DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.  This Final Office Action is in response to amendment filed on 01/07/2022.
	Claims 1-3 have been amended. Claims 9-15 have been withdrawn. Claims 1-8 remain pending in the application. 
Response to Amendment

The amendment filed 01/07/2022 has been entered. Claims 1-3 have been amended. Claims 9-15 have been withdrawn. Claims 1-8 remain pending in the application

Applicant amendments to the Drawings have overcome the objections previously set forth in the Non-Final Office Action mailed on 07/07/2021. The objection has been withdrawn in view of the amended Drawings.
Applicant amendment to the Specifications have overcome the objections previously set forth in the Non-Final Office Action mailed on 07/07/2021. The objection has been withdrawn in view of the amended Specification.
Applicant amendment to the claims have overcome the objections previously set forth in the Non-Final Office Action mailed on 07/07/2021. The objection has been withdrawn in view of the amended claims.
Applicant amendments to the claims have overcome the 35 USC § 112 rejection previously set forth in the Non-Final Office Action mailed on 06/24/2021. The rejection has been withdrawn in view of the amended Claims.


Response to Arguments


 	Regarding Applicant’s arguments, on page 9-11 of the remark filed on 01/07/2022, on withdrawn claims of 9-15: “A method of adding a device to a local system comprising: installing a Thin Agent Verifier program on the device; executing the Thin Agent Verifier program; generating a 32-bit Unique Identifier and Device Install Keys (DIK) from an endpoint IP address and a first timestamp; encrypting and transmitting the endpoint IP address, the 32-bit Identifier and the DIK Public Key with a public key by the Thin Agent Verifier to a known authority of the local system; locating a private key corresponding to the DIK public key; performing a decryption routine by the known authority; determining if the private key and public key values match; encrypting an Unlock Key with the DIK public key by the known authority; communicating the encrypted Unlock Key to the new device; wherein the device performs a decryption routine, uninstalls the Thin Agent Verifier, wherein the device establishes Secure SIDH Communications using the DIK Keys; and wherein the device validates itself with the known authority.”, arguments are not persuasive.
rd, 2021 that an election was already made without traverse during a telephonic conversation,  Examiner further asserts that the restriction be maintained because of the differences between Group I with claims 1-8 and Group II with claims 9-15 because of the difference in inventive concept. Group II of the withdrawn claims 9-15 include a step of adding a new device using a Thin Agent Verifier and locating encryption keys to later match values and decrypt. This concept is not present in in Group I, which in contrast Group I discloses a vBear module that implements policies through a plurality of domain controllers that is not present in Group II. Furthermore the burden of the search would be extensive because of the use of new inventive concepts such as a 32-bit Unique identifier, Install keys and timestamp as well as the encryption/decryption step in unison with a Secure SIDH communication exchange that is not present in Group I. Examiner asserts that Group I is classified in subclasses H04L 9/0841, G06F 21/604 and G06F 21/6218 that differ from Group II that is classified in subclasses H04L 9/3239 and H04L 2209/38 and therefore, the rejection is maintained.

“wherein the at least one device agent is configured to generate a challenge in response to a request for registration and validation from each device
wherein the at least one device agent communicates a message with the challenge to each device from the at least one Known Authority
wherein the at least one device agent compares the challenge received from the at least one Known Authority to the challenge generated for each device, and
wherein each device s registered and validated only if the challenges match.”, arguments are persuasive. 
Therefore, the 35 U.S.C. 103 rejection Srivastava et al. (U.S Pub. No. 20160306966), Seigel et al. (U.S Pub. No. 20170083643) in further view of Witana et al. (WO Pub. No. 2018132872), has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 U.S.C. § 103 in view of the following prior art: Hughes et al. (WO Pub. No. 2019226115), in conjunction with Srivastava et al. (U.S Pub. No. 20160306966), Seigel et al. (U.S Pub. No. 20170083643) and Witana et al. (WO Pub. No. 2018132872). Please refer to the 35 U.S.C. 103 section below for a detailed explanation.
	For the reasons stated above and the new ground(s) of rejection under 35 U.S.C. 103 below, Examiner respectfully disagrees with Applicant’s argument, see Applicant’s Remarks Pages 9-11, regarding allowance of the application. Examiner asserts that claims 1-8 are rejected for the reasons stated above in conjunction with the new ground(s) of rejection under 35 U.S.C. 103 below.



