Delker, McGrew, Boyle and Jacobson disclose the computer-readable medium according to claim 17.
          Delker further discloses wherein the device classification service receives (Delker, col1 lines60-63 teaches a method of dynamically assigning network policies based on device classification is provided, the method comprises receiving a message from an access device).
wherein the process further comprises: identifying, by the device classification service, one of the network traffic policies as not being implemented in one of the networks for one of the device types; (Delker, col7 line60 - col8 line4 teaches The gateway device 140 also may concurrently provide access to the Internet 192 to other devices on the network 190 unrelated to the service requester device 150 and unrelated to security levels and network traffic in connection with the virtual local area network instantiated for the service requester device 150. The gateway device 140 also may concurrently provide access to the Internet 192 to devices that are not components of the system 100. The gateway device 140 has functionality to segregate network traffic intended for the service requester device 150 on a virtual local area network from other traffic originating from the Internet 192 or elsewhere).
and sending, by the device classification service, data (Delker, col1 lines48-55 teaches The application parses the device identity certificate to discover a device classification, references the configuration database to determine a network policy associated with the device classification, and associates the network policy with a virtual local area network definition. The application also sends a reply containing the virtual local area network definition to the virtual local area network access component in response to the request).
regarding the identified traffic policy to a user interface associated with the network in which the identified traffic policy is not implemented. (Delker, col3 lines45-50 teaches network policies may be developed for each class of devices. Network policies group the network services required by each type of device. Network policies may be enforced by causing devices falling within a defined class to join virtual local area networks used only by devices in that class).
          Delker does not explicitly discloses the data indicative of the network traffic policies from a plurality of networks.
          McGrew however discloses the data indicative of the network traffic policies from a plurality of networks. (McGrew, FIG. 1B, para0024 - 0025. Para0025 teaches servers 152-154 may include, in various embodiments, a network management server (NMS), a dynamic host configuration protocol (DHCP) server, a constrained application protocol (CoAP) server, an outage management system (OMS), an application policy infrastructure controller (APIC), an application server, etc. As would be appreciated, network 100 may include any number of local networks, data centers, cloud environments, devices/nodes, servers, etc).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of the data indicative of the network traffic policies from a plurality of networks, as taught by McGrew in the computer-readable medium of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.


Claims 2, 5, 10, 13, 18, and 20  are rejected under 35 U.S.C. 103 as being unpatentable over Delker in view of McGrew further in view of Boyle, further in view of  Jacobson, and further in view of Pietro et al. (US20180367428A1) hereinafter Pietro.

As per claim 2, the combination of Delker, McGrew, Boyle and Jacobson disclose a system according to claim 1.
          Delker further discloses and providing, by the device classification service, (Delker, col1 lines60-63 teaches a method of dynamically assigning network policies based on device classification is provided, the method comprises receiving a message from an access device).
an indication of the particular device type of the particular endpoint device to a networking device in the network, (Delker, col1 lines42-45 teaches the system comprises an at least one computer system, a configuration database, and a dynamic network policies application based on device classification).
wherein the networking device applies one of the network policies to the particular endpoint device based on the particular device type. (Delker, col3 lines20-29 teaches a server on the network uses the device classification and other information in the digital certificate to locate a policy to apply to the device that may allow the device access to the requested services, the digital certificate may also include additional information, for example an identity of the device manufacturer).
          The combination of Delker, McGrew, Boyle and Jacobson do not explicitly disclose classifying, by the device classification service, an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data 
          Pietro however discloses classifying, by the device classification service, an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data regarding network traffic associated with the particular endpoint device as input to the adjusted machine learning-based device type classifier; (Pietro, para0036, 0057 and 0101. Para0036 teaches in various embodiments, network assurance process 248 may also utilize machine learning techniques, to enforce policies and to monitor the health of the network. In general, machine learning is concerned with the design and the development of techniques that take as input empirical data (such as network statistics and performance indicators), and recognize complex patterns in these data. One very common pattern among machine learning techniques is the use of an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data. For instance, in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function would be the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization phase (or learning phase), the model M can be used very easily to classify new data points. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0057 teaches network assurance system 300 shown in FIG. 3, may gather collected data 334 from any number of network elements/data sources deployed in a monitored network, such as branch office 306 and/or campus 308. Such telemetry data regarding the monitored network may also be assessed by one or more machine learning-based processes of analyzer 312. However, particularly in the case of using collected telemetry data as input to a machine learning-based analyzer, the precision and cleanliness of the input data is vital to the proper operation of the analyzer. Para0101 teaches while certain embodiments are described herein with respect to using certain models for purposes of performance modeling and/or network analysis, the models are not limited as such and may be used for other functions, in other embodiments).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of classifying, by the device classification service, an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data regarding network traffic associated with the particular endpoint device as input to the adjusted machine learning-based device type classifier, as taught by Pietro in the system of Delker, McGrew, Boyle and Jacobson, so many network assurance systems rely on predefined rules to determine the health of the network, these rules can be used to trigger corrective measures and/or notify a network administrator as to the health of the network, see Pietro, para0002.

