DETAILED ACTION
This Office Action is with regard to the most recent papers filed 5/11/2022.

112 1st rejection of claim 19
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claim 19 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
With regard to claim 19, the instant claim presents that the network device type corresponds with a security policy particular to hardware of the source network device.  The concept of policy is only presented twice, in paragraph [0012] and [0025].  In paragraph [0025], it is presented that “specific per-device firewall policies can also be applied,” where the relationship between the policy and the device type is unclear.  Further, it is unclear how the policy is particular to hardware of the device, as this would appear to have devices with the same set of hardware having the same policy, where the specification instead provides a per device firewall policies (where the per-device is provided with regard to different OS versions).  Applicant should ensure that the claims are fully supported within the instant specification, where the instant claim should either be amended to be fully supported and/or the specific passages supporting the claim language should be provided with an explanation of how the specification supports the claims being provided if the support is not clear.

Response to Arguments
Applicant's arguments filed 5/11/2022 have been fully considered but they are not persuasive. 
On pages 7-8 of Applicant’s remarks, Applicant argues that Roesch does not teach the determining step of claim 1.  More specifically, Applicant argues that Roesch does not determine a network device type from input data and an associated confidence score “because they are directed to “operating systems” and “services” of the network device, and not a “network device type.””  However, the instant claim fails to provide any detail as to what constitutes a network device type, where such a “type” is not defined in the specification, though the term is used throughout.  In paragraph [0049], it is proved that “Other actions may be performed once the device type is identified and associated with a known vulnerability as well.  For example, a system with outdated or end-of-life operating system may be firewalled…”  Nothing in this paragraph provides a basis for any action beyond details of the operating system of the device, providing that such an operating system could be a device type, as this is performed once the device type is identified.  Thus, lacking any explanation of what a device type is, any detail in the specification that would limit what a device type would be, and passages that appear to imply that such a device type may be an operating, system, this argument cannot be persuasive.  It is also noted that Applicant has added claim 19, which attempts to provide some detail of what a device type, though this claim does not provide for what the type, itself is, nor does the claim language appear to be actually supported by the instant specification, as presented below.
Applicant proceeds to argue that Roesch teaches “assigning a vulnerability to a network device on a network based on the service the network device is running,” not a correlation to the source network device with reference to figure 24.  It should be noted that all of figures 20-24 of Roesch are directed towards the identification of details of the network device based on traffic, including the operating system and services, where actions can be taken with regard to these.  Further, in figure 24, a packet transmitted on the network is used to identify the service (where in figure 23, the same is performed for the operating system), where this is then used to assign vulnerabilities from predefined (known) vulnerabilities.  In Column 1, lines 22-36, Roesch provides a concern with end points of traffic (which refers to both sources and destinations of traffic), where the packets used in the processes of Roesch can be both packets to or from a device in question.  Based on this, at least in some embodiments provided in Roesch, the packets of figures 23-24 would be from the same device that is assigned the vulnerability, and thus would be the source.
On pages 10-15, Applicant argues the dependent claims.  With regard to the arguments against the findings of Official Notice, Applicant has not provided an adequate traversal of such Official Notice.  Instead, Applicant traverses that complete claim language that goes beyond the finding of Official Notice was not well-known (For example, with regard to claim 2, Applicant argues that it would not have been common knowledge to implement “”a convolution neural network (CNN)” for “determining, by the computer system, a network device type for the input data and an associated confidence score…”, where this was not the fact asserted in the rejection.).  To adequately traverse the finding, Applicant should specifically point out the error in Examiner’s action, including stating why the noticed fact is not well-known (See MPEP 2144.03C).  In the case of claim 2, the noticed fact was that CNN models were well-known in the art, where based on this detail, it was asserted that it would have been obvious to combine such models with the teachings of Roesch and Zhang.  If Applicant provides a specific statement that the noticed fact is not well-known, the Examiner will provide evidence that it was known (where such would not meet the threshold for traversal by Applicant, as the Examiner is not requiring a statement of why).  For example, if Applicant states “CNN models were not considered by Applicant to be well-known to one of ordinary skill in the art,” this traversal would be considered to be adequate.  Note that this applies to each attempted traversal by Applicant.
On page 13, Applicant addresses the rejection of claim 4, stating how Zhang does not include a figure 10.  It is noted that this was clearly a typo, and that Roesch figure 10 includes the figure numbers and the asserted teachings, where a very quick review of the figures of Roesch would have revealed this.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-10, 12-16, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 7,496,662 (Roesch) in view of US 2018/0270229 (Zhang).
With regard to claim 1, Roesch discloses a computer-implemented method for determining network device identification, the method comprising: 
receiving, by a computer system, input data in a network data packet from a source network device (Roesch: Abstract and Figure 1.  A packet that was transmitted on a network is read, meaning it was transmitted by some source device and received by the device doing the reading.); 
determining, by the computer system, a network device type for the input data and an associated confidence score, wherein the network device type is selected from a plurality of network device types, and wherein determining the network device type and the associated confidence score comprises applying a set of input associated with the input data to an algorithm (Roesch: Abstract and Figures 20-21.  Information from the packet can be read and used to determine information about the device, including determining confidence scores with different options and using the highest scoring option.); 
upon determining that the network device type is a particular network device type, determining that the source network device is associated with a known vulnerability (Roesch: Figure 24.  Based on a determined service/type of a network device, vulnerabilities can be determined from predefined (known) vulnerabilities.); and 
performing an action based on the known vulnerability (Roesch: Figure 24.  The vulnerability is at least assigned to the service, which would be an action lacking any other detail of what actions are performed.).
Roesch fails to teach that the algorithm is a trained machine learning (ML) model.
However, Zhang teaches the use of a trained machine learning (ML) model (Zhang: Paragraphs [0079]-[0080].  Information from packets can be used to identify information about devices using a machine learning analysis using a model.).
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize a trained machine learning model to allow for the configuration of the identification process of Roesch without needing to explicitly program each and every possibility and to allow the process to be further refined during execution, both of which were very well-known benefits of machine learning.