Claim Objections

Claim 1 is/are objected to because of the following informalities:

In regards to Claim 1 last line, the applicant recites the limitation “wherein each device s registered and validated only if the challenges match” that should read “only when the challenges match” to read a definitive limitation that is performed and not conditional that may or may not occur. Appropriate correction is required.


Claim Interpretation

The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are:
“the plurality of devices in the local system is configured to”, in claim 3 lines 1-2 (see MPEP 2181 I A)

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.



The following is the examiner’s interpretation and suggestions for portions of the claims:
It should be noted that dependent claim 3 refer to “devices in the local system is configured to”. It becomes difficult as an Examiner to clearly understand the definition and meaning of these limitations as the phrase “devices [..] configured to” is a generic placeholder and term. The specifications describes in Par. (0025) “a physical device (or group of physical devices) or a virtual machine or device. A physical device generally refers to the physical and software resources required to run an operating system and supporting software. A virtual machine generally refers to an emulation of a computer system, which may be carried out by a physical device or a collection of physical devices acting towards one logical purpose. Grid computing and clustered servers are examples of multiple devices working towards one logical purpose..” Therefore, the specification includes sufficient structure for the "devices [..] configured to".


Claim Rejections - 35 USC § 103


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective 



Claims 1-3, 5 and 8, is/are rejected under 35 U.S.C. 103 as being unpatentable over  Srivastava et al. (U.S Pub. No. 20160306966, hereinafter referred to as “Srivastava"), Seigel et al. (U.S Pub. No. 20170083643, hereinafter referred to as "Seigel") and Witana et al. (WO Pub. No. 2018132872, hereinafter referred to as “Witana”) in further view of Hughes et al. (WO Pub. No. 2019226115, hereinafter referred to as “Hughes”)