As per claim 5, the combination of Delker, McGrew, Boyle and Jacobson disclose a system according to claim 1.
          Delker does not explicitly discloses wherein adjusting the device type classifier to account for the determined misclassification costs comprises.
(McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein adjusting the device type classifier to account for the determined misclassification costs comprises, as taught by McGrew in the system of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.
          The combination of Delker, McGrew, Boyle and Jacobson do not explicitly disclose wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data, including, with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process.
(Pietro, para0036, 0057 and 0101. Para0036 teaches in various embodiments, network assurance process 248 may also utilize machine learning techniques, to enforce policies and to monitor the health of the network. In general, machine learning is concerned with the design and the development of techniques that take as input empirical data (such as network statistics and performance indicators), and recognize complex patterns in these data. One very common pattern among machine learning techniques is the use of an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data. For instance, in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function would be the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization phase (or learning phase), the model M can be used very easily to classify new data points. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0057 teaches network assurance system 300 shown in FIG. 3, may gather collected data 334 from any number of network elements/data sources deployed in a monitored network, such as branch office 306 and/or campus 308. Such telemetry data regarding the monitored network may also be assessed by one or more machine learning-based processes of analyzer 312. However, particularly in the case of using collected telemetry data as input to a machine learning-based analyzer, the precision and cleanliness of the input data is vital to the proper operation of the analyzer. Para0101 teaches while certain embodiments are described herein with respect to using certain models for purposes of performance modeling and/or network analysis, the models are not limited as such and may be used for other functions, in other embodiments).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data,  including, with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process, as taught by Pietro in the system of Delker, McGrew, Boyle and Jacobson, so many network assurance systems rely on predefined rules to determine the health of the network, these rules can be used to trigger corrective measures and/or notify a network administrator as to the health of the network, see Pietro, para0002.

