Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Action is in response to application filed on 6/18/2019. 
Claims 1-20 are pending in this application.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/18/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to 

Claim 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Votaw et al (US 2017/0126693 A1) in view of Kim et al (US 2015/0319251 A1).

Regarding claim 1, Votaw teaches a method, the method comprising: responsive to determining that one or more endpoints in a plurality of endpoints is not connected to a network, retrieving, by one or more computer processors, a first latest status of the one or more disconnected endpoints from a memory (Votaw [0054] creating one or more rules for each offline time period based on the identified reason for the offline time period, the offline time period may be a complete turn off of a mobile device or may be a period of inactivity such as at an event or in a meeting, [0025][0039] extract data including transaction data user may have completed with a credit card or debit card of time period user offline or inactive);
retrieving, by one or more computer processors, a set of predicted vulnerabilities for each of the one or more disconnected endpoints from the memory, wherein the set of predicted vulnerabilities is based on the first latest status of the one or more disconnected endpoints (Votaw [0056] if the offline time includes potential security issues such as being in a crowd place or the like, generating a security escalation 
retrieving, by one or more computer processors, a set of preventive actions and policies associated with and based on the set of predicted vulnerabilities to be performed each of the one or more disconnected endpoints, wherein the set of preventive actions and policies are retrieved from the memory (Votaw [0066] reinstate mobile application functionality to the user's mobile device with increased security parameters);
However, Votaw does not explicitly teaches retrieving, by one or more computer processors, a set of preventive actions and policies associated with and based on the set of predicted vulnerabilities to be performed when each of the one or more disconnected endpoints reconnects to the network; determining, by one or more computer processors, whether at least one endpoint in the one or more endpoints not connected to the network reconnects to the network; and responsive to determining that at least one endpoint in the one or more endpoints not connected to the network is reconnected to the network, performing, by one or more computer processors, at least one preventive action from the set of preventive actions according to at least one policy from the set of policies on the at least one endpoint reconnected to the network. (Note: Votaw [0050] discloses restore mobile applications once offline time period has passed)
Kim teaches 
retrieving, by one or more computer processors, a set of preventive actions and policies associated with and based on the set of predicted vulnerabilities to be performed when each of the one or more disconnected endpoints reconnects to the 
determining, by one or more computer processors, whether at least one endpoint in the one or more endpoints not connected to the network reconnects to the network (Kim [0051] determine periodic reconnection?);
responsive to determining that at least one endpoint in the one or more endpoints not connected to the network is reconnected to the network, performing, by one or more computer processors, at least one preventive action from the set of preventive actions according to at least one policy from the set of policies on the at least one endpoint reconnected to the network (Kim [0051][0049] when reconnected, update security management parameters);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Votaw in view of Kim to retrieving, by one or more computer processors, a set of preventive actions and policies associated with and based on the set of predicted vulnerabilities to be performed when each of the one or more disconnected endpoints reconnects to the network; determining, by one or more computer processors, whether at least one endpoint in the one or more endpoints not connected to the network reconnects to the network; and responsive to determining that at least one endpoint in the one or more endpoints not connected to the network is reconnected to the network, performing, by one or more computer processors, at least one preventive action from the set of preventive actions according to at least one policy from the set of policies on the at least one endpoint reconnected to the network.


Regarding claim 2, Votaw-Kim teaches the method of claim 1, wherein the step of retrieving, by one or more computer processors, a set of predicted vulnerabilities for each of the one or more disconnected endpoints from the memory, comprises: transmitting, by one or more computer processors, the retrieved first latest status of each of the one or more disconnected endpoints to a vulnerability prediction engine, wherein: the vulnerability prediction engine predicts a set of predicted vulnerabilities for each of the one or more disconnected endpoints and stores the set to the memory (Votaw [0039][0056] if potential risks such as user in crowd place, generate and store security escalation program); and the set of predicted vulnerabilities are based on continuously updated information about vulnerabilities of software programs, computer viruses and malware; and retrieving, by one or more computer processors, the set of predicted vulnerabilities (Votaw [0059] continually learn and adjust the security escalation programs, [0039]).

Regarding claim 3, Votaw-Kim teaches the method of claim 1, wherein the step of retrieving, by one or more computer processors, a set of preventive actions and policies associated with and based on the set of predicted vulnerabilities to be performed when each of the one or more disconnected endpoints reconnects to the 

Regarding claim 4, Votaw-Kim teaches the method of claim 1, wherein the step of performing, by one or more computer processors, at least one preventive action from the set of preventive actions according to at least one policy from the set of policies on the at least one endpoint reconnected to the network, comprises: transmitting, by one or more computer processors, the retrieved set of preventive actions and policies associated with and based on the set of predicted vulnerabilities to the at least one endpoint reconnected to the network to a management agent included on the at least one endpoint, wherein the management agent performs the at least one preventive action from the set of preventive actions according to at least one policy from the set of policies on the at least one endpoint (Kim [0031] push configuration information, 

Regarding claim 5, Votaw-Kim teaches the method of claim 1, further comprising: responsive to determining that at least one endpoint in the one or more endpoints not connected to the network has not reconnected to the network, retrieving, by one or more computer processors, a second latest status or the at least one endpoint. (Votaw [0057] based on offline period)

Regarding claim 6, Votaw-Kim teaches the method of claim 1, wherein the set of preventive actions are selected from the group consisting of updating a vulnerable software program, removing the vulnerable software program, disabling the vulnerable software program, installing a patch for the vulnerable software program, and a time-frame for performing the set of prevention actions (Kim [0024-0025] including updating security, configuration, close application, [0051] time interval to reconnect to update, Votaw [0048]).

Regarding claim 7, Votaw-Kim teaches the method of claim 1, wherein policies associated with the set of preventive actions are selected from the group consisting of a first policy that requires quarantining of the disconnected endpoint upon reconnection to the network, a second policy that requires the disconnected endpoint to only connect to a remediation network upon reconnection to the network, and a third policy defining a type of resolution for each vulnerability in the set of predicted vulnerabilities (Kim [0051] 

Regarding claims 8-13, 15-20 they do not teach or further define over the limitations in claims 1-6 respectively. Therefore, claims 8-13, 15-20 are rejected for the same reasons as set forth in claims 1-6.

Regarding claim 14, it does not teach or further define over the limitations in claim 7. Therefore, claim 14 is rejected for the same reasons as set forth in claim 7.

Additional References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Mylavarapu et al., US 20140237545 A1: HIERARCHICAL RISK ASSESSMENT AND REMEDIATION OF THREATS IN MOBILE NETWORKING ENVIRONMENT
Nasir et al., US 20160117692 A1: SYSTEM AND METHODS FOR CONSUMER MANAGED BEHAVIORAL DATA
Padget et al., US 20090234872 A1: SYNCHRONIZATION OF DISCONNECTED/OFFLINE DATA PROCESSING/ENTRY
Fawcett, US 5845077 A: Method and system for identifying and obtaining computer software from a remote computer
Radhakrishnan, US 20130047263 A1: Method and Apparatus for Emergency Session Validation
Price et al., US 20130247133 A1: SECURITY ASSESSMENT OF VIRTUAL MACHINE ENVIRONMENTS

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEVE LIN whose telephone number is 571-272-5137.  The examiner can normally be reached on Monday – Friday 7:30 AM – 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-272-7952.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.










Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/S. L./




/BRIAN J. GILLIS/Supervisory Patent Examiner, Art Unit 2446