Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The response of 12/15/2020 was received and considered.
Claims 1-20 are pending.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/16/2020 has been entered.
 
Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant’s remarks (11/16/72020, p. 7-8 argue that the prior art of record fails to teach the amended limitations.  However:  
Barile teaches data loss prevention, including applying a security monitoring policy to a computing device (¶18), detecting violations to the policy (¶¶18-20, ¶27) and, in response to a violation, causing access to data (an operation) to be blocked 
Baar teaches a single point of management to monitor and manage endpoint devices (¶¶31-32 teaches a database of information used to manage connected terminals and ¶35 teaches using the management system to remotely update connected terminals, ¶35).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Breton, as modified above, to include monitoring and managing the security application for the domain/channel associated with the end-point device along with other deployed security applications for other domains/channels through a single point of management performed by the processor of the server to remotely manage the endpoint devices, such as for software/firmware updates, as taught by Baar.
Lewis teaches that it was known to manage software/firmware updates on a peripheral device (payment device, Fig. 1, 106) that is interfaced to a second device (POS device, Fig. 1, 101) as a peripheral of second device, including receiving an update package from a terminal management system (¶30) and sending the update to the peripheral device (¶31).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Breton, as modified above, such that the end-point device is a peripheral device that is 
Yamazaki is cited for teaching locking down menus/windows when a license policy is not fulfilled (¶124).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Breton, as modified above, to lock down windows and menus, in response to a security violation.  One of ordinary skill in the art would have been motivated to perform such a modification to prevent data loss via menus and windows that provide access to data, as taught by Yamazaki.
Therefore, based on the prior art of record and the rational provided above and in the rejections below, the Examiner respectfully maintains that the application is not yet in condition for allowance.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 7 and 9-12 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190081982 to Breton et al. (Breton) in view of US 2016/0323106 A1 to (Roper), US 2010/0162347 A1 to Barile and US 2020/0074435 A1 to Baar et al. (Baar).
Regarding claim 1, Breton discloses, via a processor of a server (cloud server, Fig. 2, 150), receiving a selection (administrative client used to send commands, ¶26 and provide policy changes, ¶58) for a security application (endpoint agent, including plugin, ¶58) and an end-point device (apply policy changes to endpoint, ¶58, where the command identifies the endpoint, ¶29); configuring the security application for the end-point device as a domain/channel specific security application for a domain/channel associated with the end-point device (plugins available for particular endpoint type, ¶47); and deploying a security agent to the end-point device, wherein deploying further includes installing and initiating, by the security agent, the domain/channel specific security application on the end-point device (identify, install and configure plugin, ¶¶59-60).  Breton lacks wherein deploying the security agent further includes configuring the security agent to dynamically check a digital signature of the domain/channel specific security application during processing of the domain/channel specific security application on the end-point device and when the digital signature is unable to be validated removing the domain/channel specific security application from memory of the end-point device and shutting down other processes of the end-point device.  However, Roper teaches a device comprising a monitor manager configured to dynamically check a digital signature of an application during processing of the application (check applications executing in memory, ¶27) and when the digital signature is unable to be validated removing the application from memory of the device (termination of the application, ¶27) and shutting down other processes of the end-point device (rebooting, ¶27), to continually validate the authenticity of software (¶5).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Breton such that deploying the security agent further includes configuring the security agent to dynamically 
Regarding claim 2, Breton discloses wherein receiving further includes providing through an interface a list of available security applications to a remote server and identify the selection through the interface (selection provided through administrative client, ¶58).
Regarding claim 4, Breton discloses wherein configuring further includes configuring a process flow for activation of the domain/channel specific security application on the end-point device (configuring plugin for scanning process, ¶62).
Regarding claim 7, Breton discloses wherein deploying further includes configuring the security agent (endpoint agent, including plugin, ¶58) for authenticating back to the server from the end-point device and communicating securely with the method (methods utilize SSL, which includes encryption between two devices, ¶17).
Regarding claim 9, Breton discloses wherein deploying further includes configuring the security agent to receive updates to the domain/channel specific security application from the processing (updating a plugin, ¶¶18-19 and ¶40).
Regarding claim 10, Breton discloses wherein deploying further includes configuring the security agent to enforce a security policy on the end-point device based on monitoring of the domain/channel specific security application (plugins provide real-time protection, ¶18, ¶28, ¶47).
Regarding claims 11-12, Breton discloses wherein deploying further includes configuring the security agent to report monitoring information gathered by the security agent for the domain/channel .

Claims 3 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Breton, Roper, Barile, and Baar, as applied to claims 1 and 7 above, in view of US 20180302409 to Hope et al. (Hope).
Regarding claims 3 and 8, Breton, as modified above, lacks wherein configuring further includes configuring the domain/channel specific security application for custom encryption and decryption processing.  However, Hope teaches configuring a software security agent for encrypting communication between the endpoint and a gateway (¶36).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Breton, as modified above, such that configuring further includes configuring the domain/channel specific security application for custom encryption and decryption processing.  One of ordinary skill in the art would have been motivated to perform such a modification to enable secure transmission of information to the cloud server, as taught by Hope.

Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Breton, Roper, Barile, and Baar, as applied to claim 1 above, in view of US 20170010875 A1 to Martinez et al. (Martinez).
Regarding claim 5, Breton, as modified above, lacks wherein configuring further includes configuring the domain/channel specific security application to provide Binary Input/Output System (BIOS) security on the end-point device.  However, Martinez teaches that it was known to provide a secure BIOS update package configured to provide Binary Input/Output System (BIOS) security on the end-point device (¶29).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Breton, as modified above, to include configuring the domain/channel specific security application to provide Binary Input/Output System 
Regarding claim 6, Breton, as modified above, lacks wherein configuring further includes configuring the domain/channel specific security application for activation on the end-point device as a pre-boot process before or during initiation of a Binary Input/Output System (BIOS) on the end-point device.  However, Martinez teaches that it was known to provide, to an endpoint device, a secure BIOS update package configured to provide Binary Input/Output System (BIOS) security on the end-point device (¶29), where the package is configured for activation on the end-point device as a pre-boot process before or during initiation of a Binary Input/Output System (BIOS) on the end-point device (providing signature verification (¶29) and installation of the updated BIOS (¶30).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Breton, as modified above, such that configuring further includes configuring the domain/channel specific security application for activation on the end-point device as a pre-boot process before or during initiation of a Binary Input/Output System (BIOS) on the end-point device.  One of ordinary skill in the art would have been motivated to perform such a modification to enable updating of the endpoint’s BIOS, as taught by Martinez.

Claims 13-18 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190081982 to Breton et al. (Breton) in view of US 2016/0323106 A1 to (Roper) and US 2009/0037284 A1 to Lewis et al. (Lewis).
Regarding claim 13, the claim is similar in scope to claim 1 with respect to Breton and Roper and is rejected using a similar rationale, with the following exception.  Breton, as modified, lacks wherein the end-point device is a peripheral device that is interfaced to a second device as a peripheral of second device.  However, Lewis teaches that it was known to manage software/firmware updates on a 
Regarding claim 14, Breton, as modified above, teaches continuously verifying, by the security agent, the digital a processing signature or checksum value for the domain/channel specific security application (as modified by Roper, ¶27 and obvious for the reasons discussed above).
Regarding claim 15, Breton, as modified above, teaches processing, by the security agent, an action on the end-point device when the digital processing signature or the check sum value does not match an expected signature or an expected value (terminating application, rebooting, etc., as modified above by Roper and obvious for the reasons discussed above), wherein the action is defined in the security policy (determined by monitor manager, Roper, ¶27).
Regarding claim 16, Breton discloses installing, by the security agent, an update to the domain/channel specific security application that is dynamically received from the Omni-channel security manager (updated policy or plugin, ¶51).
Regarding claims 17-18, Breton discloses wherein enforcing further includes reporting monitoring information defined in the security policy back to the Omni- channel security manager, wherein the monitoring information is captured as the domain/channel specific security application processes on the end-point device (real-time protection, ¶18, ¶28, ¶47 and reporting security information, scan results, etc. to the cloud server, ¶43, ¶47).

Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20190081982 to Breton et al. (Breton) in view of US 2016/0323106 A1 to (Roper), US 2020/0074435 A1 to Baar et al. (Baar), US 2010/0162347 A1 to Barile and US 2016/0162668 A1 to Yamazaki.
Regarding claim 19, Breton discloses a system, comprising: a server configured to execute an Omni-channel security manager (cloud server, Fig. 1 configured to act as an administrative back end, Fig. 2, ¶19); and at least one end-point device configured to execute a security agent (endpoint, Fig. 1); wherein the Omni-channel security manager is configured to: (i) receive a selection (administrative client used to send commands, ¶26 and provide policy changes, ¶58) to a security application (endpoint agent, including plugin, ¶58) for the at least one end-point device (apply policy changes to endpoint, ¶58, where the command identifies the endpoint, ¶29), (ii) configure the security application as a domain/channel specific security application associated with a domain/channel of the at least one end-point device (plugins available for particular endpoint type, ¶47), and (iii) deploy the security agent to the at least one end- point device (identify, install and configure plugin, ¶¶59-60); wherein the security agent configured to: (i) obtain the domain/channel specific security application from the Omni-channel security manager once deployed to the at least one end-point device (obtaining a plugin from server, ¶¶50-51), (ii) initiate the domain/channel specific security application on the at least one end-point device (installing plugin, ¶¶50-51), and (iii) enforce a security policy in response to monitoring processing of the domain/channel specific security application on the at least one end-point device (enforce policy configuration, ¶51,  ¶53).  Breton lacks wherein deploying the security agent further includes configuring the security agent to dynamically check a digital signature of the domain/channel specific security application during processing of the domain/channel specific security application on the end-point device and when the digital signature is unable to be validated removing the domain/channel specific security application from memory of the end-point device and shutting down other processes of 
Regarding claim 20, Breton discloses wherein the at least one end-point device is one or more of: a server, a Self-Service Terminal (SST), a Point-Of-Sale (POS) terminal operated by a clerk of one of the merchants, a kiosk, a mobile device (¶18), a network-voice enabled appliance, and a device that is Note that the remaining elements of the group would have been considered, by a skilled artisan before the effective filing date of the claim invention, obvious variations of Breton’s disclosed group to expand the applicability of the invention.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841.  The examiner can normally be reached on Monday - Friday, 7:00-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
February 10, 2021