As per claim 10, the combination of Delker, McGrew, Boyle and Jacobson disclose an apparatus according to claim 9.
          Delker further discloses provide an indication of the particular device type of the particular endpoint device to a networking device in the network, (Delker, col1 lines42-45 teaches the system comprises an at least one computer system, a configuration database, and a dynamic network policies application based on device classification).
(Delker, col3 lines20-29 teaches a server on the network uses the device classification and other information in the digital certificate to locate a policy to apply to the device that may allow the device access to the requested services, the digital certificate may also include additional information, for example an identity of the device manufacturer).
          The combination of Delker, McGrew, Boyle and Jacobson do not explicitly disclose wherein the process when executed is further configured to: classify an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data regarding network traffic associated with the particular endpoint device as input to the adjusted machine learning-based device type classifier.
          Pietro however discloses wherein the process when executed is further configured to: classify an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data regarding network traffic associated with the particular endpoint device as input to the adjusted machine learning-based device type classifier. (Pietro, para0036, 0057 and 0101. Para0036 teaches in various embodiments, network assurance process 248 may also utilize machine learning techniques, to enforce policies and to monitor the health of the network. In general, machine learning is concerned with the design and the development of techniques that take as input empirical data (such as network statistics and performance indicators), and recognize complex patterns in these data. One very common pattern among machine learning techniques is the use of an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data. For instance, in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function would be the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization phase (or learning phase), the model M can be used very easily to classify new data points. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0057 teaches network assurance system 300 shown in FIG. 3, may gather collected data 334 from any number of network elements/data sources deployed in a monitored network, such as branch office 306 and/or campus 308. Such telemetry data regarding the monitored network may also be assessed by one or more machine learning-based processes of analyzer 312. However, particularly in the case of using collected telemetry data as input to a machine learning-based analyzer, the precision and cleanliness of the input data is vital to the proper operation of the analyzer. Para0101 teaches while certain embodiments are described herein with respect to using certain models for purposes of performance modeling and/or network analysis, the models are not limited as such and may be used for other functions, in other embodiments).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the process when executed is further configured to: classify an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data regarding network traffic associated with the particular endpoint device as input to the adjusted machine learning-based device type classifier, as taught by Pietro in the 

As per claim 13, the combination of Delker, McGrew, Boyle and Jacobson disclose an apparatus according to claim 9.
          Delker does not explicitly discloses wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs by.
          McGrew however disclose wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs by. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs by, as taught by McGrew in the apparatus of Delker, so capturing 
          The combination of Delker, McGrew, Boyle and Jacobson does not explicitly disclose wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data, including, with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process.
          Pietro however discloses wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data, including, with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process. (Pietro, para0036, 0057 and 0101. Para0036 teaches in various embodiments, network assurance process 248 may also utilize machine learning techniques, to enforce policies and to monitor the health of the network. In general, machine learning is concerned with the design and the development of techniques that take as input empirical data (such as network statistics and performance indicators), and recognize complex patterns in these data. One very common pattern among machine learning techniques is the use of an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data. For instance, in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function would be the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization phase (or learning phase), the model M can be used very easily to classify new data points. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0057 teaches network assurance system 300 shown in FIG. 3, may gather collected data 334 from any number of network elements/data sources deployed in a monitored network, such as branch office 306 and/or campus 308. Such telemetry data regarding the monitored network may also be assessed by one or more machine learning-based processes of analyzer 312. However, particularly in the case of using collected telemetry data as input to a machine learning-based analyzer, the precision and cleanliness of the input data is vital to the proper operation of the analyzer. Para0101 teaches while certain embodiments are described herein with respect to using certain models for purposes of performance modeling and/or network analysis, the models are not limited as such and may be used for other functions, in other embodiments).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data, including, with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process, as taught by Pietro in the apparatus of Delker, McGrew, Boyle and Jacobson, so many network assurance systems rely on predefined rules to determine the health of the network, these rules can 

