Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION

1.	This action is responsive to the communication filed on 7/6/21.  Claims 1, 28 and 31 have been amended. Claims 2, 7-8, 10-27 and 30 have been cancelled. Claims 1, 3-6, 9, 28-29 and 31-34 are pending.
2.	Applicants' arguments filed 7/6/21 have been fully considered but they are not deemed to be persuasive.  Rejections and/or objections not reiterated from previous office actions are hereby withdrawn.  The following rejections and/or objections are either reiterated or newly applied.  They constitute the complete set presently being applied to the instant application.

Election By Original Presentation
3.	Newly submitted claims 35-39 are directed to an invention that is independent or distinct from the invention originally claimed for the following reasons:
I.	Claims 1, 3-6, 9, 28-29 and 34, drawn a method for applying a tagging profile to determine information technology network nodes that satisfying one or more conditions, classified in CPC G06F16/30289.
Claims 35-39, drawn to a method for monitoring nodes via software agents, detecting new node, automatically associating the new node with 
4.	The inventions are distinct, each from the other because of the following reasons:
	Inventions of Groups I and II are directed to related processes. The related inventions are distinct if the (1) the inventions as claimed are either not capable of use together or can have a materially different design, mode of operation, function, or effect; (2) the inventions do not overlap in scope, i.e., are mutually exclusive; and (3) the inventions as claimed are not obvious variants.  See MPEP § 806.05(j). In the instant case, the inventions as claimed processes are unrelated as supported by the distinct limitations discussed above.  Furthermore, the inventions as claimed do not encompass overlapping subject matter and there is nothing of record to show them to be obvious variants..
5.        The distinct critical features of each Group support the undue search burden if they were examined together.  
6.	Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits.  Accordingly, claims 35-39 are withdrawn from consideration as being directed to a non-elected invention.  See 37 CFR 1.142(b) and MPEP § 821.03.

Claim Rejections - 35 USC § 103
7.	The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:


8.	This application currently names joint inventors.  In considering patentability of the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) prior art under 35 U.S.C. 103(a).
9.	Claims 1 and 4 are rejected under 35 U.S.C. 103(a) as being obvious by Kochis in view of Molloy, and further in view of Palanisamy et al (U.S. 20090182610 A1 hereinafter, “Palanisamy”).
10.	With respect to claim 1,
	Kochis discloses a computer-implemented method, comprising:
receiving a set of conditions to establish a tagging profile (Kochis [0013] e.g. [0013] In one embodiment, the method includes: a) attaching a tracker tag to the moveable asset, wherein the tracker tag is disposed along an exterior of the movable asset at a location in which the tracker tag has line of sight access to the sky during normal movement of the asset, wherein the tracker tag is inoperative from equipment associated with the wherein the tracking information server includes a master tag profile that is re-configurable and at least initially the same as the installed tag profile, d) powering up the tracker tag, e) detecting a change in state condition with the tracker tag and responding to the change in state condition in accordance with the programmed instructions in the installed tag profile, wherein the response to the change in state condition includes retrieving the message with the next tag profile from the messaging system and installing the next tag profile in the tracker tag, wherein, upon installation, the next tag profile becomes the installed tag profile for control of current operations of the tracker tag);
receiving identifications of one or more tags associated with the tagging profile (Kochis [0177] – [0179] e.g. [0177] With reference to FIG. 20, an embodiment of a process 300 to configure a tag profile for a tracker tag begins at step 302 where a user is logged into the unsecured area 156 (FIG. 11) of the tracking information server 14 (FIG. 11) using the monitoring device 22 (FIG. 1).  At step 304, the user selects a "configure tag profile" feature or option.  Next, the tracking information server performs a security check to confirm that the user is authorized to access this area of the tracking information server (step 306; At step tag profiles, the tracking information server provides a tracker tag selection display to the user on the monitoring device (step 310).  Otherwise, the process returns to step 302 because the user is not authorized.  At step 312, the user selects a tracker tag, an asset associated with the desired tracker tag, or an element associated with the desired tracker tag for which the tag profile is to be configured.  Next, the tracking information server provides the tag profile for the selected tracker tag to the user in a configure tag profile display (step 314).  At step 316, the user selects desired change in state, data acquisition, and/or data download conditions to configure the tag profile.  Next, when the user saves the desired change in state, data acquisition, and data download conditions, the programmed instructions in the tag profile are updated (step 318).  At step 320, the tracking information server generates a message to the selected tracker tag with the newly configured tag profile.  Next, the tracking information server sends the message to the selected tracker tag (step 320). [0178] In an addition embodiment of the tag profile configuration process, the user may select any combination of multiple tracker tags, assets, or elements in step 312 when multiple tag profiles are to be commonly configured.  This is tag selection display in step 310 may include classes of assets and classes of elements to simplify selection of multiple tracker tags for tag profile configuration.  When multiple tag profiles are commonly configured, the message in step 322 is sent to multiple corresponding tracker tags. [0179] In one embodiment of the tag profile configuration process, the message maybe an e-mail message sent to an e-mail address associated with the selected tracker tag via the e-mail system (e.g., POP3 e-mail server).  In another embodiment, the message may be a text message sent to a text messaging address associated with the selected tracker tag via a text messaging system.  In still another embodiment, the message may be a direct data communication to the selected tracker tag.  The e-mail and/or text messaging systems may be within the tracking information server or provided by independent service providers);
applying the tagging profile to nodes in an information technology network by determining one or more nodes in the information technology network that satisfy one or more conditions of the set of conditions (Kochis abstract, [0177] – [0179] e.g. information network; tag profile; conditions);
associating the one or more tags with the nodes that satisfy the one or more conditions (Kochis abstract, [0177] – [0179] e.g. information network; tag profile; conditions);
displaying a list of the one or more tags (Kochis abstract, [0177] – [0179] e.g. tags).
