Notice of Pre-AIA  or AIA  Status
Claims 1-20 are pending examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .




Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-9, 12-17, 19, and 20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Grimm (U.S. Patent Publication 2019/0312843).

Regarding claims 1, 14, and 20:
Grimm discloses a server, and corresponding method and computer-program product, for use in a cryptographically-segmented network, the server comprising: computing hardware including at least one processor and memory circuitry (Figure 2), the memory circuitry comprising instructions that, when executed by the server, cause the server to: establish at least one cryptographically-segmented communication channel for use by authorized endpoints in an operationally-deployed configuration (see 

Regarding claim 2:	Grimm further discloses wherein the at least one cryptographically-segmented communication channel of the operationally-deployed configuration and the first 

Regarding claim 3:	Grimm further discloses wherein the endpoint-isolation command is based on an application programming interface (API) call (i.e. the set of functions implemented by the threat management system: see e.g. paragraph 0027). 

Regarding claim 4:	Grimm further discloses wherein the instructions, when executed by the server, cause the server to perform endpoint access-control operations including endpoint authentication operations (e.g. paragraph 0088). 

Regarding claims 5 and 15:	Grimm further discloses wherein the endpoint authentication operations include endpoint authentication based on machine ID, and endpoint authentication based on user ID (e.g. paragraph 0084: “For example, the web page may request credentials that identify the device 510, or a user of the device 510, as an authorized or recognized network participant”). 

Regarding claim 6:	Grimm further discloses wherein the endpoint authentication operations are performed via a cryptographically-segmented licensing communication channel that is 

Regarding claims 7 and 16:	Grimm further discloses wherein the instructions, when executed, cause the computing hardware to further: receive monitored operational information about the first endpoint from the at least one monitoring endpoint via a cryptographically-segmented communication channel that is cryptographically isolated from the at least one cryptographically-segmented communication channel and from the first cryptographically-segmented isolation communication channel (e.g. paragraphs 0170 & 0173; VPNs at paragraph 0080). 

Regarding claims 8 and 17:	Grimm further discloses wherein the instructions, when executed, cause the computing hardware to further: remotely command the at least one monitoring endpoint, via a cryptographically-segmented communication channel that is cryptographically isolated from the at least one cryptographically-segmented communication channel and from the first cryptographically-segmented isolation communication channel, to probe or reconfigure the first endpoint (e.g. paragraph 0174; using VPNs at paragraph 0080). 

Regarding claim 9:	Grimm further discloses wherein the instructions, when executed, cause the 

Regarding claim 10:	Grimm further discloses 9, wherein the plurality of cryptographically-segmented isolation communication channels include a honeypot communication channel that is cryptographically isolated from the at least one cryptographically-segmented communication channel, and from the first cryptographically-segmented isolation communication channel, wherein the honeypot communication channel is communicatively coupled to at least one honeypot endpoint and to the first endpoint. 

Regarding claims 11 and 18:	Grimm further discloses 10, wherein the plurality of cryptographically-segmented isolation communication channels include a honeypot-control communication channel that is cryptographically isolated from the at least one cryptographically-segmented communication channel, from the first cryptographically-segmented isolation communication channel, and from the from the honeypot communication channel, 

Regarding claims 12 and 19:	Grimm further discloses wherein the instructions, when executed, cause the computing hardware to further: issue a un-isolation command to de-authorize the first endpoint from the first cryptographically-segmented isolation communication channel (paragraph 0171); and in response to the de-authorization of the first endpoint from the first cryptographically-segmented isolation communication channel, issue a configuration instruction to the first endpoint to rejoin the at least one cryptographically-segmented communication channel in the operationally-deployed configuration (Ibid). 

Regarding claim 13:	Grimm further discloses wherein the instructions, when executed, cause the computing hardware to further: store a data structure representing endpoints to be isolated (paragraph 0038); and in response to the received endpoint-isolation command to isolate the first endpoint, update the data structure to include the first endpoint as one of the endpoints to be isolated (Ibid; see also paragraph 0089 regarding the list of refused devices). 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 10, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Grimm as applied to claims 9 & 14 above, and further in view of Vissamsetty (U.S. Patent Publication 2018/.

Regarding claim 10:	Grimm is silent regarding the use of honeypots in his invention.  However, Vissamsetty discloses a related invention for isolating endpoints on an enterprise computer network comprising the limitations of  wherein the plurality of cryptographically-segmented isolation communication channels include a honeypot communication channel that is cryptographically isolated from the at least one cryptographically-segmented communication channel, and from the first cryptographically-segmented isolation communication channel, wherein the honeypot communication channel is communicatively coupled to at least one honeypot endpoint and to the first endpoint (see paragraphs 0017-0022 & 0038).  It would have been obvious prior to the effective filing date of the instant application to employ honeypots in the invention disclosed by Grimm, as honeypots allow one to gather information about attacks on the network while keeping the affected attacking node isolated from the rest of the network (Vissamsetty, Ibid). 



Regarding claim 18:
	The rationale of rejection of claims 9, 10, & 11 applies mutatis mutandis to claim 18.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: U.S. Patent Publication 2019/0098007 (Coleman); U.S. Patent 11,165,797 (Ackerman); and U.S. Patent 10,171,344 (Venkataramanan).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        12/18/2021