DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to amendment filed on 2/4/2022.  Claims 1, 5, 8, and 12-16 have been amended by the Applicant. Claims 1-20 have been examined.  This action is Final.

Response to Amendment

Applicant’s arguments with respect to claim(s) have been considered but are moot, because the Applicant argues newly added limitations on pages 11-12 that include, “the pre-determined hash value is based on the default password of said device, wherein the default password is set at the time of manufacture or installation of the device”.  New art has been applied to the newly added limitation, Marinho et al. (2019/0245845). Thus, because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
On page 8-9 of the Applicant’s argument, the Applicant argues the previous 101 rejection.  2A Prong One, does in fact have a mental process, the mental process is the “comparing step” in the independent claims.  One can perform this step in the mind, comparing a hashes, which is simply strings of data can be performed in the mind.  The Applicant argues an “alert that the device is security non-compliant” a human mind cannot provide an alert.  The alert is simply an output of a result, which the Examiner did not state could be performed in the mind.  The “comparing step” can be performed in the mind, and the Applicant did not address the “comparing step” in the arguments in relation to Prong one.
On pages 9-10, the Applicant argues 2A Prong Two, states that there is an improvement in technology.  Further, the Applicant states that, “comparing a generated hash values against a pre-determined hash value based on a default password of a device reflects an improvement to IoT.  The Examiner disagrees with the Applicant.  The improvement, integration of a practical application has to happen outside of the Abstract idea.  Thus, the only other steps outside the Abstract idea of the “comparing step” are the “receiving” and “providing” steps.  The receiving step is data gathering, and the providing step, is just the output of the result.  Neither one of these steps is an integration of the abstract idea in to a practical application.
On page 10 of the Applicant’s argument, the Applicant argues 2B, there is not significantly more, once again, the Applicant is using the “comparing” step to show significantly more, the “comparing” step is the abstract idea.  The claims remain rejected under 101 for the following reasons above.
On pages 10-11 of the Applicant’s argument, a 112 (f) was previously done on claims 12-15.  However, since the Applicant has amended the claims, 112(f) is no longer invoked.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 13 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 13 recites the limitation "the processing circuit" in line 3 of claim 12.  There is insufficient antecedent basis for this limitation in the claim.  Claim 13 should recite, “a processing circuit”.  Claims 17 and 19 also recited “the processing circuit”; however, if claim 13 is amended to include “a processing circuit”, then claims 17 and 19 reciting “the processing circuit” is proper.  If the Applicant chooses, to amend by removing “the processing circuit” in claim 13, then claims 17 and 19 should also be amended by removing “the processing circuit”.

Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are directed to an abstract idea without integrating into a practical application nor being significantly more. 

