Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
           This action is in response to the communication filed on 5/12/2020. 
Claims 1-20 are allowed. 
                       
    Allowable Subject Matter
Claims 1-20 are allowed. 

Terminal Disclaimer
The terminal disclaimer filed on 11/9/2021 has been reviewed and is accepted.  
The terminal disclaimer has been recorded.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/20/2020, 3/11/2021 and 10/27/2021.  Accordingly, the information disclosure statement is being considered by the examiner.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided 
Authorization for this examiner’s amendment was given in a telephone interview with the applicant’s representative, Mr. Rob Mazzarese on 10/14/2021. 

CLAIM LISTING

This listing of claims will replace all prior versions, and listings, of claims in the application:

1.	(Currently amended)	A method comprising:
receiving, at a gateway interposed between a second network and an endpoint in an enterprise network, a heartbeat from the endpoint, the heartbeat addressed to the gateway, the heartbeat including a signal communicated from the endpoint to the gateway, a local MAC and IP address for the endpoint, a machine ID for the endpoint, and a security health status of the endpoint, the security health status based on monitoring, by a health monitor on the endpoint, at least a malware definition file of security software executing on the endpoint, and the security health status indicating an uncompromised security health status when the endpoint is uncompromised;
detecting a change in the security health status included in the heartbeat at the gateway;
following detecting the change of the security health status included in the heartbeat at the gateway, receiving, by the gateway, network traffic other than the 
responding to the change of the security health status included in the heartbeat in combination with the network traffic received following the change, the response including blocking, by the gateway, the network traffic other than the heartbeat from the endpoint.

2.  	(Original)	The method of claim 1, wherein the gateway is logically interposed between the second network and the endpoint in the enterprise network. 

3.  	(Original)	The method of claim 1, wherein the heartbeat is cryptographically signed.

4.  	(Original)	The method of claim 1, wherein the heartbeat includes at least one item unique to the endpoint.

5.  	(Original)	The method of claim 1, wherein the security health status is further based on integrity of cryptographic key stores on the endpoint.

6.  	(Original)	The method of claim 1, wherein the security health status is further based on virus definition files of security software executing on the endpoint.  



8.  	(Original)	The method of claim 1, wherein issuance of the heartbeat from the endpoint to the gateway is conditioned on an uncompromised security health status of the endpoint. 

9.  	(Original)	The method of claim 1, wherein responding to the change in the security health status included in the heartbeat in combination with the network traffic received following the change further includes quarantining the endpoint.

10.  	(Original)	The method of claim 1, wherein the network traffic includes suspicious network traffic.

11. 	 (Currently amended)	A computer program product comprising a non-transitory computer readable medium having stored thereon computer executable code that, when executing on one or more computing devices, cause the one or more computing devices to perform the steps of:
receiving, at a gateway interposed between a second network and an endpoint in an enterprise network, a heartbeat addressed to the gateway, the heartbeat including a signal communicated from the endpoint to the gateway, a local MAC and IP address for the endpoint, a machine ID for the endpoint, and a security health status of the endpoint, the security health status based on monitoring, by a health monitor on the endpoint, at least a malware definition file of security software executing on the endpoint and the security health status indicating an uncompromised security health status when the endpoint is uncompromised;
detecting, at the gateway, a change in the security health status included in the heartbeat;
following detecting the change of the security health status included in the heartbeat at the gateway, receiving, by the gateway, network traffic other than the heartbeat from the endpoint, the network traffic addressed for forwarding by the gateway via the second network to a second destination address outside the gateway from the enterprise network; and
responding to the change of the security health status included in the heartbeat in combination with the network traffic received following the change, the response including blocking, by the gateway, the network traffic other than the heartbeat from the endpoint.

12.  	(Original)	The computer program product of claim 11, wherein the security health status is further based on integrity of cryptographic key stores on the endpoint.

13.  	(Original)	The computer program product of claim 11, wherein the security health status is further based on virus definition files of security software executing on the endpoint.  