With regard to claim 2, Roesch in view of Zhang fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the trained ML model be a convolution neural network (CNN) (more specifically, CNN models were well-known in the art.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize a convolution neural network to utilize a known deep learning mechanism, where CNN would allow for the efficient analysis of the packet.  Further, it is noted that the specific model used would be substantially a design choice, where each model would have benefits and disadvantages versus other types of models, where one of ordinary skill in the art would have been motivated to pursue each of these different options based on their specific needs.

With regard to claim 3, Roesch in view of Zhang fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the trained ML model be a long short-term memory (LSTM) model that comprises an artificial recurrent neural network (RNN) architecture used in deep learning or a Gated Recurrent Unit (GRU) model (more specifically, the use of LSTM models with an RNN architecture used in deep learning was known in the art.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize LSTM models comprising an RNN architecture used in deep learning or a GRU model, as these are alternatives over other types of machine learning models, where the specific model used would be substantially a design choice, where each model would have benefits and disadvantages versus other types of models, where one of ordinary skill in the art would have been motivated to pursue each of these different options based on their specific needs.

With regard to claim 4, Roesch in view of Zhang teaches that the input data comprises DHCP option sequence, DHCP option 55 sequence, MAC address string, or HTTP user agent string (Roesch: Figure 10, 1010-1020).

With regard to claim 6, Roesch in view of Zhang fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the trained ML model be implemented with an extensible accelerator core architecture (more specifically, hardware for implementing specific functions, where such hardware is extensible (able to be extended with additional functions), was well-known in the art.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to have an extensible accelerator core architecture to realize the benefits of hardware acceleration, such as typically faster processing than general processors for configured functions, reduced burden on the general processors, and reduced delay associated with the performance of the function, where having such architecture being extensible allows for additional functions to be added, thus reducing the burden associated with adding such additional functions, such as by not requiring the installation of different or additional hardware.

With regard to claims 7-10, 12-16, and 18, the instant claims are similar to claims 1-4 and 6, and are rejected for similar reasons.

Claim Rejections - 35 USC § 103
Claim(s) 5, 11, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Roesch in view of Zhang, and further in view of US 2018/0181593 (Ranzinger).
With regard to claim 5, Roesch fails to teach, but Ranzinger teaches wherein the trained ML model includes one or more layers connected to a loss layer, and wherein each layer connected to the loss layer of the trained ML model represents each network device type in the plurality of network device types (Ranzinger: Paragraph [0043].  A loss layer can be the final layer in a deep learning network, such as a CNN, where such would be connected, at least indirectly, to each preceding layer.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize a loss layer to allow for the treatment of errors to improve the performance of the trained ML models, such that the ML models would learn and adjust weights to better perform its function (Ranzinger: Paragraph [0043]).

With regard to claims 11 and 17, the instant claims are similar to claim 5, and are rejected for similar reasons.

Claim Rejections - 35 USC § 103
Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Roesch in view of Zhang, and further in view of US 2007/0177615 (Miliefsky).
With regard to claim 19, Roesch fails to teach, but Miliefsky teaches that the network device type corresponds with a security policy particular to hardware of the source network device (Miliefsky: Paragraph [0038].  Combinations of hardware and operating systems may by associated with a known vulnerability, where in Roesch, security policies can be applied to devices with known vulnerabilities.  As a note, the term “corresponds” does not provide for what specifically the relationship is or what specifically constitutes the network device type.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to have the network device type corresponds with a security policy particular to hardware of the source network device to allow for vulnerabilities to be assigned based on the device hardware, itself, where combinations of hardware and software (e.g. operating system) may be associated with vulnerabilities that other combinations of different hardware and the same software or the same hardware and different software would not be, thus improving the accuracy of the vulnerability detection of Roesch.

Claim Rejections - 35 USC § 103
Claim(s) 5, 11, and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Roesch in view of Zhang, and further in view of US 2018/0097841 (Stolarz).
With regard to claim 20, Roesch teaches an analog domain (Roesch: Column 33, lines 1-12.  Lacking detail as to what constitutes an analog domain, or how such is implemented, the implementation of the system on hardware would provide such an analog domain, as any transmission of information, even “digital” information, is performed over analog connections.  For example, electrical transmissions over circuit paths, wires, etc., are all analog, where the transmitter converts the data to be sent to an analog signal with the receiver converting such back to digital, where the data could be transmitted, for example, in pulses (with highs representing a 1 and lows representing a 0).).  Roesch fails to teach, but Stolarz teaches implementing a feedback learning loop in an analog domain (such as the circuit pathways and components of Roesch) associated with the trained ML model (Stolarz: Paragraph [0232].  Feedback loops can be used for learning.).   Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize feedback loops to allow the learning models to improve over time, thus improving the operation of the models over time.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT B CHRISTENSEN whose telephone number is (571)270-1144. The examiner can normally be reached Monday through Friday, 6AM to 2PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SCOTT B. CHRISTENSEN
Examiner
Art Unit 2444



/SCOTT B CHRISTENSEN/Primary Examiner, Art Unit 2444