Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
This office action is response to the application 16/176,776 filed on 10/31/2018. Claims 1-5, 7 & 9-20 are pending in this communication.

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/12/2021 has been entered.

Examiner’s Note
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be 

Response to Arguments
Applicant's arguments filed 01/12/2021 have been fully considered.
Applicant’s Argument:
Independent claim 1 of the present application, from which claims 2-5, 7, 9, and 10 depend, recites, inter alia, a method for managing network devices that includes "verifying whether the reproduced command is authorized for execution at the network device" and "when the reproduced command is not authorized, deleting the command from the network device, and generating a log entry corresponding to the command, the log entry including at least a current user of the user computing device, the command, an identifier corresponding to the network device at which the command was attempted, and a timestamp" (emphasis added). Independent claims 11 and 17, from which claims 12-16 and 18-20 depend, respectively, include similar recitations written in different formats. For the reasons discussed below, the Applicant respectfully submits that the cited references fail to disclose or suggest at least the above recitation. At page 8 of the Office Action, the Office acknowledges that Hashmi and Jha both fail to disclose or suggest the claimed logging.

Examiner’s response:
These arguments have been respectfully considered and the following rejection addresses them.

Allowable subject matter
Claims 3 and 4 will be allowable if written in independent form with base claims 1. For allowability the independent claims 11 & 17 are required to be in same scope as proposed amended claim 1.  Reasons of allowance: Verifying a computing device operator’s authorization when the operator executes a command on the device where authorized commands and unauthorized commands are generated based on a type of network device and characteristics of the operator of the computing device where the command is applied.
Thus the prior art, when considered individually and in combination, do not teach or suggest the subject matter as recited by 1, 11 and 17, and thereby claims 1, 11 and 17 are considered allowable. The dependent claims which further limit claims 1, 11 and 17 also are allowable by virtue of their dependency. 

Claim Rejections - 35 USC § 103
The following is a quotation of AIA  35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

JHA; Sanjay K. et al., Pub. No.: US 2006/0278694 A1 in view of HASHMI; Omer et al., Pub. No.: US 2016/0381032 A1.