	Although Kochis substantially teaches the claimed invention, Kochis does not explicitly indicate
each tag being a keyword or term;
the associating comprising storing the keyword or term of each tag of the one or more tags as metadata or as a field in a database storing nodal information for the information technology network;
in a multi-panel display
after user selection of a respective one of the tags, displaying, in the multi-panel display, a list of the nodes associated with the respective one of the tags.
Molloy teaches the limitations by stating
receiving identifications of one or more tags associated with the tagging profile, each tag being a keyword or term (Molloy [0043], [0060] – [0061], [0071] e.g. In the screen shot shown, when "Scan 511" is selected, the right-hand column shows that tag "XYZ" was added to the asset "Server4.". [0060] For example, an Administrator User may use the security management system 100 to make User 1 responsible for all Windows servers by creating a relationship between User 1 and the tag "Windows," and the tagging logic finally normalized by the scan logic processor 140 and stored in the user database 150. The data may then be interpreted by tagging logic engine 190 and the user may then specify that all assets in a certain sub-net must be tagged with the tag "Human Resources" tag. [0071] For example, the user may say, "I would like to make a new tag based on an IP address rule, and I want to assign the tag `HR asset` to anything in the 10.10.10/255 network." The programmers may have written a rule that lets the user do the network check against an IP address so that the user only has to fill in the IP address of "10.10.10/255." The tagging logic engine 190 may be evaluating IP addresses and applying the `HR asset` tag to the assets automatically all the time in the background [as receiving identifications of one or more tags associated with the tagging profile, each tag being a keyword or term (e.g. “XYZ”, “window”, “Human Resources”, “HR asset”)]);
applying the tagging profile to nodes in an information technology network by determining one or more nodes in the information technology network that satisfy one or more conditions of the set of conditions;
associating the one or more tags with the nodes that satisfy the one or more conditions, the associating comprising storing the keyword or term of each tag of the one or more tags as metadata or as a field in a database storing nodal information for the information technology network;
displaying, in a multi-panel display, a list of the one or more tags; and
after user selection of a respective one of the tags, displaying, in the multi-panel display, a list of the nodes associated with the respective one of the tags (Molloy [0048] – [0054] and Fig. 11 e.g. [0048] In the illustrated screen shot 1100, a left-hand column lists tags while a right-hand column lists rules and a history of actions.  For example, when "Tag 3" is selected, the rule may state "Apply to assets when the OS contains `Windows.`" The history of the actions may show that this rule was applied to asset 1, asset 2 and so on, but was skipped on asset "n" because it was banned by the user [as
applying the tagging profile (e.g. Tag 1, 2 or 3) to nodes (e.g. assets) in an information technology network by determining one or more nodes (e.g. assets) in the information (e.g. INFORMATION) technology network that satisfy one or more conditions (e.g. rules) of the set of conditions);
(e.g. “XYZ”, “window”, “Human Resources”, “HR asset”; NOTE: Metadata is "data that provides information about other data") or as a field in a database (e.g. database 150) storing nodal information for the information technology network;
displaying, in a multi-panel display (e.g. Fig. 11), a list of the one or more tags; and
after user selection (e.g. when “Tag 3” is selected) of a respective one of the tags, displaying, in the multi-panel display (e.g. Fig. 11), a list of the nodes (e.g. assets) associated with the respective one of the tags].  The user may have the option of editing the rule for "Tag 3" when it is selected.  The tag asset rule may be edited by double-clicking on the asset, and the audit tag history may be viewed by a single left click or right click on the asset. [0049] Each rule may have a dedicated interface to edit it with.  Simple rules may include whether an asset is running the Windows OS.  Other rules may be more complex and may include yes/no settings, drop down settings, or text fields.  Each tag rule may have a different screen in the web app UI 160, and how the user chooses to configure the settings in that screen may determine how the tag functions in their particular environment.  A user may create a tag rule that is based on the vulnerability tag engine.  asset's name, OS, last scan, tags, software, among other attributes, allowing the user to access all information for a specific asset in the user database 150.  In the example in screen shot 1200, the asset is "Asset 17" and the user may select the Name, OS, Last Scan, Tags, Software, etc for "Asset 17." When "OS" is selected for "Asset 17," it shows that the OS is Windows 2000 Service Pack 3.  If the user selects tags, the user will then see all of the tags associated with asset 17. [0051] Referring now to FIG. 13, a flowchart for the process of asset discovery 1300 is shown in accordance with an embodiment of the present disclosure.  Often, a user will know that they have a particular device in a certain location, but will not realize which assets they might have at the current time.  Because tags are the basis for organization, some tags may be associated with a range of network addresses. [0052] In the illustrated process 1300, at action 1302 the management security system 100 tells the scanner 116 the known range of IP addresses at a particular location and For example, if a user does not realize which assets they may have, but know they have a scanner 116 in a particular office in Redwood City, Calif., the user may instruct the scanner 116 to find every asset 118 that it can.  The security management system 100 may then create an instruction in the job management server 120 via the web app UI 160 to tell the scanner 116 the known range of IP addresses in the Redwood City office and to find assets 118 within that IP range).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Molloy’s teaching would have allowed Kochis to provide interactive service communications and independent communications of the aforementioned type to other modes of transporation as, such as various forms of air, ground and water transportation (Kochis [0010]).
