Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Devaney (US Patent Pub 2018/0139205).


As per claims 1 and 12:  Devaney discloses a method comprising:
executing, by a host network element of a plurality of network elements associated with an enterprise network of an enterprise and communicatively coupled with each other via a security fabric, a collection of security checks on at least one Paragraph 17; An enterprise asset platform can be, for example, one of a node on an enterprise’s network, a data system, a website, and/or other platform that can be remotely accessed. In some implementations the asset platform can also act as a gateway providing access to a network of protected enterprise resources. In accordance with embodiments, an enterprise asset platform can be included within enterprise server 120);
receiving configuration data of the at least one network element pertaining to each security check of the collection of security checks, wherein the configuration data is received via the security fabric in response to a request by the host network element sent via the security fabric (Paragraph 12; Construction file 116 can include data regarding hardware and/or software contents of the particular client computing device… Image file 117 can include files accessible during the validation/authentication/security check operations. In accordance with embodiments the configuration data file and image file contents can be checked for compliance with predefined policy to verify the client computing device authenticity); and
validating each security check by comparing the received configuration data pertaining to each security check with a pre-defined or configurable network security configuration recommendation to generate a compliance result (Paragraph 12; the configuration data file and image file contents can be checked for compliance with predefined policy to verify the client computing device authenticity); and 
Paragraph 33, 40; The determination is based on a policy stored in device records 142 as a result of disambiguation process).
As per claims 2 and 13:  The method of claim 1, wherein the plurality of network elements comprise network security devices (Paragraph 11; An embodying system can include one or more client computing devices 110. The client computing device can be a computing device suitable for use by an end user in performance of the end user's purpose (e.g., personal computer, workstation, thin client, netbook, notebook, tablet computer, mobile device, etc.).
As per claims 3:  The method of claim 1, wherein a network security service to which a plurality of enterprises, including the enterprise, subscribe computes relative security rating scores for the plurality of enterprises by performing statistical analysis on compliance reports submitted by the plurality of enterprises (claim 6; a cumulative point score is below a predetermined threshold, at least one of terminating the method and assigning a default policy).
As per claim 4:  The method of claim 3, wherein the relative security rating scores are computed by comparing those of the plurality of enterprises within one or more of a particular region, a particular industry and a particular compliance sector (claim 6; a cumulative point score is below a predetermined threshold, at least one of terminating the method and assigning a default policy).
As per claims 5 and 14:  The method of claim 1, wherein the host network element builds an internal network topology to determine the first network element for which the compliance report is to be generated (Paragraph 11; FIG. 1 depicts system 100 for remote access authentication, validation, and security-posture checking in accordance with embodiments. An embodying system can include one or more client computing devices 110).
As per claims 6 and 15:  The method of claim 1, wherein the host network element assigns an authentication token with the request (Paragraph 39; Verification can include signature checking the token; checking client computing device details resident in data store 140 obtained during device disambiguation process 200 and/or device validation process 300).
As per claims 7 and 16:  The method of claim 1, wherein each security check of the collection of security checks is associated with a dependency so that each security check is executed consecutively based on the associated dependency (Paragraph 39; Verification can include signature checking the token; checking client computing device details resident in data store 140 obtained during device disambiguation process 200 and/or device validation process 300).
As per claims 8 and 17:  The method of claim 1, wherein the collection of security checks are executed in batches (Paragraph 13; Enterprise server 120 can include at least one server control processor 121 configured to support embodying verification/authentication/security check operations by executing executable instructions 122 accessible by the control processor).
As per claims 9 and 18:  The method of claim 8, wherein the compliance report is generated on completion of the execution of each batch of the security checks (Paragraph 39; Verification can include signature checking the token; checking client computing device details resident in data store 140 obtained during device disambiguation process 200 and/or device validation process 300).
As per claims 10 and 19:  The method of claim 1, wherein the host network element receives the configuration data of the first network element when the first network element generates a security rating request (claim 6; a cumulative point score is below a predetermined threshold, at least one of terminating the method and assigning a default policy).
As per claims 11 and 20:  The method of claim 1, wherein the pre-defined or configurable network security configuration recommendation is derived by translating any or a combination of security, business, audit and compliance requirement into a desired technical configuration (Paragraph 12; the configuration data file and image file contents can be checked for compliance with predefined policy to verify the client computing device authenticity).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472.  The examiner can normally be reached on 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ANTHONY D BROWN/Primary Examiner, Art Unit 2433