Regarding Claim 1, JHA a method for managing network devices, the method comprising:
…
receiving a control input from the input device, the control input for executing the command at the network device {ABS. “Detection and management methods and apparatus for wireless devices may include an executable instruction authorization module operable to scan executable instructions on a wireless device”. Examiner’s note: the examiner interprets the limitations as a user executing a command, scanned command is saved for further analysis. Any command entered in a computing device is character by character and all characters of the command are collected in a buffer for execution in an operator communication device (Fig. 1 elements 106, 108, element 104 – ‘information repository’)};
…
verifying whether the reproduced command is authorized for execution at the network device {Fig. 1 element 152 – ‘permission decision’ & Fig. 7 element 300 –‘operator authorization logic’ & ABS. “generate a log indicative of a virus or otherwise unauthorized executable instructions based on a received authorization configuration”}; and
when the reproduced command is not authorized, deleting the command from the network device, and generating a log entry corresponding to the command, the log entry including at least a current user of the user computing device, the command, an identifier corresponding to the network device at which the command was attempted, and a timestamp {Fig. 1 element 120, 121 – ‘ Log – ‘unauthorized exec. instr. (i.e. command)’  & ABS. “The user manager may be operable to analyze the log and generate an authorization report which may be viewable by an operator to determine the disposition of unauthorized executable instructions. At least one of the executable instruction authorization module, the user manager, and the operator may be operable to generate a control command operable to delete, or otherwise disable, unauthorized executable instructions on the wireless device (see [0039] for details).” … Fig. 7 & [0083], “an operator identification ("ID") parameter 306 may be entered into memory 296 … and may be operable to identify the operator of the operator communication device 106 to network components.” … Fig. 3 & [0052], “authorization schema 194 may include a signature 206 comprising data relating to executable instructions 124, including but not limited to at least one of application/file name, version, size, date/time created”. Examiner’s note: every command (executable instruction) is a file which is attempted to be executed by a user of the device}.
	JHA, however, does not explicitly disclose
transmitting a plurality of inputs received from an input device to a network device, the
plurality of inputs associated with a command executable by the network device;
storing a plurality of characters in an accumulator, the plurality of characters received
from the network device in response to the transmitted plurality of inputs;
…
in response to receiving the control input, reproducing the command for the network device from the plurality of characters stored in the accumulator;
;
In an analogous reference HASHMI discloses
transmitting a plurality of inputs received from an input device to a network device {Fig. 1 & [0015], “a number of users interact over the computer network 102 with computing resource system module(s) 112 of the computing resource service 107 to create and configure various provided computing nodes 127”}, the plurality of inputs associated with a command executable by the network device {[0022], “FIG. 2A illustrates example system 200A, which includes user shell application modules 204, user command execution interface component 206 (/Fig. 1 element 119, 145 – ‘interface(s)), and computing resource service 226.  The user shell application modules 204a-c may, for example, execute on client devices of users to enable the users to provide commands and other related requests to computing nodes 228 (Fig. 1 element 127 –‘provided computing nodes) of the computing resource service 226”};
storing a plurality of characters in an accumulator, the plurality of characters received from the network device in response to the transmitted plurality of inputs {Fig. 1 element 114 & [0015], “the  computing resource service 107 includes a user command execution interface component 114 to further assist in providing functionality of the computing resource service 107 to the remote users, such as to perform some or all of the described techniques to control access of users to the provided computing nodes 127, … [0026], “It should be recognized that the shell transport layer module 218 may employ other mechanisms for executing commands on computing nodes or other computing related resources, such as, for example, Windows PowerShell, MySQL, etc.” Examiner’s note: all commands and request from the user input (commands are computer readable characters) are collected and saved by the computing resource service 107 via user command execution interface component 114, in other words input information captured or accumulated by 107/114 and stored in a database};
…
in response to receiving the control input, reproducing the command for the network device from the plurality of characters stored in the accumulator {[0024], “If the user is authorized to execute the command on the computing nodes 228a-c, the shell aggregator module 210 instructs the shell transport layer module 218 to perform corresponding interactions with the computing nodes 228a-c to cause the computing nodes 228a-c to execute the command, and to receive results if appropriate”. Examiner’s note: after running security check of user command(s), the security system forwards the user commands for execution by the user after processing of the original input command (which is claimed ‘reproducing the command’) to compare with listed commands for legitimacy. Instant application’s spec. para 0056 supports the examiner’s interpretation of ‘reproducing the command’}; and
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify JHA’s technique of ‘verifying an operator’s command on a network device to alter or configure device operation before allowing execution of input command and using a control command input to execute deleting the unauthorized command’ for ‘computing device’s capability of character handling capability in a command line interface of the device’, as taught by HASHMI, in order to successfully execute operator inputted motivation is to provide an operator time to edit or verify a command sequence and command execution logic before the command set is executed. After the execution by a control input the change already took place in the system and could interrupt network operation and going back to original operation state may be difficult and time consuming. 
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes that this motivation applies to all dependent and/or otherwise subsequently addressed claims unless addressed separately.

Regarding Claim 2, JHA as modified by HASHMI discloses all the features of claim 1, and the combination further disclose
verifying whether the reproduced command is authorized comprises determining if the reproduced command is at least one of included in a list of authorized commands for the network device or excluded from a list of unauthorized commands for the network device {HASHMI: [0034], “the permission repository 212 may include an allow/deny list of command/computing node combinations that indicates which commands the user is authorized or not authorized to execute and on which computing nodes”}.