Although Kochis and Molloy combination substantially teaches the claimed invention, they do not explicitly indicate
detecting one or more changes between a current state of the nodes and a baseline state of the nodes; and
generating a report comprising a listing of the one or more changes that are not approved changes.
Palanisamy teaches the limitations by stating
detecting one or more changes between a current state of the nodes and a baseline state of the nodes; and
generating a report comprising a listing of the one or more changes that are not approved changes (Palanisamy [0059] – [0061] and [0074] e.g. [0059] The reassignment could be the same list as in the previous tab approval or some other mechanism.  A change in asset version can trigger a workflow for a change, notification and/or re-assignment.  [0060] In one embodiment, a change in customer-defined fields triggers a notification or metadata change.  In one embodiment, a change follows the asset name change use case pattern for notification.  In one embodiment, a change in a user-specified asset metadata field triggers regression of asset one step in registration status, e.g. from accept to unaccepted, from submitted to unsubmitted, from registered to unregistered.  A regression in asset registration status (reject, unaccept, or unsubmit) can also trigger a change in asset classification.  [0061] When an asset is changed and saved, this can trigger a flow as can changes to data in other specified field(s).  In one embodiment, there are additional Changes in metadata of most kinds can cause the associated tab to be unapproved and reassign the asset to its respective assignment/approval tier of approvers.  [0074] FIG. 20 shows a flow for Time based escalation in one embodiment.  When an asset is accepted, tab approvals are assigned by the Multi-tier Workflow.  The Multi-tier Workflow will also create an entry for this asset with the Tab approval information to a persistence store.  When a Tab is approved, the Multi-tier Workflow will also update the status in the persistence store.  The Time Based Escalation is a long running Workflow running in a loop that wakes up every 6 hours.  Each time it wakes up, it will load the unapproved tab asset list [as
detecting one or more changes (e.g. changes) between a current state (e.g. change to the version/customer-defined fields of the asset) of the nodes (e.g. assets) and a baseline state (e.g. version/customer-defined fields of the asset; referring to the instant applicant’s specification [0096] – [0097] “… version check”) of the nodes; and
generating a report comprising a listing of the one or more changes that are not approved changes (e.g. the unapproved tab asset list)]).

11.	With respect to claim 4,
	Molloy further discloses wherein the nodes to which the tagging profile is applied comprise one or more of a database server, directory server, file server, or network device (Molloy [0021] e.g. scans of one or more user assets 118, such as desktop computers, laptops, workstations, tablets, phones, etc.).

12.	Claims 3, 5, 9 and 34 are rejected under 35 U.S.C. 103(a) as being obvious by Kochis in view of Molley and Palanisamy, and further in view of Thukral.
13.	With respect to claim 3,
	Although Kochis, Palanisamy and Molley substantially teaches the claimed invention, they do not explicitly indicate allowing a user to select whether the tagging profile is to be applied to a newly detected node in the information technology network automatically or manually.
Thukral teaches the limitations by stating
comprising allowing a user to select whether the tagging profile is to be applied to a newly detected node (Thukral [0022], [0142], [0181] –   in the information technology network automatically or manually.
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Thukral’s teaching would have allowed Kochis, Palanisamy and Molley combination to provide interactive service communications and independent communications of the aforementioned type to other modes of transporation as, such as various forms of air, ground and water transportation (Kochis [0010]).
14.	With respect to claim 5,
	Thukral further discloses wherein the list of the one or more tags is displayed in a first panel of the multi-panel display and the list of the nodes associated with the respective one of the tags is displayed in a second panel of the multi-panel display (Thukral [0022], [0142], [0181] – [0184] and Figs. 20-24).
15.	With respect to claim 9,
	Thukral further discloses allowing a user to select whether all conditions of the set or less than all conditions of the set must be satisfied before associating nodes with the one or more tags (Thukral [0178] and Fig. 14 e.g. [0178] The automatic asset matching rules are manually written in advance to match assets which have the same attributes or a subset of one or more attributes which matches [as allowing a user to select whether all conditions of the set or less than Whenever a match is made, another rule is made that links the two systems (the asset found on the network by the automatic discovery process to the asset found in the financial reporting system) together for all time so that on subsequent scans, if these two systems are found again, they will be reconciled as the same asset).