Regarding Independent Claim 1 (Currently Amended), Srivastava teaches a system for enhanced, secure communications among a plurality of devices in communication over a local system, comprising: (Par. Abstract: “The computer-driven system includes a processor host running an operating system in a virtualized environment in communication over a network with a plurality of electronic devices”; communication over a plurality of devices in a system), (Par. (0077) “A secured enclave provides a hardware barrier that prevents the untrusted operating system and the untrusted driver from accessing code/data of the policy module”; secure communication). 
at least one Known Authority; (Figure 15A label “certificate authority”; known authority (certificate authority) (Par. (104) “Another method of authentication may be accomplished using the man-in-the-middle circuit is by accessing a centralized trusted Known Authority (trusted third party or Certificate Authority))
a plurality of devices in communication over a network associated with the local system (Par. Abstract: “The computer-driven system includes a processor host running an operating system in a virtualized environment in communication over a network with a plurality of electronic devices”; communication over a plurality of devices in a system)
	the at least one Known Authority associated with the at least one local domain controller (LDC); (Figure 15A label “certificate authority” and “domain controller”; known authority (certificate authority)  associated with local domain controller (domain controller))
	a vBear module comprising at least one device agent, the vBear module configured to implement one or more policies for registering communication threads with the at least one device agent; (Figure 15A label “Policy module”; vBear (policy module)), (Par. (0119) “The policy module is in communication with a software agent to provide security. In this example, such security could include mutual authentication between the device connected to the thin or zero client and the virtual machine that is pushed to the thin or zero client by a server. In this example, there are multiple enclaves where data transmission between enclaves must be regulated. Each enclave may include a software agent.”; vBear (Policy Module) with device agent (software agent), (Par. (0075) “The policy module can then enforce security policies such as allowing/denying access to hardware resources, encrypting data prior to transmission, detection of attacks on driver (by in-situ measurement of driver), and other vBear (policy module) implementing one or more policies), (Par. (0167) “A report may be generated and provided by the policy module to the operating system to inform the potential user that access has been denied. In other, embodiments, the potential user is not informed that access has been denied. In yet other embodiments, a report is generated by the policy module and the policy module transmits the report to administrators of the network or enterprise network. The report may also be stored in associated memory for later retrieval and review. If the answer is “yes” then the policy module uses the decrypted instance of the symmetric keys to decrypt the authorized files”; vBear (policy module) registering (reporting with policies (grant/deny), filing) communications associated with device agent (software agent), (Par. (0009) “the system provides a computer-implemented method of granting authorized user access to a set of files stored in an uncontrolled device while preventing unauthorized user access to such files even when the device is physically available to an unauthorized user.”; vBear (granting authorized users associated with Policy Module) and registering (filing, set of files))
(Examiner Notes: the instant application does not specify or define an example or what vBear represents only in Par. (0083) does the specification refer to vBear as a module that runs sets of policies with at least one device agent. Therefore it will be broadly and reasonably interpreted that vBear is some module, component or unit used to set policies, permission, privileges or the like thereof.)
wherein each device of the plurality of devices requires registration and validation from the at least one Known Authority; (Par. (0080) “a computer system plurality of devices), (Par. (0104) “Another method of authentication may be accomplished using the man-in-the-middle circuit is by accessing a centralized trusted third party, such as a certificate authority. In this embodiment, the authentication wrapper includes a certificate identifying that device as being trusted by the trusted third party and therefore, the file will be processed having been authenticated”; known authority (trusted third-party or Certificate authority) registering (file [..] processed) and validation (authenticating) the device))
wherein the at least on Known Authority operates through the least one local domain controller (LDC) to control and command devices on the local system; and (Figure 15A labels “Certificate Authority” and “Domain Controller”; Known Authority (Certificate Authority) operating through LDC (domain controller) on a system) (Par. (0126) “a centralized authentication authority and they lack a mechanism for providing access control to files or partitions of memory. In contrast, controlled devices in an enterprise network are centrally tracked by Active Directory (AD) Domain Services (ADDS) or the device has been issued a certificate by Active Directory Certificate Authority (ADCA). In general, at the enterprise level the domain controller that provides the domain services and the certificate authority resides within the network of the enterprise”; LDC (domain controller) and Known Authority (certificate Authority) corresponding to control and commands of device (access controls, Active Directory))
However Srivastava does not explicitly teach at least one main domain controller (MDC); the at least one main domain controller associated with at least one local domain controller (LDC); wherein the vBear module is further configured to operate on 
Wherein Seigel teaches at least one main domain controller (MDC); (Par. (0022) “A domain controller is a server that responds to security authentication requests (e.g., login requests, authenticate permissions, etc.) within a domain”; domain controller is a server), (Figure 1 labels 110, 106(1), 106(P); main domain controller (label 110 server on 1st domain), MDC (label 106(1)- (P), multiple domain controllers), (Par. (0014) “For example, in some implementations, the multiple agents may be deployed on Active Directory® domain controllers or other similar domain controllers (e.g., servers that respond to security authentication requests such as logging in, checking permissions, etc. within a domain)”; domain controllers)
 The at least one main domain controller associated with at least one local domain controller (LDC); ((Figure 1 labels 110, 106(1), 106(P); main domain controller (label 110 server on 1st domain), local domain controller (label 106(1)- (P), multiple domain controllers local on network)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Seigel within the teachings of Srivastava 
The motivation to combine these references is because by implementing a main domain controller associated with a local domain controller the confidence level of customers as well las credibility will increase because users will know the integrity of the communication is secure due to the rightful and authorized devices are being monitored and detected by a central or main domain controller and local domain controllers. This leads to less deficiencies in the network and allows devices to be verified and authenticated more effectively and efficiently. This protects the network and containment of data from harm by having multiple instances where users must be validated first before access, which in return leads to assurances of users in the system that newly added devices have been verified before accessing the network.