Regarding Claim 5, JHA as modified by HASHMI discloses all the features of claim 1 and the combination further discloses
when the reproduced command is authorized, transmitting the control input to the network device to cause the network device to execute the command {HASHMI: [0023], “If the user is authorized, the user command execution interface component 206 performs interactions with at least one of those computing nodes 228 to cause those computing nodes to execute the command(s)}.

Regarding Claim 6, cancelled.

Regarding Claim 7, JHA as modified by HASHMI discloses all the features of claim 1 and the combination further discloses
transmitting a message for display at the user computing device indicating that the command was unauthorized {JHA: [0097], “the executable instruction authorization module 114 may log the action taken and transmit a message to the user manager 104 and/or the operator 108 indicating the success or failure of the requested action”}.

Regarding Claim 8, cancelled.

Regarding claim 11, claim 11 is claim to a system using the method of claim 1. Therefore, claim 11 is rejected for the reasons set forth for claim 1.

Regarding Claim 12, JHA as modified by HASHMI discloses all the features of claim 11 and the combination further discloses
wherein the network security system stores at least one of a list of authorized commands and a list of unauthorized commands for the network device, the network security system further configured to verify whether the reproduced command is authorized by determining if the reproduced command is at least one of included in the list of authorized commands or excluded from the list of unauthorized commands {HASHMI: [0034], “the permission repository 212 may include an allow/deny list of command/computing node combinations that indicates which commands the user is authorized or not authorized to execute and on which computing nodes.” … {[0035], “a table for each user may be stored in the permission repository, with the table including a list of regular expressions that specify whether the user is or is not authorized to execute matching commands on any computing nodes associated with the user”}.

Regarding Claim 13, JHA as modified by HASHMI discloses all the features of claims 12 & 11 and the combination further discloses
a command list server in communication with the network security system, the command list server storing a master command list including at least one of authorized and unauthorized commands {HASHMI: [0034], “the permission repository 212 may include an allow/deny list of command/computing node combinations that indicates which commands the user is authorized or not authorized to execute and on which computing nodes”. Examiner’s note: combined allow/deny list is the claimed master list}, the network security system configured to update the at least one of the at least one of the list of authorized commands and the list of unauthorized commands by receiving at least a portion of the master command list {JHA: Fig. 1 & [0032],”a control command 126 may be generated to provide … update authorization configuration 118, such as to update the identification of authorized and/or unauthorized executable instructions, based on the information contained in authorization report 154”}. The motivational statement of the independent claim is maintained.

Regarding claim 14, claim 14 is a dependent claim of claim 11, claim 14 is claim to system using the method of claim 5. Therefore, claim 14 is rejected for the reasons set forth for claim 5.

Regarding Claim 15, JHA as modified by HASHMI discloses all the features of claim 11, and the combination further discloses:
when the reproduced command is not authorized, transmit a message for display at the user computing device indicating that the command was unauthorized {JHA: [0032], “Log 120 on wireless device 102 stores unauthorized executable instruction information 121, which comprises … unauthorized executable instructions, and as may be dictated by authorization configuration 118.  User manager 104 receives log 120 from wireless device 102, and analyzer 142 processes the log and generates an authorization report 154 providing details relating to the executable instructions detailed by the unauthorized instruction information 121”} . The motivational statement of the independent claim is maintained.

Regarding claim 17, claim 17 is claim to a non-transitory tangible computer-readable 

Regarding claim 18, claim 18 is a dependent claim of claim 17, claim 18 is claim to non-transitory tangible computer-readable storage media using the method of claim 2. Therefore, claim 18 is rejected for the reasons set forth for claim 2.

Regarding claim 19, claim 19 is a dependent claim of claim 17, claim 19 is claim to non-transitory tangible computer-readable storage media using the method of claim 5. Therefore, claim 19 is rejected for the reasons set forth for claim 5.

Regarding claim 20, claim 20 is a dependent claim of claim 17, claim 20 is claim to non-transitory tangible computer-readable storage media using the system of claim 15. Therefore, claim 20 is rejected for the reasons set forth for claim 15.