16.	With respect to claim 34,
	Thukral further discloses providing a user interface, wherein the receiving a set of conditions or the receiving identifications of one or more tags is via the user interface (Thukral [0022], [0142], [0181] – [0189] and Figs. 20-27 e.g. [0186] FIG. 26 is a screen shot of a screen wherein filter conditions are set to limit the number of unmatched fixed assets will be examined manually to attempt to find a match in inventory.  Sometimes it is not practical to find a match for providing a user interface (e.g. Fig. 26), wherein the receiving a set of conditions (e.g. filter condition set) or the (e.g. Fig. 26: Value, type of asset) is via the user interface]).

17.	Claim 6 is rejected under 35 U.S.C. 103(a) as being obvious by Kochis in view of Molloy and Palanisamy, and further in view of Blumenau (U.S. 2007/0113293 A1 hereinafter, “Blumenau”).
18.	With respect to claim 6,
	Molloy further discloses
	that a node have a name or attribute that matches a user-selected keyword (Molloy [0029], [0031], [0065] – [0066] e.g. [0029] Tags for operating systems of the various assets may use the same "operating system string matches pattern" rule so they may all use the same plug-in 195.  There may be several "operating system" tags that use one rule with a variable applied in a certain way to apply the tags to the various assets 118.  The plug-ins 195 provide an open system that can accept new rule definitions as the security management system 100 evolves.  For example, in an embodiment, if a user wants to tag an asset 118 based on its IP address, a new IP address plug-in 195 could be added, which could then be used to tag assets based their IP address and physical location. [0031] The set of assets 118 to be scanned in a subsequent may be determined by the user based on a user-defined tag.  For example, the user may want to scan all assets that were previously tagged with the "Windows" tag.  
	Although Kochis, Palanisamy and Molloy combination substantially teaches the claimed invention, they do not explicitly indicate
that a node be tagged with a selected tag, the selected tag being different than the one or more tags associated with the tagging profile.
	Blumenau teaches the limitations by stating
	that a node be tagged with a selected tag, the selected tag being different than the one or more tags associated with the tagging profile (Blumenau [0046] and [0075] – [0077] e.g. [0046] As used herein, digital asset refers to any digital file that can be stored in a storage medium.  Examples of digital assets can include, but are not limited to, files, e-mails, instant messages (IM), audio files, video files, profiles, drivers, programs, and other electronic embodiments of information [0075] In various embodiments, application rules define the set of categorized digital assets (e.g., taxonomy tags) that can be stored with a directory or file when that directory or file is created by an application.  Application rules consider the name and context of the digital asset (binary name, binary versions, process name, window titles, and the link) and the name of the directory being created.  From this data a set of taxonomy tags are determined and returned as the list of is tags for this digital asset. [0076] Device rules define the set of taxonomy tags that can be applied to a directory or file when that directory or file is created by or stored on a particular device.  Rules can be defined for device classes (e.g., local fixed device, network device, removable devices), individual storage devices or input devices.  Similarly, end-user rules define the set of taxonomy tags that can be associated with a directory or file when that directory or file is created or changed by the end-user.  User rules can consider the end-user's name, the end-user's role, the end-user's location or any other data that can be retrieved from a local or directory based end-user configuration. [0077] By applying rules and categorizations to folders, directories, end-users, and devices, automatic and inheritance based categorization of digital assets is achieved.  For example, if a word document is stored in a specific directory, the client software 212 applies the taxonomy tag indicated by the rules and categorization of the directory that stores the word document.  Further, if a one or more uncategorized digital assets are moved into a categorized directory those digital asset inherent the categorization of the directory.  Such a feature allows for the categorization of digital assets existing on the client 110 prior to the installation of the client software 212.)).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Blumenau’s teaching would have allowed Kochis, Palanisamy and Molloy combination to provide interactive service communications and independent communications of the aforementioned type to other modes of transporation as, such as various forms of air, ground and water transportation (Kochis [0010])..

19.	Claims 28-29 and 31-33 are rejected under 35 U.S.C. 103(a) as being obvious by Thukral in view of Molloy, and further in view of Suit et al (U.S. 20120096065 A1 hereinafter, “Suit”)..
