DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This office action is in response to the amendment filed on 12/03/2021.
Claims 1-20 are pending for examination. Applicant amends claims 1, 11, and 16. The amendments have been fully considered and entered.

Response to Arguments
For convenience, the newly introduced limitations, as made by amendments, are marked as underlined.
Applicant’s arguments, see Remarks, filed 12/03/2021, with respect to the rejection of claims 1, 11, and 16 under 35 U.S.C. § 103 have been fully considered but are not persuasive.
The following are applicant arguments recited in the Remarks followed by Examiner's response:
a.	Applicant argues that, with regard to claim 11, Taraz does not teach or suggest “access compliance data associated with the classification of the plurality of devices, wherein the compliance data comprises a plurality of compliance rules associated with the classification of the plurality of devices and a respective weight associated with each of the plurality of compliance rules” and “perform a respective 
Examiner respectfully disagrees and maintains that Taraz reasonably teaches classifying/categorizing a device(s) and then applying specific compliance rules for the device classification. As disclosed in the prior art rejection, paragraph [0035] of Taraz reasonably teaches classifying a device by user privileges. Paragraph [0035] describes that when a computer being used to log on to a network for a user with administrator privileges, the network management requires that the computer have high compliance in all compliance areas. Therefore, a classification of the device occurs (i.e., a device classified as having administrator privileges) as well as accessing and applying a compliance policy according to the classification of the device, wherein the compliance policy requires high compliance in all compliance areas (i.e., rules). Therefore, Taraz reasonably teaches classifying/categorizing a device(s) and subsequently applying specific compliance rules for the device classification.
b.	Applicant argues that “[w]hile Vasseur uses device traffic characteristics to classify a device, Vasseur does not access compliance data and perform a compliance scan using compliance rules associated with the device classification” (Remarks, pg. 8).

c.	Applicant argues that “Williams fails to cure the deficiencies of Taraz and Vasseur with respect to claim 11 (Remarks, pg. 8).
Examiner respectfully disagrees and similarly maintains that Taraz reasonably teaches classifying/categorizing a device(s) and then applying specific compliance rules associated with the classification of the device as discussed in points a. and b. above and further explained under the 103 rejection below.
d.	Applicant argues that, with regard to claims 1 and 16, Taraz and Vasseur fail to teach or suggest “identifying a compliance policy comprising one or more compliance rules that are associated with the classification of the device,” “accessing a compliance rule of the one or more compliance rules based on the classification of the device,” and “performing, by a processing device of the compliance monitoring device, a compliance scan on the device based on the compliance rule associated with the classification of the device” for at least the same reasons discussed with respect to claim 11. Applicant furthermore argues that Dufour does not mention using a classification of a device to perform a compliance scan with rules that are associated with the classification of the device. (Remarks, pg. 9).
Examiner respectfully disagrees and similarly maintains that Taraz reasonably teaches classifying/categorizing a device(s) and then applying a compliance scan with 
e.	Applicant argues that “Williams fails to cure the deficiencies of Taraz, Vasseur, and Dufour with respect to claim 1 (Remarks, pg. 10).
Examiner respectfully disagrees and similarly submits that Taraz reasonably teaches classifying/categorizing a device(s) and then applying specific compliance rules associated with the classification of the device in a compliance scan as discussed in points a. and b. above and further explained under the 103 rejection below.
f.	Applicant argues that “Hollis fails to cure the deficiencies of Taraz, Vasseur, and Dufour with respect to claim 1 (Remarks, pg. 10).
Examiner respectfully disagrees and similarly submits that Taraz reasonably teaches classifying/categorizing a device(s) and then applying specific compliance rules associated with the classification of the device in a compliance scan as discussed in points a. and b. above and further explained under the 103 rejection below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 11 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Taraz (US 20070124803 A1) cited in the IDS filed on 04/09/2020 in view of Vasseur et al. (US 20170279829 A1; hereinafter “Vasseur”).
As per claim 11, Taraz discloses: a compliance monitoring system comprising: 
a memory (Taraz, Fig. 4); and 
a processing device of the compliance monitoring system, operatively coupled to the memory (Taraz, Fig. 4), to: 
determine a classification of a plurality of devices based on traffic information associated with the device (Taraz, [0033], “devices attaching to the network may be required to be more compliant in one category than in other categories. The levels for each category may be set at different values…depending on the user authorization level…Additionally, the levels may be varied depending on the user group”, [0035], “when a computer is being used to log on to a network for an user with administrator privileges, the network management may require that the computer have high compliance” – devices are at least classified based on a category (i.e., traffic information) having an associated authorization/privilege level, [0036], classifying devices based on “presence of a particular cookie or a process with a particular signature to be extant and operating on the computer” where cookie further reads on traffic information); 
access compliance data associated with the classification of the plurality of devices, wherein the compliance data comprises a plurality of compliance rules associated with the classification of the plurality of devices and a respective weight associated with each of the plurality of compliance rules (Taraz, [0024], compliance 
24perform a respective compliance scan of each of the plurality of devices based on the plurality of compliance rules associated with the classification of the plurality of devices (Taraz, [0024], based on the policies specified by the network admin, a compliance scan occurs - obtaining information associated with the configuration of the computer attempting to access the network, [0035], compliance scan is performed based on the compliance rules of the computer’s user privileges (i.e., classification of the device), [0033], for a plurality of devices);  
determine a respective compliance level for each of the plurality of devices, wherein the respective compliance level is determined based on the plurality of compliance rules and the respective weight associated with each compliance rule (Taraz, [0024], as a result of the scan, creating a compliant score for the computer which indicates a compliance level in one or more than one category, [0026], compliance score is a composite score of the different categories with respective weights); and 

