DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after allowance or after an Office action under Ex Parte Quayle, 25 USPQ 74, 453 O.G. 213 (Comm'r Pat. 1935). Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, prosecution in this application has been reopened pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/3/2021 has been entered.

Response to Amendment
This action is in response to the communications and remarks filed on 5/3/2021. Claims 22-23, 28, and 42-58 are presently pending for examination.

Response to Arguments
Applicant’s arguments, see pages 7-8, filed 5/3/2021, regarding the allowability of Claims 22-23, 28, and 42-58  have been fully considered and are not persuasive.  Applicant states that the claims are in condition for allowance.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 22-23, 28, 42-44, 46-52, and 54-57 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Hugard, IV et al., (US 20160057101 A1) hereinafter referred to as Hugard.
Regarding Claims 22, 46, and 54, Hugard discloses A method comprising: communicating probing payloads to a set of one or more ports of a plurality of network addresses to determine publicly accessible devices based on receiving responses to at least a subset of the probing payloads, determining whether an indication of a service is in the responses; [paragraph 0043, one or more asset detection engines (e.g., 210) can possess functionality that passively monitors a network for various activities which includes the communication or identification of one or more device addresses. The identified addresses can then be extracted from the monitored information and further used to ping, probe, and otherwise communicate with the devices at the identified address to identify whether the device is recorded within the asset repository 250 and to discover additional attributes of the devices. Further, detection of devices (i.e., system-type entities) can lead to the detection of other entity types, including application-type entities and person-type entities. Application-type and person-type entities can also be detected independent of the detection of system-type entities, for instance, through the sniffing of network traffic and other techniques. For instance, web servers, databases, chat clients, media clients, media players, etc. can be detected by from traffic monitored using asset detection engines 210] 
determining a follow-up probe associated with the service; communicating the follow-up probe to each of the publicly accessible devices that returned a response with an indication of the service; [paragraph 0063, an example asset detection engine 210 can include both active and passive sensors 280, 285 pluggably deployed on the asset detection engine. For instance, among the pluggable active sensors 280 deployed on the asset detection engine 210, a TCP SYN/ACK active discovery sensor, an ICMP ping sweep sensor, and a UDP ping sensor can be provided. In some instances, a TCP SYN/ACK sensor can send a set of one or more TCP packets (such as SYN packets, TCP full connect packet sequences, etc.) to addresses within the network. In some instances, a TCP SYN/ACK sensor can target particular ports identified as more likely to be in use within the network and send TCP SYN packets to each identified port for each target IP address. Target devices that respond with a TCP SYN ACK can be identified as live devices triggering further attribute probing of the target device. An ICMP ping sweep sensor can be adapted to send ICMP ping requests to each target IP address and listen for responses to identify live devices on the network. UDP ping sensors can be adapted to send particular UDP packets to target devices that are designed to elicit responses from particular services predicted to be used and associated with particular ports of the target device. The UDP ping sensor can then listen for responses to the sent UDP packets to identify live devices on the network – there are two probes sent, first there is a “ping sweep sensor” to detect devices and then a UDP ping sensor which targets the devices from the first response to elicit responses from services “follow-up probe”]
and updating a network information database with those of the plurality of network addresses corresponding to the publicly accessible devices and based, at least partly, on the responses to the probing payloads from the publicly accessible devices and responses to the follow-up probe. [paragraph 0065, Upon receiving device address data obtained by one or more asset detection engines 210 deployed within a computing environment, asset management system 205 can check the asset repository to see if the address data has already been identified, add address data that has not yet been discovered (e.g., for an already discovered device in the repository), and update or confirm previously identified address data based on the results received from the asset detection engine(s) 210]
Regarding Claims 23 and 48, Hugard discloses wherein said communicating is over the Internet and from a system that is external to one or more networks corresponding to the plurality of network addresses. [Figure 1]
Regarding Claims 28 and 49, Hugard discloses further comprising: receiving an indication of a security flaw; searching the network information base for a device corresponding to the indication of the security flaw; and based on finding a device corresponding to the indication of the security flaw, [paragraph 0036, policy enforcement engine 265 can be used to interface with a variety of security tools (e.g., 242, 244) deployed within the computing environment... Such security tools 242 can include, for example, firewalls, web gateways, mail gateways, host intrusion protection (HIP) tools, network intrusion protection (NIP) tools, anti-malware tools, data loss prevention (DLP) tools, system vulnerability managers, system policy compliance managers, asset criticality tools, intrusion detection systems (IDS), intrusion protection systems (IPS), and/or a security information management (SIM) tool, among other examples] 
identifying a security action based on the security flaw and information in the network information base associated with the device. [paragraph 0036, Further, enforcement engine 265 can further enable patches, updates, and other data to be pushed to target system entities in connection with security management of the computing environment, based on attributes of the targets identified using sensors 280, 285, scan engines 290, etc. Additionally, local security enforcement can also be performed, for instance, through agents or other tools (e.g., 244) running, loaded, or otherwise interfacing directly with a target device and providing asset management system 205 (e.g., through enforcement engine 265) with an interface for enforcing policy directly at the target device]