20.	With respect to claim 28,
Thukral discloses a computer-implemented method, comprising:
receiving a set of conditions to establish a tagging profile, the set of conditions specifying a set of one or more conditions that must be satisfied by a node before the node is assigned a tag associated with the tagging profile;
receiving identifications of one or more tags associated with the tagging profile;
applying the tagging profile to nodes in an information technology network, the applying the tagging profile comprising assigning the tag associated with the tagging profile to one or more nodes of the nodes in the information technology network that satisfy the set of conditions specified in the tagging profile, thereby generating a tagged set of nodes; and
generating a data set in a hierarchically arranged database or file system that comprises the tagged set of nodes (Thukral [0014], [0018], [0022], [0031], [0142], [0178] – [0189] and Figs. 20-28 e.g. [0186] FIG. 26 is a screen shot of a screen wherein filter conditions are set to limit the number of unmatched fixed assets will be examined manually to attempt to find a match in inventory.  Sometimes it is not practical to find a match for every unmatched fixed asset, so it is desirable to establish filter conditions to select only the high value assets to do further investigation to find matches for.  Financial reporting is not required to be exact, but there is a need for some degree of accuracy at least to comply with the law.  The dialog box shown at 264 is used to establish the filter condition.  In this particular case, the filter condition is established by setting a value (field 266) to be "greater than" (field 268) $5000 (field 264) and the type of asset (field 270) must equal (field 272) computer equipment (field 274). [0187] FIG. 27 is a screen shot of a screen used in the manual matching process showing fixed assets meeting the filter condition set in the screen of 
receiving a set of conditions to establish a tagging profile (e.g. Matching Rules icon 264 in Fig. 26), the set of conditions specifying a set of one or more conditions (e.g. filter condition set) that must be satisfied by a node before the node is assigned a tag (e.g. Fig. 26: Value, type of asset) associated with the tagging profile;
receiving identifications of one or more tags associated with the tagging profile;
applying (e.g. Apply “All” of the following conditions: in Fig. 26) the tagging profile to multiple existing nodes in an information technology network, the applying the tagging profile comprising assigning (e.g. correspond) each of the one or more tags the tag associated with the tagging profile to one or more nodes of the multiple existing nodes in the information technology network that satisfy the set of conditions specified in the tagging profile, thereby generating a tagged set of nodes; and
(Fig. 27)]), and
wherein the method is performed by a monitoring computer in the information technology network, and
	wherein the method further comprises applying a rule to the tagged set of nodes in the data set, the rule identifying a criterion by which a configuration change to the node is to be transmitted to the monitoring computer (Thukral [0124], [0226] – [0231] and Figs. 21-28 e.g. [0124] monitor system [0226] Identifying a device that has changed over time.  In a further example, consider network scan data on a particular date (e.g., January 1 of the year) with the following response: [0227] from IP address 10.1.1.1: [0228] network card MAC address="00:E0:81:24:B7:1C" [0229] disk driver serial number="SK434xzh" [0230] OS serial number="83084dd3"  [0231] If there are other device elements stored, the unique ID generation system then examines them using a matching rule such as the example described and if there is no match (for example because this is the first device), the unique ID generation system creates a new device element and sets the device element's attribute values (i.e., the MAC address and serial numbers) to those from 10.1.1.1. [as
wherein the method is performed by a monitoring computer (e.g. monitor system) in the information technology network, and
(e.g. changed over time) to the node (e.g. a device) is to be transmitted to the monitoring computer]).
	Although Thukral substantially teaches the claimed invention, Thukral does not explicitly indicate
the set of conditions including a geographic location for the node.
Molloy teaches the limitations by stating
the set of conditions including a geographic location for the node (Molloy [0048] – [0054] and Fig. 11 e.g. [0053] For example, if a user does not realize which assets they may have, but know they have a scanner 116 in a particular office in Redwood City, Calif., the user may instruct the scanner 116 to find every asset 118 that it can.  The security management system 100 may then create an instruction in the job management server 120 via the web app UI 160 to tell the scanner 116 the known range of IP addresses in the Redwood City office and to find assets 118 within that IP range [as the set of conditions (e.g. rules) including a geographic location (e.g. the Redwood City office) for the node (e.g. asset)]),
applying the tagging profile to nodes in an information technology network, the applying the tagging profile comprising assigning the tag associated with the tagging profile to one or more nodes of the nodes in the information technology network that satisfy the set of conditions specified in the tagging profile, thereby generating a tagged set of nodes (Molloy [0045] e.g. [0045] Referring now to FIG. 10, a screen shot 1000 of tag-to-asset and scan-by-tag is shown in accordance with an embodiment of the present disclosure.  The illustrated screen shot 1000 shows one or more specific search filters in a left-hand column that may be used to target scans or report bulk actions resulting in a list of assets in a right-hand column.  By organizing assets, a user may be able to create reports on the assets, see intersections between tags, or target scans by tags.  The results of a scan may populate data by asset, and that data may then be used to assign tags based on certain rules); and
wherein the method is performed by a monitoring computer in the information technology network (Molloy [0066] e.g. [0066] In a third embodiment, a method is disclosed herein for auditing and then assigning, monitoring, reporting on, or fixing specific machine vulnerabilities based on operating system tags.  Part of the data in the user database 150 that was fetched by the scanner 116 and transferred to job management server 120 may be the state of the vulnerabilities of the assets 118 in the user site 115.  This may allow the security management system 100 to know if there is a particular vulnerability on each and every asset 118 that can then be used to tag and create a score that may be reported against [as wherein the method is performed by a monitoring computer  in the information technology network]), and
wherein the method further comprises applying a rule to the tagged set of nodes in the data set, the rule identifying a criterion by which a configuration change to the node is to be transmitted to the monitoring computer (Molloy [0072] e.g. [0072] For things that cannot be easily determined programmatically by the computers, a user may assign tags to assets manually.  For example, a particular asset 118 that recently had a hard drive replacement or recent hardware change is something that a human would tag because it may be difficult to write a tagging rule 195 to determine those events.  There may be several use cases for the idea that IT administrators should tag assets that they are working on so those assets can be more closely scrutinized over the next couple of months to assure that the changes made to those assets did not incur additional vulnerabilities.  This may be a case where an IT administrator would their user terminal 119 and web app UI 160 to manually tag "recently modified" to the assets that they worked on that week.  The scans that may already be run on a regular weekly basis can be targeted as "all tags recently modified" so that those assets can be more closely scrutinized at a later time [as wherein the method further comprises applying a rule to the tagged set of nodes in the data set, the rule identifying a criterion by which a (e.g. hard drive replacement or recent hardware change) to the node is to be transmitted to the monitoring computer]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Molloy’s teaching would have allowed Thukral to provide a dynamic hierarchical tagging system and method that provides advantages over previously known solutions (Molloy [0002]).