Wherein Witana teaches wherein the vBear module is further configured to operate on the at least one main domain controller (MDC), the Known Authority and the at least one local domain controller (LDC)  ((Figure 12 labels “Device A, Device B, DDM, Access Controller”; vBear (DDM with access controller) operating on main domain controller (Device A with domain controller) and at least one local domain controller (device B with domain controller), (Par. (0058) “devices or channels in one domain to controllers / devices in the second domain as "virtual devices" which may only expose specific channels of the underlying device. A user accessing a controller attached to the second domain will see these "virtual devices" and be able to exchange audio between this virtual device and physical devices in the domain”; first and second domain controllers (second domain with controllers)), (Par. (0094) “As illustrated in Fig. 5, devices may be partitioned into logical domains and a domain may contain devices from multiple subnets. The domain manager may be multiple domains with controllers), (Par. (0089) “The access controller is responsible for access control policy management and evaluation. Messages that pass through the DDM and are access controlled by the DDM may be processed by this block. This block may also manage access control policies for subsequent cache and evaluation on the device itself. If the DDM maintains an audit trail of actions within a domain, it may be embedded within an access control manager or by using an audit log. This may include messages that are sent via the DDM and/or messages that are processed within a device, with a notification sent to the DDM”; vBear (DDM with access controller) with access control policy), (Par. (00120) “the domain manager may be configured to allow an administrator to define and maintain a database of access control policies. Different users issuing configuration commands via media controllers may be assigned different permissions. For simplicity users may be assigned roles and permissions may be assigned”; vBear (DM or DMM) set roles and permissions), (Par. (0096) “This process is illustrated in Fig. 6. As illustrated, when a domain manager is installed and licensed a public/private key pair is generated and the public key is signed by e.g., the Audinate CA. When a domain manager creates a domain, a public/private key pair is generated and the public key is signed by the domain manager CA. When a device is added to a domain a public/private key pair is generated and the public key is signed by the Domain CA.”; vBear (DM or DMM or DDM) operating on known authority (audinate CA/ DM CA (Certificate authority)), vBear (DDM) operating on known Authority (Audinate CA)), (Par. (0097-0098) “ In this way a chain of trust is created and a particular device or other entity can be authenticated as being cryptographically associated with a particular Domain and domain manager ]..] If devices that belong to different domain managers or different domains are required to communicate, these devices can be authenticated by the exchange of certificates at the domain manager or domain level.”; known authority (chain of trust based on certificate exchange)), (Par. (0092-0093) “The DDM may also allow passing of network messages between a controller to a device without parsing or processing the entire message. This feature allows for third-party controllers or controller plugins to push device-specific or manufacturer-specific messages between a controller and a device without the DDM having to interpret or understand the entire message [..] The DDM may also support third-party access-control plugins to allow access control rules to be applied to these third-party messages. [0093] The controller interface may be implemented as a software library implementing an application programming interface (API). A third party may use this library to implement a customized controller that can communicate with a DDM and media devices in a domain”; vBear (DDM) operating on known authority (trusted third party)), (Par. (0099) “When a Domain is created within a DDM, the DDM creates a private/public key pair for the domain and signs the certificate containing the public key with the DDM key. When a device is associated with or enrolled into a domain, a private public key pair is created for this device and the certificate containing device public key is signed with the domain key. Thus when a device connects to a DDM, the device can cryptographically authenticate itself as belonging to the domain that signed vBear (DDM) operating on known authority (signing the certificate correlating to Audinate CA))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Witana within the teachings of Srivastava and Siegel to include the vBear module operating on the at least one main domain controller (MDC), the Known Authority and the at least one local domain controller (LDC)  because of the analogous concept of protecting enterprise data from security breaches and vulnerability in a network by detecting anomalies for end points in the system. Witana includes a vBear module configured to operate on a main domain controller, known authority and a local domain controller, this is significant because by having a module or component operating on multiple domain controllers and a known authority/ trusted third party it instill confidence in users in the network that their confidential data will not be breached. By coupling the domain controller with a vBear that regulates and sets policies to device the likelihood of modification, impersonation or compromise of data is lessened because only the rightful and suitable entities with access will be able to enter the network and by implementing a vBear in conjunction with the known authority and domain controller the process protects local devices and restricts access based on the module. 
The motivation for combining these references is because by using a vBear that is associated with a Known Authority and domain controllers the network limits exposure to non-critical data as well as having a module that can provide an extra layer 
However Srivastava, Siegel and Witana do not explicitly teach wherein the at least one device agent is configured to generate a challenge in response to a request for registration and validation from each device, wherein the at least one device agent communicates a message with the challenge to each device from the at least one Known Authority, wherein the at least one device agent compares the challenge received from the at least one Known Authority to the challenge generated for each device, and wherein each device s registered and validated only if the challenges match.