Claims 1, 8, and 12 recites the limitation, “comparing… the hash value with a predetermined hash value, and determining if non-compliant or compliant”, the limitation as drafted, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for recitation of generic components.  That is other than, processing circuit of said device, server, and configuration compliance evaluator, the claim elements precludes the step from practically being performed in the mind.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas, and the claims fall within “Mathematical relationship”: “generating a hash value”. Accordingly, the claims recite an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claim recites additional elements additional elements “generating and receiving” steps.  The processing circuit in the “generating” step is recited at a high level of generality, as a generic circuit of performing a generic function of generating a hash value.  This generic processing circuit of said device is no more than mere instructions to apply the exception using a generic component.  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Furthermore, the claim recites additional element of “receiving” is recited at a high level of generality, as a server performing the function of receiving information, such as a hash value.  This generic server is no more than mere instructions to apply the exception using a generic component.   The configuration compliance evaluator, is no more than mere instructions to apply the exception using a generic component. The additional elements in the claim amounts to no more than mere instructions to apply the exception using generic computer components.  Mere instructions to apply an exception using generic computer components cannot integrate a judicial exception into a practical application or provide an inventive concept.  
Regarding claims 2-7, 9-11, and 13-20; Claims 2-7, 9-11 and 13-20 are also rejected under 35 USC 101 as being directed to non-statutory subject matter for the same reasons addressed above.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-3, 5-8, and 10 are rejected under 35 U.S.C. 103 as being unpatentable over May et al. (2007/0250627) in view of Doane (9,300,643), and further in view of Marinho et al. (2019/0245845).
As per claim 1, May discloses a method for verifying security compliance of one or more devices on a network, said method comprising (May: para. 0009, verifying security compliance of a client computer (i.e. device)):
receiving, by a server, a generated hash value from a processing circuit for configuration data of the device (May: para. 0043, 0045, and 0115, the processor circuit/microprocessor of the client computer transmits the generated hash value, and gateway node (i.e. server), receives the generated hash value from the processor circuit/microprocessor (i.e. processing circuit),  generating, a hash value for configuration codes (i.e. configuration data) of the client computer)).
May does not explicitly disclose comparing, by the server, the hash value received with a pre-determined hash value for said configuration data of said device, wherein said device is determined as security non-compliant when the received hash value is equal to the pre-determined hash value, and said device is determined as security compliant when the received hash value is different than the pre-determined hash value.
However, in analogous art of Doane discloses comparing, by the server, the hash value received with a pre-determined hash value for said configuration data of said device (Doane: col. 6, lines 62-66, col. 7, lines 3-7, and See Fig. 3; comparing, by the credential verification servers (i.e. server), the hash value received with a stored hash (i.e. pre-determined hash value) for said authentication credential (i.e. configuration data) of said client)), wherein said device is determined as security non-compliant when the received hash value is equal to the pre-determined hash value, and said device is determined as security compliant when the received hash value is different than the pre-determined hash value (Doane: See Fig. 3, #308, #310, col. 19, lines 38-50, client device is determined to not be in compliance when the received hash is matched to the pre-determined hash value, if the device is determine as compliant when the received hash value is not matched with the pre-determined hash value).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include comparing, by the server, the hash value received with a pre-determined hash value for said configuration data of said device, wherein said device is determined as security non-compliant when the received hash value is equal to the pre-determined hash value, and said device is determined as security compliant when the received hash value is different than the pre-determined hash value of Doane with method of May’s processing circuit, the motivation is that this a security measure that insures the uniqueness of the authentication credentials that meet the guidelines and/or best practices in selecting secure authentication credentials (Doane: col. 5, lines 50-55).
May and Doane do not explicitly disclose default password of said device, wherein the default password is set at the time of manufacture or installation of the device; and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant.
However, analogous art of Marinho discloses default password of said device, wherein the default password is set at the time of manufacture or installation of the device (Marinho: para. 0068, default password of the device, the Examiner asserts a default password is set at time of manufacture); and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant (Marinho: para. 0068-0071, and 0073, determination of security non-compliant, the new password and the default password if identical is non-compliant, the device refuses to set the new password as the default password, an alert is the device fails).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include default password of said device, wherein the default password is set at the time of manufacture or installation of the device; and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant of the system/method of Marinho with the combination of May and Doane, the motivation is that failing any such test/assessment results in failing to pass that particular set of criteria is an efficient security measure with respect to password management (Marinho: para. 0060).
As per claim 2, May, Doane, and Marinho discloses the method of claim 1.  May further discloses wherein generating the hash value further comprises (May: para. 0115, generating, a hash value for configuration codes (i.e. configuration data) of the client computer), by a microprocessor (i.e. processing circuit) of client computer):
analyzing, the configuration data by employing hash function (May: para. 0115, analyzing (i.e. reading) the configuration codes (i.e. configuration data) to generate the hash value by applying a hash function); and
determining, the hash value based on the analysis of the configuration data (May: para. 0115, determining the hash value based on analysis of the configuration codes, the hash value is determined (i.e. checked)).

