DETAILED ACTION
Response to Amendment
This action is in response to amendment filed April 29, 2021 for the application # 16/260,614 filed on January 29, 2019. Claims 1-5, 10-13, 16, 17, and 21-29 are pending and are directed toward DETERMINING CRITICALITY OF IDENTIFIED ENTERPRISE ASSETS USING NETWORK SESSION INFORMATION.
Any claim objection/rejection not repeated below is withdrawn due to Applicant's amendment.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Response to Arguments
Applicant’s arguments with regards to claims 1-5, 10-13, 16, 17, and 21-29 have been fully considered, but they are moot because of new grounds of rejection.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to 


Claims 1-5, 10-13, 16, 17, and 21-29 are rejected under 35 U.S.C. 103 as being unpatentable over Hill (US 2019/0089741, Filed: Sep. 18, 2017) in view of BEYAH et al. (US 2018/0048550, Pub. Date: Feb. 15, 2018), hereinafter referred to as Hill and BEYAH respectively.
As per claim 1, Hill teaches a computer-implemented method comprising:
capturing network session information from an enterprise network (the network traffic is inspected, Hill, [0082]);
identifying multiple assets within the enterprise network by processing the captured network session information (Industrial devices communicate with other devices in a known pattern which is unique for the site and device's role, Hill, [0082]);
determining, for each of the identified assets, one or more predefined features of the asset based at least in part on the processing of the captured network session information (protocol requests and responses are analyzed to identify a role of each device. Other indicators to define manufacturer and software/firmware revision levels can also be utilized. Hill, [0082]);
Hill in view of BEYAH teaches mapping of protocol and protocol behaviors (Hill, [0090]), BEYAH further teaches wherein determining one or more predefined features comprises, for each of the identified assets: identifying an operating system running on the given identified asset by processing pattern data within one or more transmission control protocol header fields and one or more internet protocol header fields; identifying one or more applications running on the given identified asset by processing sequencing data pertaining to one or more hypertext transfer protocol request headers and one or more hypertext transfer protocol response headers (For passive fingerprinting, a variety of techniques exist that provide both device type fingerprinting and individual device fingerprinting. One example is the open source p0f tool, which passively examines TCP and hypertext transfer protocol (HTTP) header fields to determine information about a client, such as OS and browser version. BEYAH, [0029]);
Hill in view of BEYAH are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Hill in view of BEYAH. This would have been desirable because The first attempt at formalizing methods for active and passive fingerprinting of network protocols was published in 2006, when parametrized extended finite state machine (PEFSMs) were used to model the behavior of different protocol implementations. See G. Shu and D. Lee. Network protocol system fingerprinting-a formal approach. In INFOCOM 2006. 25th IEEE International Conference on Computer Communications. Proceedings, pages 1-12, April 2006. Determining software versions is of some use (BEYAH, [0029]).

Hill in view of BEYAH further teaches determining, for each of the identified assets, a level of criticality associated with the asset based at least in part on the one or more determined features of the asset (when there is a direct threat against the system the system can ensure the mission critical function of the process is insured at an appropriate level (DEFCON 4, 3, 2, or 1) to define an associated defensive posture for cybersecurity. Hill, [0069]); and
outputting the level of criticality and an identifier of the asset associated therewith to one or more security-related systems, wherein the level of criticality and the asset identifier are used by the one or more security-related systems to take at least one automated action (This is accomplished by defining the security zones within a security zone management application of the network orchestration and security platform 106. Hill, [0069]);
wherein the method is performed by at least one processing device comprising a processor  coupled to a memory (Hill, FIG. 1A).
claim 2, Hill in view of BEYAH teaches the computer-implemented method of claim 1, wherein identifying the multiple assets within the enterprise network comprises identifying multiple internet protocol (IP) addresses within the captured network session information (Hill, [0059]).
As per claim 3, Hill in view of BEYAH teaches the computer-implemented method of claim 1, wherein the one or more predefined features comprises an operating system of the asset (Hill, [0048], [0051]).
As per claim 4, Hill in view of BEYAH teaches the computer-implemented method of claim 1, wherein the one or more predefined features comprises a web service used by the asset (Hill, [0038]).
As per claim 5, Hill in view of BEYAH teaches the computer-implemented method of claim 1, wherein the one or more predefined features comprises an application used by the asset (Hill, [0038]).
As per claim 10, Hill in view of BEYAH teaches the computer-implemented method of claim 1, wherein determining the level of criticality associated with the asset comprises utilizing user-defined levels of criticality associated with each of the one or more predefined features (Hill, FIG. 10).
As per claim 11, Hill in view of BEYAH teaches the computer-implemented method of claim 1, further comprising: recording, for each of the identified assets, the level of criticality, the one or more determined features (Hill, [0062]), and the asset identifier associated therewith (Hill, [0062]) to at least one database associated with one or more security analytics systems (Hill, [0056]).
Claims 12, 13, 16, 17 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of obviousness as used above.
As per claim 21 Hill in view of BEYAH teaches the apparatus of claim 16, wherein identifying the multiple assets within the enterprise network comprises identifying multiple IP addresses within the captured network session information (when a list of IP addresses and corresponding device types are available. BEYAH, [0055]).
Hill in view of BEYAH are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Hill in view of BEYAH. This would have been desirable because The first attempt at formalizing methods for active and passive fingerprinting of network protocols was published in 2006, when parametrized extended finite state machine (PEFSMs) were used to model the behavior of different protocol implementations. See G. Shu and D. Lee. Network protocol system fingerprinting-a formal approach. In INFOCOM 2006. 25th IEEE International Conference on Computer Communications. Proceedings, pages 1-12, April 2006. Determining software versions is of some use (BEYAH, [0029]), and because the results discussed above are extremely promising for supervised learning (BEYAH, [0055]).

As per claim 22 Hill in view of BEYAH teaches the apparatus of claim 16, wherein determining the level of criticality associated with the asset comprises utilizing user-defined levels of criticality associated with each of the one or more predefined features (when there is a direct threat against the system the system can ensure the mission critical function of the process is insured at an appropriate level (DEFCON 4, 3, 2, or 1) to define an associated defensive posture for cybersecurity. This is accomplished by defining the security zones within a security zone management application of the network orchestration and security platform 106. Hill, [0069]).
As per claim 23 Hill in view of BEYAH teaches the apparatus of claim 16, wherein the at least one processing device is further configured: to record, for each of the identified assets, the 
As per claim 24 Hill in view of BEYAH teaches the apparatus of claim 16, wherein identifying one or more applications running on the given identified asset comprises identifying one or more representational state transfer applications by processing network application layer behavior data (Hill, [0090], [0063]).
Claims 25-29 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of obviousness as used above.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 1-5, 10-13, 16, 17, and 21-29 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of US patent No. 10,938,847.  Although the conflicting claims are not identical, they are not patentably distinct from each other because all elements of claims 1-5, 10-13, 16, 17, and 21-29 of the instant application correspond to elements of claims 1-20 of US patent No. 10,938,847. The above claims of the present application would have been obvious over claims 1-20 of US patent No. 10,938,847 because each element of the claims of the present application is anticipated by the claims of the copending application and as such are unpatentable for obviousness-type double patenting (In re Goodman (CAFC) 29 USPQ2D 2010 (12/3/1993)).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938.  The examiner can normally be reached on 5:00 AM- 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 






/OLEG KORSAK/Primary Examiner, Art Unit 2492