Wherein Hughes teaches wherein the at least one device agent is configured to generate a challenge in response to a request for registration and validation from each device, (Page 4 lines 25-30 “the user may [..] with proof of identity provided via a cryptographic challenge”; device agent (user) generates (provides) a challenge (cryptographic challenge)), (Page 5 lines 11- 25 “to generate a random string (i.e. a cryptographic challenge) [..]  a push request to a push notification server along with contact data of the application server and a user's registration identifier (ID)”; generate a challenge in response to a request for registration (generated challenge associated with request and registration)), (Page 2 lines 10-25 “a registration process between a device, an apparatus and a server apparatus according to an example of the present registration process between a device, an apparatus and a server apparatus according to an example of the present disclosure.”; for registration (registration process)), (Page 6 lines 42-60 “a response to the cryptographic challenge is sent and authenticated by the web application, the web application will then provide its services to the user [..] the push notification request for the user to enter the PIN or pass phrase or biometric information may be configured so as to seek user authorization to proceed (e.g. to allow or not to allow) with one or more transaction or action by entering the PIN or pass phrase or biometric information.”; challenge in response to a request for validation from each device (challenge corresponding to a request for authorization from the user)), (Page 2 lines 26-40 “sending messages to one or more user devices through internet, for instance, through infrastructure at Google and Apple. Typically, the user devices are mobile devices.”; for each device (one or more user devices))
wherein the at least one device agent communicates a message with the challenge to each device from the at least one Known Authority, (Page 5 lines 55-60 and Page 6 lines 1-5  “The user's device that receives the push message containing [..] this cryptographic challenge [..] with the user’s client certificate.”; communicates a message with a challenge to each device (user receives  a message that contains a challenge ) from the Known Authority (client certificate)), (Page 5 lines 4-13 “The user first logins through a webpage hosted by the application server and the application server obtains a client certificate of the user [..] from a certificate server or certification authority, optionally via use of Identity Registration Protocol (!RP)”; from at least one known authority (client certificate associated with Certificate Authority communicating with user)), (Page 5 lines 20-40 “a certification authority or optionally through an IRP server) to produce the cryptographic challenge. [..] Sending the cryptographic challenge via push notification mechanism refers to sending the cryptographic challenge along with the contact data of the application server and the user's registration ID to a push notification server, which then forwards the cryptographic challenge and the contact data of the application server to the user's device”; from the at least known Authority (certification authority corresponding to challenge is sent via push message to users device))
wherein the at least one device agent compares the challenge received from the at least one Known Authority to the challenge generated for each device, and (Col. 17 lines 35-50 “the user device 110 will obtain [..]to generate a cryptographic challenge response to the application server 204. At a step S328, the cryptographic challenge response (i.e. the decrypted random string) [..] compares the [..] the cryptographic challenge response with the random sting 291 previously generated at the step S314”; device agent compares the challenge received to the challenge generated (challenge is compared to previously generated challenge))
 	wherein each device is registered and validated only if the challenges match. (Page 5 lines 20-60 “compares [..]  the cryptographic challenge response [..] if it is determined that the two respective random strings are identical at the step S330, the application server 204 will at a step S332 issue a command 360 to the web browser 202 to allow the user to refresh a webpage on the web browser 202, for instance, to indicate that the user transaction authorization is successful.”; each device is registered and validated only if challenges match (if it is determined identical [..] command and allow user access [..] authorization is successful)), (Page 20 lines 25-35 “comparing [..]  the cryptographic challenge response with the random string that was generated by the application server (e.g. S272 of Figure 2C, SS330 of Figure 3); and [..] providing the user with one or more services of the application server if the decrypted random string in the cryptographic challenge response matches with the generated”; if the challenges match (challenge response matches))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Witana within the teachings of Srivastava, Siegel and Witana to include device agent is configured to generate a challenge in response to a request for registration and validation from each device, communicating a message with a challenge corresponding to a known authority and comparing the challenges for a match to register and validate each device because of the analogous concept of protecting personal data in network devices. Hughes includes an implementation of a challenge that is generated in response to a request that is communicated through a known or trusted authority with a message. This is important because by having a known or trusted authority that is associated with the challenge with request it prevents illegitimate users attempting to gain unauthorized access because of the confidence level associated with the known authority and interaction. By using a challenge and response mechanism network communication on devices become more enhanced and reliable because the only devices that get registered into the network are the trusted entities that are successful from this challenge. By implementing a comparison of the challenges and filtering out a match, users on network devices are securely protected from threats, phishing, and existing malware attacks that create anomalies that may or may not be detected. By creating and 