Although Thukral and Molloy combination substantially teaches the claimed invention, they do not explicitly indicate
the rule being applied by software agents at the nodes and identifying a criterion by which a configuration change to the node and detected by the software agent is to be transmitted to the monitoring computer.
Suit teaches the limitations by stating wherein the method further comprises applying a rule to the tagged set of nodes in the data set, the rule being applied by software agents at the nodes and identifying a criterion by which a configuration change to the node and detected by the software agent is to be transmitted to the monitoring computer (Suit [0021], [0027], [0041], [0055] and Claim 17 e.g. [0021] A method and system for detecting configurations changes at nodes of a network are discussed herein.  In one embodiment, one or more agents are deployed to one or more of a plurality of nodes of the network.  The agents provide configuration messages that specify a configuration of their respective node.  The configuration messages are processed to determine whether changes to the central node. [0041] Configuration information reported by the agents that provide the data for the Ontological description of the network may also be used for detecting any changes to the configurations of the nodes.  Any detected changes may be visualized, to show root cause of any system performance drifts arising from these configuration changes.  [0055] The configuration bean is sent to the state and profiling engine 626 (Drools rules engine) which processes the new configuration bean to compare it against prior configuration configuration change that was made, including parameters such as: a node ID, a reference to what baseline it is assigned and the specific changes to the baseline and/or to an earlier reported configuration of the node.  The changes may relate to System Properties, Security (users and Groups), Applications, Resource Allocations (Media, CPU, Memory, System).  [claim 17] The method according to claim 10 further comprising: receiving a selection of the at least one system performance parameter to the administration console;  determining one or more nodes associated with the selected at least one performance parameter;  determining any configuration changes for the one or more nodes;  and displaying indications of the configuration changes on the visualization [as wherein the method further comprises applying a rule (e.g. the specific changes to the baseline) to the tagged set of nodes (e.g. selected nodes) in the data set, the rule being applied by software agents (e.g. agents) at the nodes and identifying a criterion (e.g. the specific changes to the baseline) by which a configuration change (e.g. detecting configurations changes) to the node and detected by the software agent is to be (e.g. reported) to the monitoring computer (e.g. central node)]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Suit’s teaching would have allowed Thukral and Molloy combination to provide a dynamic hierarchical tagging system and method that provides advantages over previously known solutions (Molloy [0002]).
21.	With respect to claim 29,
	Thukral further discloses accessing the data set comprising the tagged set of nodes with an information technology compliance and configuration control tool (Thukral [0014], [0018] [0031], [0178] – [0185] and Figs. 21-28).
22.	With respect to claim 31,
	Claim 31 same as claim 28 and is rejected for the same reasons as applied hereinabove.
23.	With respect to claim 32,
	Molloy further discloses wherein each tag is a keyword or term, and the assigning the tag to one or more nodes comprises storing the keyword or term of the tag as metadata or as a field in a database storing nodal information for the information technology network (Molloy [0043], [0060] – [0061], [0071] e.g. In the screen shot shown, when "Scan 511" is selected, the right-hand column shows that tag "XYZ" was added to the asset "Server4.". [0060] For example, an Administrator User may use the security management system 100 to make User 1 responsible finally normalized by the scan logic processor 140 and stored in the user database 150. The data may then be interpreted by tagging logic engine 190 and the user may then specify that all assets in a certain sub-net must be tagged with the tag "Human Resources" tag. [0071] For example, the user may say, "I would like to make a new tag based on an IP address rule, and I want to assign the tag `HR asset` to anything in the 10.10.10/255 network." The programmers may have written a rule that lets the user do the network check against an IP address so that the user only has to fill in the IP address of "10.10.10/255." The tagging logic engine 190 may be evaluating IP addresses and applying the `HR asset` tag to the assets automatically all the time in the background [as wherein each tag is a keyword or term (e.g. “XYZ”, “window”, “Human Resources”, “HR asset”), and the assigning the (e.g. “XYZ”, “window”, “Human Resources”, “HR asset”; NOTE: Metadata is "data that provides information about other data") or as a field in a database (e.g. database 150) storing nodal information for the information technology network]).