Regarding Claims 28 and 49, Hugard discloses further comprising: receiving an indication of a security flaw; searching the network information base for a device corresponding to the indication of the security flaw; and based on finding a device corresponding to the indication of the security flaw, [paragraph 0036, policy enforcement engine 265 can be used to interface with a variety of security tools (e.g., 242, 244) deployed within the computing environment... Such security tools 242 can include, for example, firewalls, web gateways, mail gateways, host intrusion protection (HIP) tools, network intrusion protection (NIP) tools, anti-malware tools, data loss prevention (DLP) tools, system vulnerability managers, system policy compliance managers, asset criticality tools, intrusion detection systems (IDS), intrusion protection systems (IPS), and/or a security information management (SIM) tool, among other examples] 
identifying a security action based on the security flaw and information in the network information base associated with the device. [paragraph 0036, Further, enforcement engine 265 can further enable patches, updates, and other data to be pushed to target system entities in connection with security management of the computing environment, based on attributes of the targets identified using sensors 280, 285, scan engines 290, etc. Additionally, local security enforcement can also be performed, for instance, through agents or other tools (e.g., 244) running, loaded, or otherwise interfacing directly with a target device and providing asset management system 205 (e.g., through enforcement engine 265) with an interface for enforcing policy directly at the target device]
Regarding Claims 42 and 50, Hugard discloses further comprising receiving an indication to scan, wherein the indication to scan indicates the set of one or more ports and the plurality of network addresses, wherein communicating the probing payload is based on the indication to scan. [paragraph 0027, An asset repository manager 255 can include a detection engine interface 256 that can allow the asset repository manager 255 to interface with asset detection engines 210 deployed within the computing environment and obtain results from the asset detection engines identifying newly discovered system entities within the computing environment, as well as attributes detected for the system entities, such as address data and other information]
Regarding Claims 43, 51, and 56, Hugard discloses wherein the indication to scan also indicates the service. [paragraph 0063, UDP ping sensors can be adapted to send particular UDP packets to target devices that are designed to elicit responses from particular services predicted to be used and associated with particular ports of the target device. The UDP ping sensor can then listen for responses to the sent UDP packets to identify live devices on the network – there are two probes sent, first there is a “ping sweep sensor” to detect devices and then a UDP ping sensor which targets the devices from the first response to elicit responses from services “follow-up probe”]
Regarding Claims 44, 52, and 57, Hugard discloses further comprising determining a probing payload to communicate as the probing payloads in a payload database based on the indication to scan, wherein the indication to scan also indicates at least one of device type and information to obtain. [paragraph 0027, An asset repository manager 255 can include a detection engine interface 256 that can allow the asset repository manager 255 to interface with asset detection engines 210 deployed within the computing environment and obtain results from the asset detection engines identifying newly discovered system entities within the computing environment, as well as attributes detected for the system entities, such as address data and other information]
Regarding Claim 47, Hugard discloses wherein the system comprises the network information database. [paragraph 0027, Further, asset repository manager 255 can additionally include a tagging engine 258 adapted to assign tags or taxonomies to discovered system entities within the asset repository so as to expand and modify the types of relationships between system entities beyond the default relationships defined in the asset repository's default or original organization scheme]
Regarding Claim 55, Hugard discloses wherein the computer program further comprises instructions to receive an indication to scan via a scanning interface, wherein the indication to scan indicates the set of one or more ports and the plurality of network addresses. [paragraph 0027, An asset repository manager 255 can include a detection engine interface 256 that can allow the asset repository manager 255 to interface with asset detection engines 210 deployed within the computing environment and obtain results from the asset detection engines identifying newly discovered system entities within the computing environment, as well as attributes detected for the system entities, such as address data and other information]
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 45, 53, and 58 are rejected under 35 U.S.C. 103 as being unpatentable over Hugard, as applied to Claims 22, 46, and 54, respectively, above.
Although Hugard does not explicitly teach wherein determining the follow-up probe associated with the service comprises looking up the follow-up probe in a table that associates services with follow-up probes, Hugard does teach follow-up probes based on a table or the asset repository and Hugard also teaches that both an IPv6 address is saved in an asset repository based on a probe of a device as well as “additional information” which could include the “services” of that device.
wherein determining the follow-up probe associated with the service comprises looking up the follow-up probe in a table that associates services with follow-up probes. [paragraph 0067, in order to determine if a device changes state from on-the-network to off-the-network, or vice versa, the previous state detected for each device can be maintained, so as to provide a point of comparison. This can be done, for example, by keeping an in-memory table or database on disk of the asset detection engine 210 (or within the asset repository 250), containing the last detected state of each known device] [paragraph 0068, Further, each address indicated as being alive can be periodically probed via one or more active discovery sensors. If the address is detected as being alive, then the corresponding entry in the device state table can again be time-stamped to indicate the last time the device was detected as on the network – this is a “follow-up probe”] [Figure 7C, along with an IPv6 address being added to an asset repository based on a probe, “additional attribute” is also added which can be the service]

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J STEINLE whose telephone number is (571)272-9923.  The examiner can normally be reached on M-F 10am-6pm CT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ANDREW J STEINLE/Primary Examiner, Art Unit 2497