Regarding Dependent Claim 2 (Currently Amended), the combination of Srivastava, Seigel, Witana and Hughes teach the system of claim 1, Srivastava further teaches the system of claim 1, wherein the vBear module is in communication with a datastore local to the local system, and wherein the datastore only contains information at a specific level of the at least one local domain controller (LDC) and below (Par. (0125) “the policy module includes security processes that allow data stored on a USB storage device to be viewed on a trusted workstation when the trusted workstation is connected to an untrusted network. The policy module may also include other security processes for uncontrolled devices as described below including enabling authorized local users to be allowed access to files on a USB storage device”; vBear (policy Module) in communication with datastore (storage), (Par. (0124) “the policy module [..] configurable to elevate the user security level and to restrict the user security level. The policy module may be remotely configurable to add, delete, or change compartment access within the user's approved security levels.”; vBear (policy module) contain information at the level (security levels), (Figure 15A labels “policy module”, “domain controller”; vBear (policy Module) associated with local domain controller (domain controller)), (Par. (0138) “This server 1320 may include an active directory or be coupled to domain controller and a certificate authority. In other vBear (policy module) storing information at the level (access control/permissions) stored in datastore (storage/USB/uncontrolled device)) associated with local domain controller)

Regarding Dependent Claim 3 (Currently Amended), the combination of Srivastava, Seigel, Witana and Hughes teach the system of claim 1, Srivastava and Witana do not explicitly teach the system of claim 1, wherein each device of the plurality of devices in the local system is configured to operate at least one device agent, and wherein each device agent establishes a secure communication channel with the at least one domain controller (LDC).
Wherein Siegel teaches the system of claim 1, wherein each device of the plurality of devices in the local system is configured to operate at least one device agent, and wherein each device agent establishes a secure communication channel with the at least one domain controller (LDC) (Figure 1 plurality of devices (User Device) in a system (100) with at least one device agent (Agent 116), device agent (116) communication channel with LDC (Server/ domain controllers 106))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Siegel within the teachings of Srivastava, Witana and Hughes for the reasons discussed in independent claim 1 states above.


Regarding Dependent Claim 5 (Original), the combination of Srivastava, Seigel, Witana and Hughes teach the system of claim 1, Srivastava further teaches the system of claim 1, wherein the vBear module records the transmission of messages and errors received during communications between or among the plurality of devices (Par. (0167) “a report is generated by the policy module and the policy module transmits the report to administrators of the network or enterprise network. The report may also be stored in associated memory for later retrieval and review”; vBear (Policy Module) records (reports/ stores reports)), (Par. (0121-0122)” The policy module may include security processes [..] The security processes may also include the ability to create messages and send alert messages to designated parties based upon a predetermined list. The data may also be sent to a log or logging tool or used for data analytics to identify common attacks. The security process within the policy module can also require data to be encrypted. For example, files may be encrypted, partitions may be encrypted, and meta data may be encrypted.”; vBear (policy module associated with security process) records (logs)  transmission of messages). (Par. (0155) “the communications between the policy module [..] has been received by the policy module. [..] the policy module executes a series of steps. An example of these steps is shown in the pseudo code. The provisioning algorithm tags the arguments: group and userID wherein the userID generally represents an administrator of the group. The policy module first checks the user's credentials to see if the user has the correct privileges for creating a group 1551 by contacting the domain controller and/or the certificate authority.”; vBear (policy module) receiving during communications), (Par. (0171) “the policy module cannot retrieve the user's private key, then the policy module generates a report indicating that access is denied  [..] The policy module determines if the symmetric key is decrypted correctly and is not corrupted 1610. If the answer is “no” than access is denied. An error message may be generated and forwarded to the potential user through the operating system indicating that the user does not have authorization to access the requested file or that the file has been corrupted 1609”; vBear (policy module) associated with errors received (retrieved) during communication). (Par. (0080) “a computer system that is in communication with one or more networked devices”; plurality of devices (one or more networked devices))

Regarding Dependent Claim 8 (Original), the combination of Srivastava, Seigel, Witana and Hughes teach the system of claim 1, Srivastava further teaches the system of claim 1 further comprising a device ledger. (Par. (0074) “A “user” may be a human requesting performance of an action or the user may be an entity, such as a processor, smartphone, or computer that is requesting performance of an action.”; user associated with a device), (Par. (0200) “For example, in environments using a device (user) logged in a device ledger (block chain or ledger))


Claim 4, is/are rejected under 35 U.S.C. 103 as being unpatentable over  Srivastava et al. (U.S Pub. No. 20160306966, hereinafter referred to as “Srivastava"), Seigel et al. (U.S Pub. No. 20170083643, hereinafter referred to as "Seigel"), Witana et al. (WO Pub. No. 2018132872, hereinafter referred to as “Witana”) Hughes et al. (WO Pub. No. 2019226115, hereinafter referred to as “Hughes”) in further view of Wang et al. (U.S Pub. No. 20120204224, hereinafter referred to as “Wang”)