As per claim 3, May, Doane, and Marinho discloses the method of claim 1.
Doane further discloses wherein comparing the hash values further comprises device (Doane: col. 6, lines 62-66, col. 7, lines 3-7, and See Fig. 3; comparing, by the credential verification servers (i.e. server), the hash value received with a stored hash (i.e. pre-determined hash value) for said authentication credential (i.e. configuration data) of said client)):
determining, the configuration data for which the hash value is received (Doane: col. 10, lines 39-55, determining, the authentication credentials (i.e. configuration data) for which the hash value (i.e. one-way hash) is received);
extracting, the pre-determined hash value corresponding to the determined configuration data of said device from a repository, wherein said repository is configured to store pre-determined hash values corresponding to multiple configuration data for each device on said network (Doane: col. 12, lines 46-60, 65-67, col. 13, lines 1-4, 8-14, and col. 18, lines 13-25, extracting the stored hash value (i.e. one-way hash) corresponding to the determined authentication credentials (i.e. configuration data) of the client stored in the credential database (i.e. repository), the repository stores a collection of hash values corresponding to multiple authentication credentials); and
utilizing, the pre-determined hash value extracted from the repository for comparison with the hash value (Doane: col. 18, lines 17-25, utilizing the stored hash value extracted from the credential database for comparison with the received hash value) received from the processing circuit (May: 0043, 0045, the processor circuit/microprocessor).
Same Motivation as claim 1 above.

As per claim 5, May, Doane, and Marinho discloses the method of claim 1.
Doane further discloses wherein said configuration data is a password, and the generated hash value is a present password (Doane: col. 9, lines 26-27, col. 12, lines 16-30, configuration data (i.e. password), the generated hash value is a received password).
	Same Motivation as claim 1 above.

As per claim 6, May, Doane, and Marinho discloses the method of claim 1.
May further discloses transmitting, the generated hash value towards the server as a message, wherein said generated hash value is part of said message (May: para. 0066, 0074, transmitting, the generated hash value towards the gateway node (i.e. server) as a message, the transmission is a message the Examiner asserts and the generated hash value is part of the transmission).

As per claim 7, May, Doane, and Marinho discloses the method of claim 1.  Doane further discloses  wherein said configuration data comprises at least one of port data, status of Secure Socket Shell (SSH), status of Telnet, password, and firmware version (Doane: para. 0066, 0074, password, only one is required according to the claim “at least one”).
Same Motivation as claim 1 above.