While Taraz teaches classifying the device based on traffic information associated with the device (Taraz, [0033] and [0035]-[0036]), Taraz does not disclose, however, Vasseur teaches or suggests: wherein the traffic information comprises at least one of a port or a protocol being used by the device (Vasseur, [0127], classifying a new device based on attributes of the device, including common ports used).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Taraz to include classifying a device based on a port used by the device as taught by Vasseur for the benefit of significantly improving classification and profiling of devices in a network (Vasseur, [0134]).

As per claim 15, claim 11 is incorporated and modified Taraz discloses: wherein the processing device is further to compare the compliance level of a device with a second threshold and the action is further based on the comparison of the compliance level of the device with the second threshold (Taraz, [0028], comparing the score to a minimum standard level and granting different levels of access depending on the score, [0033], “thresholds”). 

Claims 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over Taraz in view of Vasseur and further in view of Williams et al. (US 20050257267 A1; hereinafter “Williams”).
As per claim 12, claim 11 is incorporated and the modified Taraz does not disclose, however Williams teaches of suggests: wherein the respective compliance scan of each of the plurality of devices is performed periodically (Williams, [0209], an audit (i.e., compliance scan) is to be executed periodically).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include performing periodic compliance scans as taught by Williams for the benefit of improving the security of the global network on a periodic basis to help prevent attacks before they occur (Williams, [0009]).

As per claim 13, claim 11 is incorporated and the modified Taraz does not disclose, however, Williams teaches or suggests: wherein to determine the classification, the processing device is to determine the classification of each of the plurality of devices based on a respective media access control (MAC) address of each of the plurality of devices (Williams, [0130], classifying devices based on MAC address; devices not on the list are classified as not having access to the network).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include classifying devices based on a MAC address as taught by Williams for 

As per claim 14, claim 11 is incorporated and the modified Taraz does not disclose, however, Williams teaches or suggest: wherein to determine the classification, the processing device is to determine the classification of each of the plurality of devices based on a respective traffic information associated with each of the plurality of devices (Williams, [0117], classifying device as an affected host based on IP address).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include classifying devices based on a traffic information associated with the device as taught by Williams for the benefit of improving the security of the global network on a periodic basis to help prevent attacks before they occur (Williams, [0009]).

Claims 1, 6, 8-9, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Taraz in view of Vasseur and further in view of Dufour et al. (US 20180026995 A1; hereinafter “Dufour”) having an effective filing date of 07/20/2016.
As per claim 1, Taraz discloses: a method comprising: 
determining a classification of a device based on traffic information associated with the device (Taraz, [0033], “devices attaching to the network may be required to be more compliant in one category than in other categories. The levels for each category may be set at different values…depending on the user authorization level…Additionally, 
identifying a compliance policy comprising one or more compliance rules that are associated with the classification of the device (Taraz, [0035], “a computer is being used to log on to a network for an user with administrator privileges, the network management may require that the computer have high compliance in all compliance areas.” In other words, a device is classified as having administrator privileges and a compliance policy is accessed by network management that requires that the device have high compliance in all compliance categories/rules (see [0034] for each compliance category));
accessing a compliance rule of the one or more compliance rules based on the classification of the device (Taraz, [0024], compliance server takes the polices specified by the network administrator, [0034], network administrator policy can require a certain category (up-to-date antivirus and anti-spyware) to have high compliance, [0035], based on classification of the device (e.g., administrator privileges), the rules require all categories have high compliance); 
performing, by a processing device of the compliance monitoring device, a compliance scan on the device based on the compliance rule associated with the classification of the device (Taraz, [0024], based on the policies specified by the network admin, a compliance scan occurs - obtaining information associated with the configuration of the computer attempting to access the network, [0037], “As shown in FIG. 3, when a computer initiates a connection to the network (100) the user will be authenticated to the network and an authorization indication will be obtained with respect to the user (102). Additionally, the computer will be evaluated, as discussed above, to obtain a compliance score for the computer (104).” In other words, a device is 1) detected on the network, 2) classified based on authorization/privileges, and 3) evaluated/scanned to obtain a compliance score according to the classification of the device); 
determining a compliance level of the device based on a result of the compliance scan of the device (Taraz, [0024], as a result of the scan, creating a compliant score for the computer which indicates a compliance level in one or more than category, [0026], compliance score is a composite score of the different categories and weights); and 
performing an action based on the compliance level (Taraz, [0028], an action is performed based on the compliance score, wherein the actions can be no network access, alternate network access, limited network access, network access with traffic monitoring, etc.).
While Taraz teaches classifying the device based on traffic information associated with the device (Taraz, [0033] and [0035]-[0036]), Taraz does not disclose, however, Vasseur teaches or suggests: wherein the traffic information comprises at least one of a port or a protocol being used by the device (Vasseur, [0127], classifying a new device based on attributes of the device, including common ports used).