Regarding Dependent Claim 4 (Original), the combination of Srivastava, Seigel, Witana and Hughes do not explicitly teach the system of claim 3, wherein each of the at least one device agents are not visible to other systems and applications in the local system.
Wherein Wang teaches the system of claim 3, wherein each of the at least one device agents are not visible to other systems and applications in the local system. (Par. Abstract “a plurality of users groups of the information centric network, a plurality of user groups coupled to the virtual group controller and associated with the users, a plurality of agents that are each associated with one of the user groups, and a database for trusted service profile coupled to the virtual group controller, wherein the virtual group controller is configured to interact with the agents to enable mobility for the user groups”; device agents), (Par. (0050) “a trust relationship established between the home SMVG controller at a home domain and the SMVG agent at a visiting AP in a visiting access domain, the SMVG agent may verify all certificates from mobile publishers belonging to that home domain. In this case, when a correspondent peer (AP) inquires the location of a mobile device, the home SMVG controller may send the mobile device certificates to the SMVG agent coupled to the correspondent peer.”; domain controllers associated with device agents (SMVG agent)), (Par. (0059) “FIG. 6 illustrates an embodiment of a multi-domain controller and agent interaction 600 in a CON, e.g., similar to the CON 100, that may be part of the SMVG control system. Specifically, multiple domains coupled to the CON may collaborate to enable virtual groups' members that may be distributed globally to interact with one another. Typically, social networking may be considered as an over the top (OTT) phenomenon, i.e., where the social interactions may be oblivious or invisible to the SP.”; device agents are not visible (invisible) to other applications on the system in association with domain controllers.))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Wang within the teachings of Srivastava, Seigel, Witana and Hughes to include each of the at least one device agents are not 
The motivation to combine these reference is because by implementing device agents that are not visible to other device in the system is because the deployment of data inside and outside the operating system can be protected without compromise and the detection of possible security threats can be even more thorough and effective because of the operations of the domain controller and device agent that are done invisibly to other applications on the system, this builds strong integrity and trust in the system and alleviates users from concern of risk.

Claim 6, is/are rejected under 35 U.S.C. 103 as being unpatentable over  Srivastava et al. (U.S Pub. No. 20160306966, hereinafter referred to as “Srivastava"), Seigel et al. (U.S Pub. No. 20170083643, hereinafter referred to as "Seigel"), Witana et al. (WO Pub. No. 2018132872, hereinafter referred to as “Witana”) and Hughes et al. (WO hereinafter referred to as “Hughes”) in further view of Kwon et al. (WO Pub. No. 2018124852, hereinafter referred to as “Kwon”)

Regarding Dependent Claim 6 (Original), the combination of Srivastava, Seigel, Witana and Hughes do not explicitly teach the system of claim 5, wherein the messages comprise a 32-bit UUID key for encryption by the vBear module.
Wherein Kwon teaches the system of claim 5, wherein the messages comprise a 32-bit UUID key for encryption by the vBear module. ((Page 7 Par. (169) “ATT (Attribute Protocol, 43) defines a rule for accessing data of a counterpart device in a server-client structure. ATT has the following 6 message types (Request, Response,Command, Notification, Indication, Confirmation).”; vBear (Attribute protocol define rule, policy, permission etc), (Page 15 Par. (457-461) “- 32bit UUID List: [..] 0b00: No information on 32bit UUID. [..]  0b01: Provides complete 32-bit UUID information [..]  0b10: Incomplete 32bit UUID information is provided, and additional information can be provided upon request. [..]  0b11: Provides incomplete 32-bit UUID information, but cannot provide additional information”; 32bit UUID), (Page 17 Par. (523) “primary service UUID: UUID of the primary service (16bit/32bit/128bits).”; 32bit UUID), (Page 13 Par. (372) “an Attribute Protocol Read By Type request may be used together with an Attribute Type parameter set as a UUID for «Include».”; vBear (attribute protocol with rules) associated with UUID), (Page 12 Par. (342-345) “ primary service UUID: Displays the primary service UUID including Easy Pairing service. The length may vary depending on the UUID value of the service. [..]  Security Requirements: Indicates security requirements for primary service. [..] 0x01: Not authenticated with encryption, UUID in encryption process)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kwon within the teachings of Srivastava, Seigel, Witana and Hughes to include the messages comprise a 32-bit UUID key for encryption by the vBear module because of the analogous concept of protecting enterprise data from security breaches and vulnerability in a network by detecting anomalies for end points in the system. Kwon includes a system that has a message that comprises of a UUID key for encryption by the vBear module, this is significant because by using a UUID key in the encryption process it discourages attackers from breaching of infiltrating the system because of how difficult it is to replicate, this protects confidential data that is contained in the domain controller. By implementing this UUID key in the encryption process with a vBear it ensures users that not only is there a low possibility of duplication but it is a key that can be used through the system onto multiple devices without susceptibility to compromise or modification. 
The motivation to combine these references is because by using a UUID key in the encryption process data that is encrypted and exchanged will be so unique that there is no exposure and information that will be revealed as well as the simplicity to be generated anywhere, this aids to the prevention security breaches because the communication between the device agents, vBear and domain controller will have a high level of integrity and lessen the likelihood of risk. 





