DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 3 and 9 are canceled.
Claims 1 and 7 are amended.
Claims 1-2, 4-6, 8-12 are pending.
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/28/2020 has been entered.
 
Response to Arguments
Applicant’s argument filed 11/23/2020 have been fully considered.
In response to 35 USC 103, Applicant argues that Deng fails to disclose “the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information”. Examiner respectfully disagree. Deng discloses “the security device is configured to send signature rule usage status information corresponding to itself to the cloud server and update a signature rule according to update information after receiving the update information sent by the cloud server [0019]. To obtain a most active threat signature rule identification list, and after generating update information according to the most active threat signature rule identification list, the cloud server sends the update information to each security device to update a signature rule [0020]. A latest signature feature library published by the signature library publishing server [0046]. When the 
The rest of Applicant’s arguments with respect to independent claims 1 and 7 along with their respective dependent claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deng et al. (US 20150074756 hereinafter Deng) in view of U (US 20150281276), and in further view of Miller et al. (US 9210030 hereinafter Miller).
(Deng teaches a security device [0011, 0017, 0019]), a signature rule library sent by a cloud server (Deng teaches the cloud server center may specifically include a receiving cluster server, a signature library publishing server [0045]), wherein the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information (Deng teaches the security device is configured to send signature rule usage status information corresponding to itself to the cloud server and update a signature rule according to update information after receiving the update information sent by the cloud server [0019]. to obtain a most active threat signature rule identification list, and after generating update information according to the most active threat signature rule identification list, the cloud server sends the update information to each security device to update a signature rule [0020]. A latest signature feature library published by the signature library publishing server [0046]. When the cloud server determines that a security device with an incorrect configuration exists in the security devices, the cloud server generates update information corresponding to the security device with an incorrect configuration. One security device runs a database application under Linux (operating system), and the following configuration manners are all wrong. Signature rules of a database under Windows (operating system) are configured [0041]); and loading, by the network device, the signature rule associated with the device type configuration10 information (Deng teaches When the update information is the signature rule ID set list to be updated of the security device, the security device downloads a signature rule set corresponding to the signature rule ID set list from the cloud server and performs updating [0038]. Obtain a loaded signature rule list of each of the at least one security device according to the configuration data of each of the at least one security device, determine a security device with a signature rule to be updated by comparing the loaded signature rule list of each of the at least one security device with the most active threat signature rule identification list, generate update information corresponding to the security device with a signature rule to be updated [0057]).  
Although Deng discloses signature rules according to the configuration data and comparing it, Deng does not explicitly disclose but U discloses the device type configuration information includes device type and device model (U teaches that each node contains type and model of device [0056]); for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device (U teaches local policy compliance unit 162 may determine whether node 114B is in compliance with one or more of the retrieved security policies. cause node 114A to determine whether node 114B (a target endpoint device, in this example) complies with at least one security policy [0040] (determine if node B is compliance node A with security policies as interpreted as signature rule) Fig. 4A and Fig 4B); that matches the local device type configuration information of the network device (U teaches in the case that node 114A is compliant (Interpreted as matching) ("YES" branch of 212), security management device 116 may grant node 114A access to enterprise network 106 (216) [0058]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by U into the invention of Deng for the purpose of denying or approval access to the network, improves security (U [0004]).
Although Deng-U discloses updating the signature rule, Deng-U do not explicitly discloses but Miller discloses wherein when resources of the network device are sufficient, but the signature rules that have been loaded in the network device do not meet functions that the network device is able to take, the network device actively request for a signature rule from the cloud sever to obtain a corresponding signature rule (Miller teaches the validation rules are not statically implemented or stored in client 130. Rather, whenever the user is about to perform an operation, client 130 requests server 110 to generate up-to-date validation rules based on state information reflecting current state data on the fly. Upon receiving this request, server 110 dynamically generates validation rules based on the current state information, and transmits the validation rules to client 130. This ensures that client 130 receives the most up-to-date set of validation rules, and also eliminates the need to maintain or update duplicate copies of validation rules on client 130 [Col 9 lines 48-58]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Miller into the invention of Deng-U for the purpose of eliminating the need to maintain or update duplicate copies of validation rules (Miller [Col 9 lines 48-58]).
Re. claim 7, Deng teaches a network device, comprising: receive a signature rule library sent by a cloud server (Deng teaches the cloud server center may specifically include a receiving cluster server, a signature library publishing server [0045]), wherein the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information (Deng teaches the security device is configured to send signature rule usage status information corresponding to itself to the cloud server and update a signature rule according to update information after receiving the update information sent by the cloud server [0019]. to obtain a most active threat signature rule identification list, and after generating update information according to the most active threat signature rule identification list, the cloud server sends the update information to each security device to update a signature rule [0020]. A latest signature feature library published by the signature library publishing server [0046]. When the cloud server determines that a security device with an incorrect configuration exists in the security devices, the cloud server generates update information corresponding to the security device with an incorrect configuration. One security device runs a database application under Linux (operating system), and the following configuration manners are all wrong. Signature rules of a database under Windows (operating system) are configured [0041]); and load the signature rule associated with the device type configuration information (Deng teaches When the update information is the signature rule ID set list to be updated of the security device, the security device downloads a signature rule set corresponding to the signature rule ID set list from the cloud server and performs updating [0038]. Obtain a loaded signature rule list of each of the at least one security device according to the configuration data of each of the at least one security device, determine a security device with a signature rule to be updated by comparing the loaded signature rule list of each of the at least one security device with the most active threat signature rule identification list, generate update information corresponding to the security device with a signature rule to be updated [0057]). 