Claims 9 & 16 are rejected under AIA  35 U.S.C. 103 as being unpatentable over JHA; Sanjay K. et al., Pub. No.: US 2006/0278694 A1 in view of HASHMI; Omer et al., Pub. No.: US 2016/0381032 A1 and further in view of ARITSUKA; Toshiyuki et al., Pub. No.: US 2011/0154216 A1.

Regarding Claim 9, JHA as modified by HASHMI discloses all the features of claim 1. However, the combination does not explicitly disclose
storing the plurality of inputs received from the input device of the user computing device in a keyboard accumulator.
In an analogous reference ARITSUKA discloses
storing the plurality of inputs received from the input device of the user computing device in a keyboard accumulator {[0089], “The GUI operating history collecting unit utilizes the GUI object display and the GUI information monitor function for controlling the input devices, in order to monitor GUI object display commands issued by the application software or operating commands for the application software to acquire information about operation such as selections of GUI objects by input devices such as keyboards or the mouse, and then accumulates that history by detecting those contents”}.
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify JHA’s technique of ‘verifying an operator’s command on a network device to alter or configure device operation before allowing execution of input command and using a control command input to execute deleting the unauthorized command’ for ‘saving operating commands into a keyboard buffer by ARITSUKA to process the information further. The motivation is to improve verification & authorization of an executed command on a computing device. Immediate execution of a command and taking a remediation action of an unauthorized computing device execution command later will cause harmful unauthorized events that may be very disruptive to a production data network.
All references are inventions in analogous area but each invention teaches specific claimed limitation specifically and other references mutually cure each other’s deficiencies. When all claimed techniques are combined they teach claimed invention. The Examiner notes 

Regarding claim 16, claim 16 is a dependent claim of claim 11, claim 16 is claim to system using the method of claim 9. Therefore, claim 16 is rejected for the reasons set forth for claim 9.

Claim 10 is rejected under AIA  35 U.S.C. 103 as being unpatentable over JHA; Sanjay K. et al., Pub. No.: US 2006/0278694 A1 in view of HASHMI; Omer et al., Pub. No.: US 2016/0381032 A1 and further in view of BIONDO; William A. et al., Pub. No.: US 2018/0322273 A1.

Regarding Claim 10, JHA as modified by HASHMI discloses all the features of claim 1. However, the combination does not explicitly disclose
… verifying whether the reproduced command is authorized for execution at the network device {JHA: Fig. 1 element 152 – ‘permission decision’ & Fig. 3 element 300 –‘operator authorization logic’ & ABS. “generate a log indicative of a virus or otherwise unauthorized executable instructions based on a received authorization configuration”}.
 However, HASHMI does not explicitly disclose
waiting a predetermined delay period after receiving the control input from the input device of the user computing device and …
BIONDO discloses 
waiting a predetermined delay period after receiving the control input from the input device of the user computing device {ABS. “determining whether an authorized wireless device is connected to a vehicle sharing system and whether a first command is received from the authorized wireless device; in response to determining that the authorized wireless device is connected to the vehicle sharing system and that the first command is received from the authorized wireless device, setting a timer to a predetermined value, enabling an authenticating device and notifying of the enabling of the authenticating device; and in response to determining that attempted access to an unauthorized part of the vehicle has occurred, a second command is received from the authorized wireless device, or the timer has expired, disabling the authenticating device and notifying of the disabling of the authenticating device”}. 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to further modify JHA’s technique of ‘verifying an operator’s command on a network device to alter or configure device operation before allowing execution of input command and using a control command input to execute deleting the unauthorized command’ for ‘introducing a delay after entering a command’ by BIONDO, for command authorization verification. The motivation is to improve verification & authorization of an executed command on a computing device. Immediate execution of a command and taking a remediation action of an unauthorized computing device execution command later will cause harmful unauthorized events that may be very disruptive to a production data network.

Conclusion

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Examiner, Art Unit 2491