Claim 7, is/are rejected under 35 U.S.C. 103 as being unpatentable over  Srivastava et al. (U.S Pub. No. 20160306966, hereinafter referred to as “Srivastava"), Seigel et al. (U.S Pub. No. 20170083643, hereinafter referred to as "Seigel"), Witana et al. (WO Pub. No. 2018132872, hereinafter referred to as “Witana”) and Hughes et al. (WO Pub. No. 2019226115, hereinafter referred to as “Hughes”) in further view of Kalach et al. (U.S No. 10116443, hereinafter referred to as “Kalach”)

Regarding Dependent Claim 7 (Original), the combination of Srivastava, Seigel, Witana and Hughes do not explicitly teach the system of claim 5, wherein the messages are encrypted by Supersingular Isogeny Diffie-Hellman (SIDH) key exchange and key encapsulation.
Wherein Kalach teaches the system of claim 5, wherein the messages are encrypted by Supersingular Isogeny Diffie-Hellman (SIDH) key exchange and key encapsulation. (Page 9 Col. 1 lines 29-35 “In some aspects of the present disclosure, improved supersingular isogeny-based cryptographic protocols are described. The supersingular isogeny Diffie-Hellman key agreement protocol (SIDH) is an example of a supersingular isogeny-based cryptographic protocol that is believed to be secure against attacks carried out by quantum computers. In some SIDH deployments, if one of the entities reuses its secret key (e.g., as a static private key), then the secret key can be efficiently recovered”; SIDH key correlating to encryption), (Page 12 Col. 8 lines 27-SIDH with key encrypting message), (Page 11 Col. 6 lines 9-25 “the nodes 102, 104 use an encryption scheme that allows each node to send confidential messages to the other node, and the encryption scheme can be a quantum-resistant scheme that is not vulnerable to the quantum computing resources of the quantum-enabled adversary 108. Such digital signature schemes and encryption schemes can include or be used in conjunction with a key agreement protocol or a key encapsulation mechanism that is also secure”; key encapsulations correlating to messages that are encrypted).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kalach within the teachings of Srivastava, Seigel, Witana and Hughes to include the messages are encrypted by Supersingular Isogeny Diffie-Hellman (SIDH) key exchange and key encapsulation because of the analogous concept of protecting enterprise data from security breaches and vulnerability in a network by detecting anomalies for end points in the system. Kalach includes a process in which messages are encrypted by a SIDH key exchange, this provides an enhanced level of security protection by allowing the system to avoid detection, exploits and exposure by exchanging keys in any order and at the same time. This discourages attackers from possible security breaches and vulnerability attacks by lessening the likelihood of accurate prediction of the keys that are encrypted and exchanged. This provides a solution to protecting communication over a long running session by using SIDH when encrypting messages for a multitude of devices.



Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

John; Shajil (U.S Pub. No. 20200233907) “LOCATION-BASED FILE RECOMMENDATIONS FOR MANAGED DEVICES”. Considered this reference because it addressed multiple devices using machine learning to protect enterprise data.

Smith; Ned M. (U.S Pub. No. 20160366102) “Self-Configuring Key Management System For An Internet Of Things Network”. Considered this application because it relates functionalities of the vBear module in terms of policies set and in interaction with domain controllers

TRENHOLM WALLACE (WO Pub.  No. 2020124241) “SYSTEMS AND METHODS FOR COMPUTER-IMPLEMENTED DATA TRUSTS”. Considered this application because it addressed domain controllers with a type of vBear module component that dealt with registering devices through sets of policies while trying to protect access in a network.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 



Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H.A.H./           Examiner, Art Unit 2497                                                                                                                                                                                             
	/Jeremy S Duffield/           Primary Examiner, Art Unit 2498