While the modified Taraz suggests detecting a device coupled to a network (Taraz, [0037]), Taraz does not explicitly disclose, however, Dufour teaches or suggests: detecting, by a compliance monitoring device, a device coupled to a network (Dufour, [0025] and [0031], a server device having a network connection detection component is capable of detecting a device connected on a network).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include detecting, by the compliance server, a device coupled to a network as taught by Dufour. The combination would have been obvious because a person of ordinary skill in the art would know to apply a known technique (i.e., detecting a device coupled to a network) to a known device (i.e., compliance server) ready for improvement to yield the predictable result of enhancing network access security by detecting devices coupled to the network and checking their compliance before allowing the detected devices to fully gain access to the network.

As per claim 6, claim 1 is incorporated and the modified Taraz discloses: wherein the action comprises changing network access of the device (Taraz, [0028], a 
  
As per claim 8, claim 1 is incorporated and the modified Taraz discloses: wherein the compliance rule is associated with a weight and the compliance level is based on the weight (Taraz, [0026], the compliance score is a composite score comprised of different categories with associated weights that contribute to the score, wherein the categories are seen in [0034], [0034], network administrator policy (i.e., rule) can require a certain category (up-to-date antivirus and anti-spyware) to have high compliance, [0033], network administrator sets levels for each category based on user authorization level (i.e., the classification of the device)).   

As per claim 9, claim 1 is incorporated and the modified Taraz discloses: wherein the action comprises automatically initiating an update service associated with the device (Taraz, [0028], a network action decision is made based on compliance score – network decision may be granting alternate network access, [0030], wherein alternate network access may comprise updated antivirus files). 

As per claim 16, Taraz discloses: a non-transitory computer readable medium having instructions encoded thereon that, when executed by a processing device of a compliance monitoring device (Taraz, [0044]-[0045]), cause the processing device to: 
determine a classification of the device based on traffic information associated with the device (Taraz, [0033] and [0035], devices are at least classified based on a 
identifying a compliance policy comprising a plurality of compliance rules that are associated with the classification of the device (Taraz, [0035], “a computer is being used to log on to a network for an user with administrator privileges, the network management may require that the computer have high compliance in all compliance areas.” In other words, a device is classified as having administrator privileges and a compliance policy is accessed by network management that requires that the device have high compliance in all compliance categories/rules (see [0034] for each compliance category));
access the plurality of compliance rules associated with the classification of the device, wherein the plurality of compliance rules are associated with a standard (Taraz, [0024], compliance server takes the polices specified by the network administrator, [0034], network administrator policy can require a certain category (up-to-date antivirus and anti-spyware) to have high compliance, [0035], based on classification of the device (e.g., administrator privileges), the rules require all categories have high compliance, [0031], “in a corporation, there may be an area on the network that only Human Resources personnel may access, and a different private area that only corporate legal personnel may access” – at least a corporate security standard is disclosed); 
determine a compliance level of the device based on the plurality of compliance rules associated with the classification of the device (Taraz, [0024], as a result of a scan, creating a compliant score for the computer which indicates a compliance level in 
compare, by the processing device of the compliance monitoring device, the compliance level to a threshold (Taraz, [0028] and [0039], comparing the score to a threshold); 
initiate a first action based on the compliance level being above the threshold (Taraz, [0028] and [0039], network access is granted if the score meets or exceeds the a threshold); and 
initiate a second action based on the compliance level being below the threshold (Taraz, [0028] and [0039], limited network access is granted if the score is below the minimum standard level).  
While Taraz teaches classifying the device based on traffic information associated with the device (Taraz, [0033] and [0035]-[0036]), Taraz does not disclose, however, Vasseur teaches or suggests: wherein the traffic information comprises at least one of a port or a protocol being used by the device (Vasseur, [0127], classifying a new device based on attributes of the device, including common ports used).