As per claim 18, the combination of Delker, McGrew, Boyle and Jacobson disclose the computer-readable medium according to claim 17.
          Delker further discloses providing, by the device classification service, an indication of the particular device type of the particular endpoint device to a networking device in the network (Delker, col1 lines42-45 teaches the system comprises an at least one computer system, a configuration database, and a dynamic network policies application based on device classification).
wherein the networking device applies one of the network policies to the particular endpoint device based on the particular device type. (Delker, col3 lines20-29 teaches a server on the network uses the device classification and other information in the digital certificate to locate a policy to apply to the device that may allow the device access to the requested services, the digital certificate may also include additional information, for example an identity of the device manufacturer).
          The combination of Delker, McGrew, Boyle and Jacobson do not explicitly disclose wherein the process further comprises: classifying, by the device classification service, an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data regarding network traffic associated with the particular endpoint device as input to the adjusted machine learning-based device type classifier.
          Pietro however discloses wherein the process further comprises: classifying, by the device classification service, an endpoint device in a network with a particular one of (Pietro, para0036, 0057 and 0101. Para0036 teaches in various embodiments, network assurance process 248 may also utilize machine learning techniques, to enforce policies and to monitor the health of the network. In general, machine learning is concerned with the design and the development of techniques that take as input empirical data (such as network statistics and performance indicators), and recognize complex patterns in these data. One very common pattern among machine learning techniques is the use of an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data. For instance, in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function would be the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization phase (or learning phase), the model M can be used very easily to classify new data points. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0057 teaches network assurance system 300 shown in FIG. 3, may gather collected data 334 from any number of network elements/data sources deployed in a monitored network, such as branch office 306 and/or campus 308. Such telemetry data regarding the monitored network may also be assessed by one or more machine learning-based processes of analyzer 312. However, particularly in the case of using collected telemetry data as input to a machine learning-based analyzer, the precision and cleanliness of the input data is vital to the proper operation of the analyzer. Para0101 teaches while certain embodiments are described herein with respect to using certain models for purposes of performance modeling and/or network analysis, the models are not limited as such and may be used for other functions, in other embodiments).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the process further comprises: classifying, by the device classification service, an endpoint device in a network with a particular one of the plurality of device types, using traffic telemetry data regarding network traffic associated with the particular endpoint device as input to the adjusted machine learning-based device type classifier, as taught by Pietro in the computer-readable medium of Delker, McGrew, Boyle and Jacobson, so many network assurance systems rely on predefined rules to determine the health of the network, these rules can be used to trigger corrective measures and/or notify a network administrator as to the health of the network, see Pietro, para0002.

As per claim 20, the combination of Delker, McGrew, Boyle and Jacobson disclose the computer-readable medium according to claim 17.
          Delker however does not explicitly discloses wherein adjusting the device type classifier to account for the determined misclassification costs comprises.
          McGrew however disclose wherein adjusting the device type classifier to account for the determined misclassification costs comprises. (McGrew, para0033 teaches in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function is a function of the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization/learning phase, classifier process 244 can use the model M to classify new data points, such as information regarding new traffic flows in the network. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein adjusting the device type classifier to account for the determined misclassification costs comprises, as taught by McGrew in the computer-readable medium of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.
          The combination of Delker, McGrew, Boyle and Jacobson do not explicitly disclose wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data, including with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process.
          Pietro however discloses wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data, including with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process. (Pietro, para0036, 0057 and 0101. Para0036 teaches in various embodiments, network assurance process 248 may also utilize machine learning techniques, to enforce policies and to monitor the health of the network. In general, machine learning is concerned with the design and the development of techniques that take as input empirical data (such as network statistics and performance indicators), and recognize complex patterns in these data. One very common pattern among machine learning techniques is the use of an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data. For instance, in the context of classification, the model M may be a straight line that separates the data into two classes (e.g., labels) such that M=a*x+b*y+c and the cost function would be the number of misclassified points. The learning process then operates by adjusting the parameters a,b,c such that the number of misclassified points is minimal. After this optimization phase (or learning phase), the model M can be used very easily to classify new data points. Often, M is a statistical model, and the cost function is inversely proportional to the likelihood of M, given the input data. Para0057 teaches network assurance system 300 shown in FIG. 3, may gather collected data 334 from any number of network elements/data sources deployed in a monitored network, such as branch office 306 and/or campus 308. Such telemetry data regarding the monitored network may also be assessed by one or more machine learning-based processes of analyzer 312. However, particularly in the case of using collected telemetry data as input to a machine learning-based analyzer, the precision and cleanliness of the input data is vital to the proper operation of the analyzer. Para0101 teaches while certain embodiments are described herein with respect to using certain models for purposes of performance modeling and/or network analysis, the models are not limited as such and may be used for other functions, in other embodiments).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein the machine learning-based classifier comprises a clustering process that clusters endpoint devices based on their associated traffic telemetry data, including with the traffic telemetry data of the endpoint devices, the measures of policy restrictiveness as input features for the clustering process, as taught by Pietro in the computer-readable medium of Delker, McGrew, Boyle and Jacobson, so many network assurance systems rely on predefined rules to determine the health of the network, these rules can be used to trigger corrective measures and/or notify a network administrator as to the health of the network., see Pietro, para0002.

Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Delker in view of McGrew further in view of Boyle, further in view of Jacobson, and further in view of Marcheret (US20130254153A1).

As per claim 8, the combination of Delker, McGrew, Boyle and Jacobson disclose a system according to claim 1.
          Delker does not explicitly discloses wherein adjusting the device type classifier to account for the determined misclassification costs.
          McGrew however disclose wherein adjusting the device type classifier to account for the determined misclassification costs (McGrew, para0033 teaches classifier process 244 may employ any number of machine learning techniques, to classify the gathered traffic data. In general, machine learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., traffic data regarding traffic in the network) and recognize complex patterns in the input data. For example, some machine learning techniques use an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of wherein adjusting the device type classifier to account for the determined misclassification costs, as taught by McGrew in the system of Delker, so capturing traffic characteristics improves the functioning of the network by enabling network devices and network administrators to adjust the operations of the network dynamically, see McGrew para0003.
           Delker, McGrew, Boyle and Jacobson do not disclose reweighting training samples for the classifier using the determined misclassification costs.
          Marcheret discloses reweighting training samples for the classifier using the determined misclassification costs (Marcheret, para0087 teaches in act 460, the reweighted labeled training data is used to retrain classification model 410, thereby improving the performance of the classification model 410 for the distribution of unlabeled input 430. In one embodiment, retraining comprises using the classification model 410 and performing further training using the reweighted labeled training data 450 to further shape the way that the classification model responds to the unlabeled input, although other retraining techniques may be used).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of reweighting training samples for the classifier using the determined misclassification costs, as taught by Marcheret in the system of Delker, McGrew, Boyle and Jacobson, so classification model is able to learn how to correctly assign classes based on the labeled training data, and may then be used to determine the classes of unlabeled input for which the class is unknown, see Marcheret, para0005.

As per claim 16, the combination of Delker, McGrew, Boyle and Jacobson disclose an apparatus according to claim 9.
          Delker does not explicitly discloses wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs by.
          McGrew however disclose wherein the apparatus adjusts the device type classifier to account for the determined misclassification costs (McGrew, para0033 teaches classifier process 244 may employ any number of machine learning techniques, to classify the gathered traffic data. In general, machine learning is concerned with the design and the development of techniques that receive empirical data as input (e.g., traffic data regarding traffic in the network) and recognize complex patterns in the input data. For example, some machine learning techniques use an underlying model M, whose parameters are optimized for minimizing the cost function associated to M, given the input data).

           Delker, McGrew, Boyle and Jacobson do not disclose reweighting training samples for the classifier using the determined misclassification costs.
          Marcheret discloses reweighting training samples for the classifier using the determined misclassification costs (Marcheret, para0087 teaches in act 460, the reweighted labeled training data is used to retrain classification model 410, thereby improving the performance of the classification model 410 for the distribution of unlabeled input 430. In one embodiment, retraining comprises using the classification model 410 and performing further training using the reweighted labeled training data 450 to further shape the way that the classification model responds to the unlabeled input, although other retraining techniques may be used).
          Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to provide the functionality of reweighting training samples for the classifier using the determined misclassification costs, as taught by Marcheret in the apparatus of Delker, McGrew, Boyle and Jacobson, so classification model is able to learn how to correctly assign classes based on the 




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MONISHWAR MOHAN whose telephone number is (571)272-2907.  The examiner can normally be reached on Monday - Thursday 7:00 am - 5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on (571) 272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/M.M./Examiner, Art Unit 2442                                                                                                                                                                                                        
/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442