As per claim 8, May discloses a method for verifying security compliance of a device on a network, the method comprising:
May discloses receiving, a generated hash value from a processing circuit for configuration data of said device (May: para. 0043, 0045, and 0115, the processor circuit/microprocessor of the client computer transmits the generated hash value, and gateway node (i.e. server), receives the generated hash value from the processor circuit/microprocessor (i.e. processing circuit),  generating, a hash value for configuration codes (i.e. configuration data) of the client computer)). 
May does not explicitly disclose receiving, by a configuration compliance evaluator, a generated hash value from a processing circuit for configuration data of said device; and comparing, by the configuration compliance evaluator, the hash value received from the processing circuit with a pre-determined hash value for default authentication credentials of said device, wherein said device is determined as security non-compliant when the received hash value is equal to the pre-determined hash value, and said device is determined as security compliant when the received hash value is different than the pre-determined hash value.
Doane discloses receiving, by a configuration compliance evaluator, the generated hash value; and comparing, by the configuration compliance evaluator, the hash value received from with a pre-determined hash value for default authentication credentials of said device (Doane: col. 12, lines 65-67, col. 13, lines 1-4, receiving, by a credential verification module (i.e. configuration compliance evaluator), the generated hash value and comparing, the credential verification module, the hash value received with a stored hash value for the stored (i.e. default) authentication credentials of the device), wherein said device is determined as security non-compliant when the received hash value is equal to the pre-determined hash value, and said device is determined as security compliant when the received hash value is different than the pre-determined hash value (Doane: See Fig. 3, #308, #310, col. 19, lines 38-50, client device is determined to not be in compliance when the received hash is matched to the pre-determined hash value, if the device is determine as compliant when the received hash value is not matched with the pre-determined hash value). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include comparing, by the server, the hash value received with a pre-determined hash value for said configuration data of said device, wherein said device is determined as security non-compliant when the received hash value is equal to the pre-determined hash value, and said device is determined as security compliant when the received hash value is different than the pre-determined hash value of Doane with method of May’s processing circuit, the motivation is that this a security measure that insures the uniqueness of the authentication credentials that meet the guidelines and/or best practices in selecting secure authentication credentials (Doane: col. 5, lines 50-55).
May and Doane do not explicitly disclose default password of said device, wherein the default password is set at the time of manufacture or installation of the device; and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant.
However, analogous art of Marinho discloses default password of said device, wherein the default password is set at the time of manufacture or installation of the device (Marinho: para. 0068, default password of the device, the Examiner asserts a default password is set at time of manufacture); and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant (Marinho: para. 0068-0071, and 0073, determination of security non-compliant, the new password and the default password if identical is non-compliant, the device refuses to set the new password as the default password, an alert is the device fails).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include default password of said device, wherein the default password is set at the time of manufacture or installation of the device; and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant of the system/method of Marinho with the combination of May and Doane, the motivation is that failing any such test/assessment results in failing to pass that particular set of criteria is an efficient security measure with respect to password management (Marinho: para. 0060).
As per claim 10, May, Doane, and Marinho disclose the method of claim 8.
Doane further discloses extracting, by the configuration compliance evaluator, the pre-determined hash value for said device from a repository (Doane: col. 18, lines 8-22, credential verification module (i.e. confirmation compliance evaluator) the stored hash value (i.e. predetermined hash value) for said device from credential database (i.e. repository)), wherein said repository is configured to store pre-determined hash values corresponding to a plurality of devices on said network (Doane: col. 18, lines 8-22, repository is configured to store hash values (i.e. pre-determined hash values), it is stored in credential database); and utilizing, by the configuration compliance evaluator, the pre-determined hash value extracted from the repository for comparison with the hash value (Doane: col. 18, lines 8-22, utilizing, by the credential verification module (i.e. confirmation compliance evaluator) received from the processing circuit (May: 0043, 0045, the processor circuit/microprocessor) .
Same Motivation as claim 8 above.

Claims 4, 9, and 11, are rejected under 35 U.S.C. 103 as being unpatentable over May et al. (2007/0250627) in view of Doane (9,300,643), in view of Marinho et al. (2019/0245845) and further in view of Hong et al. (2015/0254458).

As per claim 4, May, Doane, and Marinho discloses the method of claim 1.
May, Doane, and Marinho does not explicitly disclose further comprises: generating, a logic high signal when the received hash value is equal to the pre- determined hash value indicating security non-compliance of said device; and reporting, security non-compliance of the device upon generation of the logic high signal.
However, in analogous art of Hong discloses generating, a logic high signal when the received hash value is equal to the pre- determined hash value indicating security non-compliance of said device; and reporting, security non-compliance of the device upon generation of the logic high signal (Hong: para. 0105-0106, generating, a logic high signal (i.e. logic high level) when the reference hash value RHASH is equal to a verification hash value VHASH  indicating security non-compliance of said device when the RHASH and VHASH are equal/same, thus a logic high level is signaled, and  reporting the comparison signal to the control circuit).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include generating, a logic high signal when the received hash value is equal to the pre- determined hash value indicating security non-compliance of said device; and reporting, security non-compliance of the device upon generation of the logic high signal of the system/method of Hong with the combination of May, Doane, and Marinho, the motivation is that this an efficient security measure that detects when there is no integrity, by providing an indication alerting using a logic high signal (Hong: para. 0117).