24.	With respect to claim 33,
	Thukral further discloses providing a user interface, wherein the receiving a set of conditions or the receiving identifications of one or more tags is via the user interface (Thukral [0022], [0142], [0181] – [0189] and Figs. 20-27 e.g. [0186] FIG. 26 is a screen shot of a screen wherein filter conditions are set to limit the number of unmatched fixed assets will be examined manually to attempt to find a match in inventory.  Sometimes it is not practical to find a match for every unmatched fixed asset, so it is desirable to establish filter conditions to select only the high value assets to do further investigation to find matches for.  Financial reporting is not required to be exact, but there is a need for some degree of accuracy at least to comply with the law.  The dialog box shown at 264 is used to establish the filter condition.  In this particular case, the filter condition is established by setting a value (field 266) to be "greater than" (field 268) $5000 (field 264) and the type of asset (field 270) must equal (field 272) computer equipment (field 274). [0187] FIG. 27 is a screen shot of a screen used in the manual matching process showing providing a user interface (e.g. Fig. 26), wherein the receiving a set of conditions (e.g. filter condition set) or the receiving identifications of one or more tags (e.g. Fig. 26: Value, type of asset) is via the user interface]).

25.	Claims 28-29, 31 and 33 are rejected under 35 U.S.C. 103(a) as being obvious by Thukral in view of Narayanan, and further in view of Suit.
26.	With respect to claim 28,
Thukral discloses a computer-implemented method, comprising:
receiving a set of conditions to establish a tagging profile, the set of conditions specifying a set of one or more conditions that must be satisfied by a node before the node is assigned a tag associated with the tagging profile;
receiving identifications of one or more tags associated with the tagging profile;
applying the tagging profile to nodes in an information technology network, the applying the tagging profile comprising assigning the tag associated with the tagging profile to one or more nodes of the nodes in the information technology network that satisfy the set of conditions specified in the tagging profile, thereby generating a tagged set of nodes; and
generating a data set in a hierarchically arranged database or file system that comprises the tagged set of nodes (Thukral [0014], [0018], [0022], [0031], [0142], [0178] – [0189] and Figs. 20-28 e.g. [0186] FIG. 26 is a screen shot of a screen wherein filter conditions are set to limit the number of unmatched fixed assets will be examined manually to attempt to find a match in inventory.  Sometimes it is not practical to find a match for every unmatched fixed asset, so it is desirable to establish filter conditions to select only the high value assets to do further investigation to find matches for.  Financial reporting is not required to be exact, but there is a need for some degree of accuracy at least to comply with the law.  The dialog box shown at 264 is used to establish the filter condition.  In this particular case, the filter condition is established by setting a value (field 266) to be "greater than" (field 268) $5000 (field 264) and the type of asset (field 270) must equal (field 272) computer equipment (field 274). [0187] FIG. 27 is a screen 
receiving a set of conditions to establish a tagging profile (e.g. Matching Rules icon 264 in Fig. 26), the set of conditions specifying a set of one or more conditions (e.g. filter condition set) that must be satisfied by a node before the node is assigned a tag (e.g. Fig. 26: Value, type of asset) associated with the tagging profile;
receiving identifications of one or more tags associated with the tagging profile;
applying (e.g. Apply “All” of the following conditions: in Fig. 26) the tagging profile to multiple existing nodes in an information technology network, the applying the tagging profile comprising assigning (e.g. correspond) each of the one or more tags the tag associated with the tagging profile to one or more nodes of the multiple existing nodes in the information technology network that satisfy 
generating a data set in a hierarchically arranged database or file system that comprises the tagged set of nodes (Fig. 27)]), and
wherein the method is performed by a monitoring computer in the information technology network, and
	wherein the method further comprises applying a rule to the tagged set of nodes in the data set, the rule identifying a criterion by which a configuration change to the node is to be transmitted to the monitoring computer (Thukral [0124], [0226] – [0231] and Figs. 21-28 e.g. [0124] monitor system [0226] Identifying a device that has changed over time.  In a further example, consider network scan data on a particular date (e.g., January 1 of the year) with the following response: [0227] from IP address 10.1.1.1: [0228] network card MAC address="00:E0:81:24:B7:1C" [0229] disk driver serial number="SK434xzh" [0230] OS serial number="83084dd3"  [0231] If there are other device elements stored, the unique ID generation system then examines them using a matching rule such as the example described and if there is no match (for example because this is the first device), the unique ID generation system creates a new device element and sets the device element's attribute values (i.e., the MAC address and serial numbers) to those from 10.1.1.1. [as
(e.g. monitor system) in the information technology network, and
wherein the method further comprises applying a rule to the tagged set of nodes in the data set, the rule identifying a criterion by which a configuration change (e.g. changed over time) to the node (e.g. a device) is to be transmitted to the monitoring computer]).
	Although Thukral substantially teaches the claimed invention, Thukral does not explicitly indicate
the set of conditions including a geographic location for the node.