Although Deng discloses signature rules according to the configuration data and comparing it, Deng does not explicitly disclose but U discloses a processor (U teaches one or more processors [0067]), wherein, by invoking and executing machine-executable instructions corresponding to a signature rule loading control logic stored on a machine-readable storage medium (U teaches one or more computer-readable storage media that store instructions corresponding to the software or firmware [0037]), the processor is caused to:10 the device type configuration information includes device type and device model (U teaches that each node contains type and model of device [0056]); for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device (U teaches local policy compliance unit 162 may determine whether node 114B is in compliance with one or more of the retrieved security policies. cause node 114A to determine whether node 114B (a target endpoint device, in this example) complies with at least one security policy [0040] (determine if node B is compliance node A with security policies as interpreted as signature rule) Fig. 4A and Fig 4B); that matches the local device type configuration information of the network device (U teaches in the case that node 114A is compliant (Interpreted as matching) ("YES" branch of 212), security management device 116 may grant node 114A access to enterprise network 106 (216) [0058]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by U into the invention of Deng for the purpose of denying or approval access to the network, improves security (U [0004]).
Although Deng-U discloses updating the signature rule, Deng-U do not explicitly discloses but Miller discloses wherein when resources of the network device are sufficient, but the signature rules that have been loaded in the network device do not meet functions that the network device is able to take, the network device actively request for a signature rule from the cloud sever to obtain a corresponding signature rule (Miller teaches the validation rules are not statically implemented or stored in client 130. Rather, whenever the user is about to perform an operation, client 130 requests server 110 to generate up-to-date validation rules based on state information reflecting current state data on the fly. Upon receiving this request, server 110 dynamically generates validation rules based on the current state information, and transmits the validation rules to client 130. This ensures that client 130 receives the most up-to-date set of validation rules, and also eliminates the need to maintain or update duplicate copies of validation rules on client 130 [Col 9 lines 48-58]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Miller into the invention of Deng-U for the purpose of eliminating the need to maintain or update duplicate copies of validation rules (Miller [Col 9 lines 48-58]).
Claims 2 and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deng et al. (US 20150074756 hereinafter Deng) in view of U (US 20150281276), Miller et al. (US 9210030 hereinafter Miller), and in further view of Shin et al. (US 20150304344 hereinafter Shin).
(Shin teaches a policy and signature management module which manages creation, update and deletion of the real time blocking rules; an external interface module which provides an interface to send and receive policies of the real time blocking rules [0017]. The vIPS sends the created real time blocking rules to an SDN controller [0018]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Shin into the invention of Deng-U-Miller for the purpose of reducing the bottleneck of the cloud datacenter and efficiently construct and utilize the networks and to expand security of the virtual network system (Shin [0004& 0018]).
Re. claim 8, Deng-U-Miller teach the device according to claim 7, wherein when receiving the signature rule library sent by the 20cloud server. Although Deng-U-Miller discloses signature rule library, Deng-U-Miller do not explicitly disclose but Shin discloses the machine-executable instructions further cause the processor to: receive the signature rule library sent by the cloud server through a Software Defined Network (SDN) controller (Shin teaches a policy and signature management module which manages creation, update and deletion of the real time blocking rules; an external interface module which provides an interface to send and receive policies of the real time blocking rules [0017]. The vIPS sends the created real time blocking rules to an SDN controller [0018]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Shin into the invention of Deng-U-Miller for the purpose of reducing the bottleneck of the cloud datacenter and efficiently (Shin [0004& 0018]).
Claims 4 and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deng et al. (US 20150074756 hereinafter Deng) in view of U (US 20150281276), Miller et al. (US 9210030 hereinafter Miller), and in further view of Robitaille et al. (US 20140025790 hereinafter Robitaille).
Re. claim 4, Deng-U-Miller teach the method according to claim 1. Yet, Deng-U-Miller do not explicitly disclose but Robitaille discloses wherein the device type configuration information is recorded in a format of Type-Length-Value (TLV) (Robitaille teaches the content of the Advertisement message 311 includes information about the detected or discovered device 302: port identifier, device name, device description, IP address of the device (if known), serial number, firmware/software revision, base MAC address, configuration status, platform identifier, slot identifier, module information, and so on. The information may be encoded using the popular Type-Length-Value (TLV) format [0034]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Robitaille into the invention of Deng-U-Miller for the purpose of having information of interest and in order to encode the information with TLV format, which improves security by having information being encoded (Robitaille [0034]).
