DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/29/2020 was in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the Examiner.

Claim Objections
Claim 11 is objected to because of the following informalities:

Claim 11 recites “The apparatus” in the preamble, whereas claim 11 is an independent claim.  Examiner suggests the amendment “[[The]] An apparatus”.

Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 11-13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lackey et al. (U.S. Pat. App. Pub. 2020/0076799), hereinafter Lackey, and further in view of Tedaldi et al. (U.S. Pat. App. Pub. 2021/0335505), hereinafter Tedaldi.

Regarding claim 1, Lackey disclosed a method comprising:
5extracting, from a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (detecting, i.e., extracting, metrics, i.e., data fragments, for each network device of a network, i.e., user devices in a computer network, ¶[0034]; metrics including device model type, i.e., device model, ¶[0034], [0080]);
associating the one or more data fragments with device identification data assigned to each user device (metrics including IP or MAC address, i.e., device identification data assigned to each user device, ¶[0034], [0080]; generating device fingerprints by combining, i.e., associating, metrics, i.e., device model type and IP/MAC address, ¶[0034], [0049], [0063], [0081]);
10determining a device model for a specific data fragment of the one or more data fragments based on analyzing one or more data fields associated with the specific data fragment (analyzing received network device information, i.e., a specific data fragment, and identifying device model types, i.e., determining a device model, of the network devices, ¶[0036]); and
generating one or more device model identification rules based on the specific data fragment (generating device access policies, i.e., device model identification rules, for each identified device model type/monitored metrics, i.e., based on the specific data fragment, ¶[0038], [0049]).
While Lackey disclosed detecting metrics that included network device model type (i.e., data fragments relating to a device model of each user device), Lackey did not disclose doing so by extracting the data fragments from network traffic data.  Specifically, Lackey did not disclose:
5extracting, from network traffic data of a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (emphasis added).
Tedaldi disclosed:
extracting, from network traffic data of a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (capturing, i.e., extracting, telemetry data, i.e., data fragments, regarding traffic in a network, i.e., network traffic data, ¶[0042]-[0043]; telemetry data indicating device type/make/model, i.e., relating to a device model, ¶[0048]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the method of Lackey to include extracting, from network traffic data of a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device as claimed, because doing so would have provided detailed information about each device in a network, which would be difficult for an administrator to handle manually, and such detailed information would have improved the application of network access policies (Tedaldi, ¶[0046]).

Regarding claim 2, Lackey and Tedaldi disclosed the method further comprising extracting the one or more data fragments relating to the device model by analysis using one or more of:  static rules, data extraction algorithms, and artificial intelligence applications (extracting device model from telemetry data, i.e., data fragments, using machine learning, i.e., artificial intelligence applications, Tedaldi, ¶[0037]).
The combination of references is made under the same rationale as claim 1 above.

Regarding claim 203, Lackey and Tedaldi disclosed the method wherein determining the device model for the specific data fragment based on analyzing the one or more data fields associated with the specific data fragment further comprises analyzing historical device model data (analyzing device historical communication data to identify device model types, Lackey, ¶[0036]) and applying one or more of:  statistical analysis, encoded decision rules, and one or more artificial intelligence techniques (applying a machine-based learning classifier, i.e., artificial intelligence techniques, to identify a device type, Tedaldi, ¶[0036], [0051]).
The combination of references is made under the same rationale as claim 1 above.

Regarding claim 4, Lackey and Tedaldi disclosed the method wherein determining the device model for the specific data fragment further comprises analyzing one or more of:  a brand of the user device (manufacturer, Tedaldi, ¶[0048]), a type of the user device (device type, Tedaldi, ¶[0048]), a name of the user device, an operating system of the user device (operating system, Tedaldi, ¶[0048]), and concreteness of a keyword formed 30based on a data source type and the one or more data fragments.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the method of Lackey wherein determining the device model for the specific data fragment further comprises analyzing one or more of:  a brand of the user device, a type of the user device, and an operating system of the user device as claimed, because such detailed information would have aided in application of a network access policy to the device (Tedaldi, ¶[0046]).