As per claim 9, May, Doane, and Marinho discloses the method of claim 8.
May, Doane, and Marinho do not explicitly disclose further comprises: generating, by the configuration compliance evaluator, a logic high signal when the received hash value is equal to the pre-determined hash value indicating security non-compliance of said device; and reporting, by the configuration compliance evaluator, security non-compliance of the device upon generation of the logic high signal.
However, analogous art of Hong discloses generating, by the configuration compliance evaluator (Hong: para. 0105, comparator (i.e. configuration compliance evaluator), a logic high signal when the received hash value is equal to the pre-determined hash value indicating security non-compliance of said device (Hong: para. 0105-0106, generating, a logic high signal (i.e. logic high level) when the reference hash value RHASH is equal to a verification hash value VHASH  indicating security non-compliance of said device when the RHASH and VHASH are equal/same, thus a logic high level is signaled); and reporting, by the configuration compliance evaluator, security non-compliance of the device upon generation of the logic high signal (Hong: para. 0105-0106, reporting the comparison signal to the control circuit).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to generating, by the configuration compliance evaluator, a logic high signal when the received hash value is equal to the pre-determined hash value indicating security non-compliance of said device; and reporting, by the configuration compliance evaluator, security non-compliance of the device upon generation of the logic high signal of the system/method of Hong with the combination of May, Doane, and Marinho, the motivation is that this an efficient security measure that detects when there is no integrity, by providing an indication alerting using a logic high signal (Hong: para. 0117).

As per claim 11, May, Doane, and Marinho disclose the method of claim 8.
Doane further discloses updating, by the configuration compliance evaluator, the pre-determined hash value with the received hash value in said repository (Doane: col. 18, lines 66-67, col. 19, lines 1-3, 50-55, updating the stored hash value with the received hash value in the credential database (i.e. repository)); and periodically compare, by the configuration compliance evaluator, the received hash value of authentication credentials and said updated pre-determined hash value for said device to determine security non-compliance of said device (Doane: col. 17, lines 15-20, col. 19, lines 38-47, each time the web service computer makes a credential verification request, the comparator will periodically compare the received hash value of the authentication credentials with updated (i.e. stored) hash value).
May, Doane, and Marinho do not explicitly disclose generating, by the configuration compliance evaluator, a logic low signal when the received hash value and the pre-determined hash value are different.
Hong discloses generating, by the configuration compliance evaluator, a logic low signal when the received hash value and the pre-determined hash value are different (Hong: para. 0105, generating by the comparator (i.e. configuration compliance evaluator), a logic low signal (i.e. logic low level) when the RHASH and VHASH are different).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include generating, by the configuration compliance evaluator, a logic low signal when the received hash value and the pre-determined hash value are different of the system/method of Hong with the method of May, Doane, and Marinho, the motivation is that this an efficient security measure that detects when there is no integrity, by providing an indication alerting using a logic high signal (Hong: para. 0117).

Claims 12, and 16 are rejected under 35 U.S.C. 103 as being unpatentable Doane (9,300,643) in view of Marinho et al. (2019/0245845).

As per claim 12, Doane discloses a system for verifying security compliance of a device on a network, said system comprising (Doane: col. 19, lines 38-50, verifying security compliance of a client computer (i.e. device)): 
Doane discloses a server configured to receive a hash value generated by employing a hash function on configuration data of said device, said server comprising: 
a repository configured to store a pre-determined hash value for the configuration data of said device (Doane: col. 18, lines 8-22, repository is configured to store hash values (i.e. pre-determined hash values), it is stored in credential database); and 
one or more processors configured to compare the received hash value with the pre-determined hash value (Doane: col. 18, lines 8-22, utilizing, by the credential verification module (i.e. confirmation compliance evaluator), wherein said device is determined as security non-compliant when the received hash value is equal to the pre-determined hash value, and said device is determined as security compliant when the received hash value is different than the pre-determined hash value (Doane: See Fig. 3, #308, #310, col. 19, lines 38-50, client device is determined to not be in compliance when the received hash is matched to the pre-determined hash value, if the device is determine as compliant when the received hash value is not matched with the pre-determined hash value).
Doane do not explicitly disclose default password of said device, wherein the default password is set at the time of manufacture or installation of the device; and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant.
However, analogous art of Marinho discloses default password of said device, wherein the default password is set at the time of manufacture or installation of the device (Marinho: para. 0068, default password of the device, the Examiner asserts a default password is set at time of manufacture); and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant (Marinho: para. 0068-0071, and 0073, determination of security non-compliant, the new password and the default password if identical is non-compliant, the device refuses to set the new password as the default password, an alert is the device fails).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include default password of said device, wherein the default password is set at the time of manufacture or installation of the device; and providing, in response to the determination of security non-compliant, an alert that the said device is security non-compliant of the system/method of Marinho with the Doane, the motivation is that failing any such test/assessment results in failing to pass that particular set of criteria is an efficient security measure with respect to password management (Marinho: para. 0060).