14.  	(Original)	The computer program product of claim 11, wherein the heartbeat is a periodic signal.   

15.  	(Original)	The computer program product of claim 11, wherein issuance of the heartbeat from the endpoint to the gateway is conditioned on the uncompromised security health status of the endpoint. 

16.  	(Original)	The computer program product of claim 11, wherein responding to the change in the security health status included in the heartbeat in combination with the network traffic received following the change further includes quarantining the endpoint.

17.  	(Currently amended)	A system comprising:
an endpoint in a first network, the endpoint including a first memory, the endpoint configured to monitor software items executing on the endpoint and to create a heartbeat including a local MAC and IP address for the endpoint, a machine ID for the endpoint, and a security health status of the endpoint, the security health status based on at least a malware definition file of security software executing on the endpoint and the security health status indicating an uncompromised security health status when the endpoint is uncompromised; and
a gateway interposed between the endpoint in the first network and a second network, the gateway in communication with the endpoint over the first network, the endpoint in communication with the second network via the gateway, the gateway including a second memory configured to receive the heartbeat from the endpoint and to receive and forward network traffic, other than the heartbeat, from the endpoint to a 

18.  	(Original)	The system of claim 17, wherein the security health status is cryptographically secured in the heartbeat.   

19.  	(Original)	The system of claim 17, wherein issuance of the heartbeat from the endpoint to the gateway is conditioned on the uncompromised security health status of the endpoint. 

20.  	(Original)	The system of claim 17, wherein the remedial action further includes quarantining the endpoint.

Prior Art of Record
         The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.




Lopez et al US Patent 9,27,0639 teaches balancing load among firewall security devices in network with control messages and heartbeat signals configured to firewall policies, load balancing table, distribution of data traffic and address in data packet. 

Aldera et al US Patent 8,413,209 teaches enforcing security policies on devices with security policy based on server authentication function to assess authenticity of security policy with subscriber identity module. 

McCorkendale et al US Patent 8,353,058 teaches detect rootkits with periodic security communications from processor-mode of device with analysis of exchange of periodic security communication(s). 

Agbabian et al US Patent 7,472,422 teaches automatic feedback and control in iterative convergence of network’s security structure to meet security policy by dynamic adjustments using bi-directional services controlled by policy decision components without user intervention. 

Mester et al US Patent 7,478,424 teaches data monitoring in network to determine threat to network by transmitting data to second port of network from first portion of network. 




REASONS FOR ALLOWANCE
          The following is an examiner’s statement of reasons for allowance:
Examiner finds claims dated 10/14/2021 are persuasive for reason of allowance.  
The prior art of record does not explicitly disclose, in light of other features recited in independent claims 1, 11 and 17 are as follows :
For Claims 1, 11 and 17 ‘ .. receiving, at a gateway interposed between a second network and an endpoint in an enterprise network, a heartbeat from the endpoint, the heartbeat addressed to the gateway, the heartbeat including a signal communicated from the endpoint to the gateway, a local MAC and IP address for the endpoint, a machine ID for the endpoint, and a security health status of the endpoint, the security health status based on monitoring, by a health monitor on the endpoint, at least a malware definition file of security software executing on the endpoint, and the security health status indicating an uncompromised security health status when the endpoint is uncompromised;
detecting a change in the security health status included in the heartbeat at the gateway;
following detecting the change of the security health status included in the heartbeat at the gateway, receiving, by the gateway, network traffic other than the heartbeat from the endpoint, the network traffic addressed for forwarding by the gateway via the second network to a second destination address outside the gateway from the enterprise network; and
responding to the change of the security health status included in the heartbeat in combination with the network traffic received following the change, the response including blocking, by the gateway, the network traffic other than the heartbeat from the endpoint.’ with additional detailed steps in claim(s) as described in independent claim(s) on  10/14/2021. 

However, each of the cited references or reference from the updated search, at least, fails to teach or suggest in combination with the rest of the limitations recited in the independent claim(s).
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim(s) under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Dependent claims depend on allowed independent claims, therefore they are allowed. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431