	Regarding claim 11, Lackey disclosed the apparatus in a computer network system comprising:
one or more processors (processor, ¶[0012]); and
a non-transitory computer-readable medium comprising stored program code, the program code comprising computer-executable instructions (computer readable storage medium having instructions, ¶[0012]) that, when 5executed by the one or more processors, causes the one or more processors to:
extract, from a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (detecting, i.e., extracting, metrics, i.e., data fragments, for each network device of a network, i.e., user devices in a computer network, ¶[0034]; metrics including device model type, i.e., device model, ¶[0034], [0080]);
associate the one or more data fragments with device identification 10data assigned to each user device (metrics including IP or MAC address, i.e., device identification data assigned to each user device, ¶[0034], [0080]; generating device fingerprints by combining, i.e., associating, metrics, i.e., device model type and IP/MAC address, ¶[0034], [0049], [0063], [0081]);
determine a device model for a specific data fragment of the one or more data fragments based on analyzing one or more data fields associated with the specific data fragment (analyzing received network device information, i.e., a specific data fragment, and identifying device model types, i.e., determining a device model, of the network devices, ¶[0036]); and
generate one or more device model identification rules based on 15the specific data fragment (generating device access policies, i.e., device model identification rules, for each identified device model type/monitored metrics, i.e., based on the specific data fragment, ¶[0038], [0049]).
While Lackey disclosed detecting metrics that included network device model type (i.e., data fragments relating to a device model of each user device), Lackey did not disclose doing so by extracting the data fragments from network traffic data.  Specifically, Lackey did not disclose:
extract, from network traffic data of a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (emphasis added).
Tedaldi disclosed:
extracting, from network traffic data of a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (capturing, i.e., extracting, telemetry data, i.e., data fragments, regarding traffic in a network, i.e., network traffic data, ¶[0042]-[0043]; telemetry data indicating device type/make/model, i.e., relating to a device model, ¶[0048]).
The combination of references is made under the same rationale as claim 1 above.

Regarding claim 12, Lackey and Tedaldi disclosed the apparatus wherein the instructions further cause the one or more processors to determine the device model for the specific data fragment based on analyzing one or more data fields associated with the 20specific data fragment by analyzing historical device model data (analyzing device historical communication data to identify device model types, Lackey, ¶[0036]) and applying one or more of:  statistical analysis, encoded decision rules, and one or more artificial intelligence techniques (applying a machine-based learning classifier, i.e., artificial intelligence techniques, to identify a device type, Tedaldi, ¶[0036], [0051]).
The combination of references is made under the same rationale as claim 1 above.

Regarding claim 13, Lackey and Tedaldi disclosed the apparatus wherein, to determine the device 25model for the specific data fragment, the instructions further cause the one or more processors to analyze one or more of:  a brand of the user device (manufacturer, Tedaldi, ¶[0048]), a type of the user device (device type, Tedaldi, ¶[0048]), a name of the user device, an operating system of the user device (operating system, Tedaldi, ¶[0048]), and concreteness of a keyword formed based on a data source type and the one or more data fragments.
The combination of references is made under the same rationale as claim 4 above.

Regarding claim 20, Lackey disclosed a non-transitory computer-readable medium comprising stored program code, the program code comprising computer-executable instructions (computer readable storage medium having instructions, ¶[0012]) that, when 10executed by a processor (processor, ¶[0012]), causes the processor to:
extract, from a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (detecting, i.e., extracting, metrics, i.e., data fragments, for each network device of a network, i.e., user devices in a computer network, ¶[0034]; metrics including device model type, i.e., device model, ¶[0034], [0080]);
associate the one or more data fragments with device identification data 15assigned to each user device (metrics including IP or MAC address, i.e., device identification data assigned to each user device, ¶[0034], [0080]; generating device fingerprints by combining, i.e., associating, metrics, i.e., device model type and IP/MAC address, ¶[0034], [0049], [0063], [0081]);
determine a device model for a specific data fragment of the one or more data fragments based on analyzing one or more data fields associated with the specific data fragment (analyzing received network device information, i.e., a specific data fragment, and identifying device model types, i.e., determining a device model, of the network devices, ¶[0036]); and
generate one or more device model identification rules based on the 20specific data fragment (generating device access policies, i.e., device model identification rules, for each identified device model type/monitored metrics, i.e., based on the specific data fragment, ¶[0038], [0049]).
While Lackey disclosed detecting metrics that included network device model type (i.e., data fragments relating to a device model of each user device), Lackey did not disclose doing so by extracting the data fragments from network traffic data.  Specifically, Lackey did not disclose:
extract, from network traffic data of a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (emphasis added).
Tedaldi disclosed:
extract, from network traffic data of a plurality of user devices in a computer network, one or more data fragments relating to a device model of each user device (capturing, i.e., extracting, telemetry data, i.e., data fragments, regarding traffic in a network, i.e., network traffic data, ¶[0042]-[0043]; telemetry data indicating device type/make/model, i.e., relating to a device model, ¶[0048]).
The combination of references is made under the same rationale as claim 1 above.

Allowable Subject Matter
Claims 5-10 and 14-19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH R MANIWANG whose telephone number is (571)270-7257. The examiner can normally be reached 8:30AM - 4:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Wing F Chan can be reached on (571) 272-7493. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JOSEPH R MANIWANG/Examiner, Art Unit 2441                                                                                                                                                                                                        
/WING F CHAN/Supervisory Patent Examiner, Art Unit 2441