As per claim 16, Doane and Marinho discloses the system of claim 12.
Doane further discloses wherein said configuration data comprises a present password (Doane: col. 9, lines 26-28). 
Same Motivation as claim 12.

Claims 13-15 are rejected under 35 U.S.C. 103 as being unpatentable Doane (9,300,643) in view of Marinho et al. (2019/0245845), and further in view of Hong et al. (2015/0254458).
As per claim 13, Doane and Marinho disclose the system of claim 12.
Doane discloses determine the configuration data for the received hash value from the processing circuit, and extract the pre-determined hash value corresponding to the determined configuration data from the repository (Doane: col. 12, lines 46-60, 65-67, col. 13, lines 1-4, 8-14, and col. 18, lines 13-25, extracting the stored hash value (i.e. one-way hash) corresponding to the determined authentication credentials (i.e. configuration data) of the client stored in the credential database (i.e. repository), the repository stores a collection of hash values corresponding to multiple authentication credentials); and compare the received hash value the processing circuit with the pre-determined hash value extracted from the repository (Doane: col. 18, lines 17-24,  each device has a processing circuit, credential verification module (i.e. digital comparator)).
Doane and Marinho do not explicitly disclose generate a logic high signal indicating security non-compliance of said device, when the received hash value is equal to the pre-determined hash value. 
Hong discloses generate a logic high signal indicating security non-compliance of said device, when the received hash value is equal to the pre-determined hash value (Hong: para. 0105-0106, generating, a logic high signal (i.e. logic high level) when the reference hash value RHASH is equal to a verification hash value VHASH indicating security non-compliance of said device when the RHASH and VHASH are equal/same, thus a logic high level is signaled). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to generate a logic high signal indicating security non-compliance of said device, when the received hash value is equal to the pre-determined hash value of the system/method of Hong with the combination of Doane and Marinho, the motivation is that this an efficient security measure that detects when there is no integrity, by providing an indication alerting using a logic high signal (Hong: para. 0117).     


As per claim 14, Doane and Marinho disclose the system of claim 12. 
            Doane further discloses update the pre-determined hash value with the received hash value in said repository (Doane: col. 18, lines 66-67, col. 19, lines 1-3, 50-55, updating the stored hash value with the received hash value in the credential database (i.e. repository)); and periodically compare the received hash value of configuration data and said updated pre-determined hash value for said device to determine security compliance of said device (Doane: col. 17, lines 15-20, col. 19, lines 38-47, each time the web service computer makes a credential verification request, the comparator will periodically compare the received hash value of the authentication credentials with updated (i.e. stored) hash value). 
Doane and Marinho do not explicitly disclose wherein said generate a logic low signal when the received hash value and the pre-determined hash value are different.
Hong discloses generate a logic low signal when the received hash value and the pre-determined hash value are different (Hong: para. 0105, generating by the comparator (i.e. configuration compliance evaluator), a logic low signal (i.e. logic low level) when the RHASH and VHASH are different).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to generate a logic low signal when the received hash value and the pre-determined hash value are different of the system/method of Hong with the method of Doane and Marinho, the motivation is that this an efficient security measure that detects when there is no integrity, by providing an indication alerting using a logic high signal (Hong: para. 0117).