Re. claim 10, Deng-U-Miller teach the device according to claim 7. Yet, Deng-U-Miller do not explicitly disclose but Robitaille discloses wherein the device type configuration information is recorded 30 in a format of Type-Length-Value (TLV) (Robitaille teaches the content of the Advertisement message 311 includes information about the detected or discovered device 302: port identifier, device name, device description, IP address of the device (if known), serial number, firmware/software revision, base MAC address, configuration status, platform identifier, slot identifier, module information, and so on. The information may be encoded using the popular Type-Length-Value (TLV) format [0034]).
(Robitaille [0034]).
Claims 5 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deng et al. (US 20150074756 hereinafter Deng) in view of U (US 20150281276), Miller et al. (US 9210030 hereinafter Miller), and in further view of Robinson et al. (US 20080005285 hereinafter Robinson).
Re. claim 5, Deng-U-Miller teach the method according to claim 1. Although Deng-U-Miller discloses loading an updated signature rule with a change of configuration and a version number, Deng-U-Miller do not explicitly disclose but Robinson discloses wherein loading the signature rule comprises: 25determining, by the network device, whether a version number of the signature rule is higher than that of a signature rule loaded by the network device, and loading, by the network device, the signature rule when the version number of the signature rule is higher than that of the signature rule loaded by the network device (Robinson teaches a policy can require that the program is up to date, such as by date of installation or version number [0036]. A configuration may be a known directory path where the antivirus program is generally installed. A configuration may be a location of where the process is executing. Accordingly, the policy key 210 can search for the path of the program to determine if the program is installed and a date of the installation. The policy key 210 can also identify a version number of the program during the scanning for ensuring an up-to-date compliance. [0046]). 30  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Robinson into the invention of Deng-U-Miller for the purpose of ensuring that the policy is updated based on the newer version number, which leads to critical security policies being enforced (Robinson [0036]).

    PNG
    media_image1.png
    7
    3
    media_image1.png
    Greyscale
load the signature rule to the network device when the version number of the signature rule is higher than that of the signature rule loaded by the network device (Robinson teaches a policy can require that the program is up to date, such as by date of installation or version number [0036]. A configuration may be a known directory path where the antivirus program is generally installed. A configuration may be a location of where the process is executing. Accordingly, the policy key 210 can search for the path of the program to determine if the program is installed and a date of the installation. The policy key 210 can also identify a version number of the program during the scanning for ensuring an up-to-date compliance. [0046]).  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Robinson into the invention of Deng-U-Miller for the purpose of ensuring that the policy is updated based on the newer version number, which leads to critical security policies being enforced (Robinson [0036]).
Claims 6 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deng et al. (US 20150074756 hereinafter Deng) in view of U (US 20150281276), Miller et al. (US 9210030 hereinafter Miller), and in further view of Schultz et al. (US 20170063927 hereinafter Schultz).
Re. claim 6, Deng-U-Miller teach the method according to claim 1. Although Deng-U-Miller discloses that only the needed information is extract, Deng-U-Miller do not explicitly discloses but Shultz discloses further comprising:73025599.113 PP186153USdiscarding, by the network device, the signature rule associated with the device type configuration information that does not match the local device type configuration (Schultz teaches matching the device identifier information included therein with the active security policy 118, and either allowing or denying the packet to be forwarded to the application function block (such as where the active security policy is enforced by the network function block 112) or accepting or discarding the packets (such as where the active security policy 118 is enforced by the application function block 114) (this is interpreted as accepting when it is matching and discarding when it is does not match[0041]). 5  
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Schultz into the invention of Deng-U-Miller for the purpose of discarding packets to go forward, improves security by the packets are permitted to pass as long as they conform to the active security policy (Schultz [0036 and 0042]).
Re. claim 12, Deng-U-Miller teach the device according to claim 7. Although Deng-U-Miller discloses that only the needed information is extract, Deng-U-Miller do not explicitly discloses but Shultz discloses wherein the machine-executable instructions further cause the 10 processor to: discard the signature rule associated with the device type configuration information that does not match the local device type configuration information of the network device (Schultz teaches matching the device identifier information included therein with the active security policy 118, and either allowing or denying the packet to be forwarded to the application function block (such as where the active security policy is enforced by the network function block 112) or accepting or discarding the packets (such as where the active security policy 118 is enforced by the application function block 114) [0041]).
Therefore, it would have been obvious to one or ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Schultz into the invention of Deng-U-Miller for the purpose of discarding packets to go forward, improves security by the packets are permitted to pass as long as they conform to the active security policy (Schultz [0036 and 0042]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912.  The examiner can normally be reached on Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/K.A./Examiner, Art Unit 2436                                                                                                                                                                                                        /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436