Narayanan teaches the limitations by stating
the set of conditions including a geographic location for the node (Narayanan [0083] – [0085] and Fig. 5 e.g. [0084] Display 500 includes a logical group portion 502 and a network entity portion 504.  Logical group portion 502 is analogous to logical group portion 402 of FIG. 4, although the "Country-USA" attribute value is selected in logical group portion 502 rather than the "Location-Washington" attribute value in logical group portion 402.  Thus, it should be noted that the defined logical groups in FIGS. 4 and 5 are the same, even though the network entities are different (e.g., server devices in FIG. 5 rather than address ranges in FIG. 4). [0085] In response to user selection of the attribute value of "USA" for the attribute "Country", network entities that are server devices having an 
displaying, in a multi-panel display (e.g. Fig. 5), a list of the one or more tags (e.g. “Country-Canada”, “Country-USA”); and
after user selection (e.g. user selection) of a respective one (e.g. “Country-USA”) of the tags, displaying, in the multi-panel display (e.g. Fig. 5), a list of the nodes (e.g. service devices in Fig. 5) associated with the respective one of the tags]), and
applying the tagging profile to nodes in an information technology network, the applying the tagging profile comprising assigning the tag associated with the tagging profile to one or more nodes of the nodes in the information technology network that satisfy the set of conditions specified in the tagging profile, thereby generating a tagged set of nodes ( Narayanan [0048] e.g. [0048] In one or more embodiments, for the attribute values included in a logical group definition, the same attribute values and associated attributes are defined for the network entities.  For example, an attribute of "State", an attribute of "Country", and an attribute of "Geo-Region" may be defined for the network entities, and also included in the logical group definition.  Each network entity can be tagged with or assigned an attribute value for the "State" attribute, the "Country" attribute, and the "Geo-Region" attribute).

Although Thukral and Narayanan combination substantially teaches the claimed invention, they do not explicitly indicate
the rule being applied by software agents at the nodes and identifying a criterion by which a configuration change to the node and detected by the software agent is to be transmitted to the monitoring computer.
Suit teaches the limitations by stating wherein the method further comprises applying a rule to the tagged set of nodes in the data set, the rule being applied by software agents at the nodes and identifying a criterion by which a configuration change to the node and detected by the software agent is to be transmitted to the monitoring computer (Suit [0021], [0027], [0041], [0055] and Claim 17 e.g. [0021] A method and system for detecting configurations changes at nodes of a network are discussed herein.  In one embodiment, one or more agents are deployed to one or more of a plurality of nodes of the network.  The agents provide configuration messages that specify a configuration of their respective node.  The configuration messages are processed to determine whether changes to the configuration have occurred at the node.  Records representing the configuration changes are generated and stored in a central node. [0041] Configuration information reported by the agents that provide the data for the Ontological description of the network may also be used for detecting any changes to the configurations of the nodes.  Any detected changes may be visualized, to show root cause of any system performance drifts arising from these configuration changes.  [0055] The configuration bean is sent to the state and profiling engine 626 (Drools rules engine) which processes the new configuration bean to compare it against prior configuration beans for determination of a change in an assigned base line or configuration.  If changes are detected, a tracking entity bean configuration change that was made, including parameters such as: a node ID, a reference to what baseline it is assigned and the specific changes to the baseline and/or to an earlier reported configuration of the node.  The changes may relate to System Properties, Security (users and Groups), Applications, Resource Allocations (Media, CPU, Memory, System).  [claim 17] The method according to claim 10 further comprising: receiving a selection of the at least one system performance parameter to the administration console;  determining one or more nodes associated with the selected at least one performance parameter;  determining any configuration changes for the one or more nodes;  and displaying indications of the configuration changes on the visualization [as wherein the method further comprises applying a rule (e.g. the specific changes to the baseline) to the tagged set of nodes (e.g. selected nodes) in the data set, the rule being applied by software agents (e.g. agents) at the nodes and identifying a criterion (e.g. the specific changes to the baseline) by which a configuration change (e.g. detecting configurations changes) to the node and detected by the software agent is to be (e.g. reported) to the monitoring computer (e.g. central node)]).
It would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teaching of the cited references because Suit’s teaching would have allowed Thukral and Narayanan combination to overcome the complexity for network administrators to manage the IP address space in a geographically distributed environment (Narayanan [0001]).
27.	With respect to claim 29,
	Thukral further discloses accessing the data set comprising the tagged set of nodes with an information technology compliance and configuration control tool (Thukral [0014], [0018] [0031], [0178] – [0185] and Figs. 21-28).
28.	With respect to claim 31,
	Claim 31 same as claim 28 and is rejected for the same reasons as applied hereinabove.
29.	With respect to claim 33,
	Thukral further discloses providing a user interface, wherein the receiving a set of conditions or the receiving identifications of one or more tags is via the user interface (Thukral [0022], [0142], [0181] – [0189] and Figs. 20-27 e.g. [0186] FIG. 26 is a screen shot of a screen wherein filter conditions are set to limit the number of unmatched fixed assets will be examined manually to attempt to find a match in inventory.  Sometimes it is not practical to find a match for every unmatched fixed asset, so it is desirable to establish providing a user interface (e.g. Fig. 26), wherein the receiving a set of conditions (e.g. filter condition set) or the receiving identifications of one or more tags (e.g. Fig. 26: Value, type of asset) is via the user interface]).

Response to Arguments
30.	Applicant’s remarks and arguments presented on 7/6/21 have been fully considered but they are moot in view of the new grounds of rejection presented in this office action.

Conclusion
31.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SyLing Yen whose telephone number is 571-270-1306.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mark Featherstone can be reached at 571-270-3750.  The fax and phone 
Any inquiry of a general nature or relating to the status of this application or proceeding should be directed to the receptionist whose telephone number is 571-272-2100. 

SyLing Yen
Examiner
Art Unit 2166



/SYLING YEN/Primary Examiner, Art Unit 2166                                                                                                                                                                                                        
July 15, 2021