           As per claim 15, Doane, Marinho, and Hong disclose the system of claim 13.
           Hong further discloses wherein said generate a flag signal reporting security non-compliance of said device upon generation of the logic high signal (Hong: para. 0105, comparator (i.e. configuration compliance evaluator) comprises a comparison signal (i.e. notifier), to generate a flag signal to report security non-compliance (i.e. RHASH and VHASH the same) upon generation of the logic high signal (i.e. logic high level)). 
Same Motivation as claim 13.

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Doane (9,300,643), and in view of Marinho et al. (2019/0245845) and further in view of McChord et al (2018/0006870).
            As per claim 17, Doane and Marinho disclose the system of claim 12.
Doane and Marinho do not explicitly disclose to transmit said hash value as part of a message, wherein said message is a heartbeat message. 
McChord discloses transmit said hash value as part of a message, wherein said message is a heartbeat message (McChord: para. 0097, 0125, transmit said hash value as part of a heartbeat message (i.e. heartbeat includes hash codes).
It would have been obvious to one of ordinary skill in the art before the effective filing date to the claimed invention to include transmit said hash value as part of a message, wherein said message is a heartbeat message of the system/method of McChord with the processing circuit combination of Doane and Marinho, the motivation is that this is an efficient technique that if the heartbeat message is not received in a certain time/interval the heartbeat is assumed to have failed to arrive at the destination, thus integrity is protected (McChord: para. 0125).

7.	Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Doane (9,300,643), and in view of Marinho (2019/0245845) and  further in view of Dellow (2008/0222428).            As per claim 18, Doane and Marinho disclose the system of claim 12.
           Doane and Marinho do not explicitly disclose wherein said pre-determined hash value is associated with default configuration data applied during manufacturing or installation. 
	Dellow discloses wherein said pre-determined hash value is associated with default configuration data applied during manufacturing or installation (Dellow: para. 0017, pre-determined hash value (i.e. stored hash value) is associated with a default configuration data (i.e. original configuration data) applied during manufacturing). 
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include wherein said pre-determined hash value is associated with default configuration data applied during manufacturing or installation of the system/method of Dellow with Doane and Marinho, the motivation is that in order to prevent any successful manipulation, a hash value of the configuration at the time of manufacturer is stored (Dellow: para. 0017).
   




Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable Doane (9,300,643) in view of Marinho et al. (2019/0245845), and May et al. (2007/0250627).

As per claim 19, Doane and Marinho discloses the system of claim 12.
Doane and Marinho does not explicitly disclose further discloses wherein said processing circuit comprises: a memory configured to store the hash function; and a processor configured to: analyze the configuration data by employing said hash function; and determine said hash value for the analyzed configuration data.
May discloses further discloses wherein said processing circuit comprises: a memory configured to store the hash function (May: para. 0067, processing circuit (i.e. microprocessor/processor circuit) memory (i.e. computer readable medium) to store the hash function); and a processor configured to: analyze the configuration data by employing said hash function (May: para. 0115, analyzing (i.e. reading) the configuration codes (i.e. configuration data) to generate the hash value by applying a hash function); and determine said hash value for the analyzed configuration data (May: para. 0115, determining the hash value based on analysis of the configuration codes, the hash value is determined (i.e. checked)).
It would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to include wherein said processing circuit comprises: a memory configured to store the hash function; and a processor configured to: analyze the configuration data by employing said hash function; and determine said hash value for the analyzed configuration data of the system/method of May with Doane and Marinho, the motivation is that there is a desire to exercise control over the configuration of the operation and configuration of security software on networked client computers (May: para. 0008).
             As per claim 20, May and Doane discloses the system of claim 12.
May further discloses wherein said server shares a same or different network with the device being verified for security compliance (May: para. 0025, 0074, server (i.e. gateway node) shares a different network (i.e. second network) with device being verified for security compliance).
Same motivation as claim 19 above.




                                                                Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
6/16/2022
/J.E.J/Examiner, Art Unit 2439                                                                                                                                                                                                        

/KARI L SCHMIDT/Primary Examiner, Art Unit 2439