While the modified Taraz suggests detecting a device coupled to a network (Taraz, [0037]), Taraz does not explicitly disclose, however, Dufour teaches or suggests: detecting, by the processing device of the compliance monitoring device, a device coupled to a network (Dufour, [0025] and [0031], a server device having a network connection detection component is capable of detecting a device connected on a network).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include detecting, by the compliance server, a device coupled to a network as taught by Dufour. The combination would have been obvious because a person of ordinary skill in the art would know to apply a known technique (i.e., detecting a device coupled to a network) to a known device (i.e., compliance server) ready for improvement to yield the predictable result of enhancing network access security by detecting devices coupled to the network and checking their compliance before allowing the detected devices to fully gain access to the network.

As per claim 17, claim 16 is incorporated and the modified Taraz discloses: wherein the first action comprises granting substantially full network access to the 
 
As per claim 18, claim 17 is incorporated and the modified Taraz discloses: wherein the processing device is further to perform an additional action based on the compliance level being above the threshold (Taraz, [0039], an action is performed based on the compliance score, wherein the action can be network access with traffic monitoring).  

As per claim 19, claim 18 is incorporated and the modified Taraz discloses: wherein the additional action comprises at least one of a remediation action, logging information, or an information action (Taraz, [0039], an action is performed based on the compliance score, wherein the action can be network access with traffic monitoring (i.e., logging information)).    

As per claim 20, claim 16 is incorporated and the modified Taraz discloses: wherein the second action comprises granting limited network access to the device (Taraz, [0028] and [0039], limited network access is granted if the score is below a threshold).  

Claims 2-5, and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Taraz in view of Vasseur and further in view of Dufour and Williams.
As per claim 2, claim 1 is incorporated, respectively, and the modified Taraz does not disclose, however, Williams teaches: wherein the compliance scan of the device is performed periodically (Williams, [0209], an audit (i.e., compliance scan) is to be executed periodically).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include performing periodic compliance scans as taught by Williams for the benefit of improving the security of the global network on a periodic basis to help prevent attacks before they occur (Williams, [0009]).

As per claim 3, claim 1 is incorporated, respectively, and the modified Taraz does not disclose, however, Williams teaches: wherein determining the classification of the device is based on a media access control (MAC) address of the device (Williams, [0130], classifying devices based on MAC address; devices not on the list are classified as not have access to the network).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include classifying devices based on a MAC address as taught by Williams for the benefit of improving the security of the global network on a periodic basis to help prevent attacks before they occur (Williams, [0009]).

As per claim 4, claim 1 is incorporated, respectively, and the modified Taraz does not disclose, however, Williams teaches: wherein determining the classification of 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include classifying devices based on a traffic information associated with the device as taught by Williams for the benefit of improving the security of the global network on a periodic basis to help prevent attacks before they occur (Williams, [0009]).
 
As per claim 5, claim 1 is incorporated and the modified Taraz does not disclose, however, Williams teaches: performing another compliance scan of the device based on a security policy (Williams, [0209], an audit (i.e., compliance scan) is to be executed periodically according to a policy).  
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include performing periodic compliance scans as taught by Williams for the benefit of improving the security of the global network on a periodic basis to help prevent attacks before they occur (Williams, [0009]).
  
As per claim 7, claim 1 is incorporated and the modified Taraz does not disclose, however, Williams teaches or suggests: wherein the compliance scan of the device is performed automatically according to a security policy (Williams, [0209], an audit (i.e., compliance scan) is to be executed periodically automatically according to the security policy).  
.
  
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Taraz in view of Vasseur and further in view Dufour and Hollis et al. (US 8874685 B1; hereinafter “Hollis”) cited in the IDS filed on 04/09/2020.
As per claim 10, claim 1 is incorporated and the modified Taraz does not disclose, however, Hollis teaches or suggests: wherein the action comprises initiating a patch service associated with the device (Hollis, Abstract, “actions such as patch download and installation based on the results of a security assessment”). 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of the modified Taraz to include actions such as patch downloads as taught by Hollis because this is a common and well-known technique in the computer security art to fix security vulnerabilities. Sending patches for download is a fast and convenient way for fixing compliant/security issues.
 



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.	
Bade et al. (US 20150067761 A1) detecting a virtual machine created with a workload, accessing applicable security/compliance rules and policies based on the workload category, and initiating the security/compliance rules and policies through security rules (Fig. 6).
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER R LAPIAN whose telephone number is (571)272-7552. The examiner can normally be reached M-F 9:30-6:00 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ALEXANDER R. LAPIAN
Examiner
Art Unit 2437



/ALEXANDER R LAPIAN/Examiner, Art Unit 2437              


/MATTHEW SMITHERS/Primary Examiner, Art Unit 2437