Notice of Pre-AIA  or AIA  Status
Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/2/20 and 10/7/21 have been considered by the Examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-3, 6, 7, 10-13, 16, 17, & 20 are rejected under 35 U.S.C. 102(a)(1) and 102(a)(2) as being anticipated by Ginter (U.S. Patent Publication 2005/0015624).

Regarding claims 1 and 11:
Ginter discloses a system and method comprising: one or more measurement trackers, the measurement trackers to measure metrics regarding one or more managed devices in a network (e.g. paragraphs 0007-0008, including: “The one or more inputs may include at least one of: a manual input, a metric about a system in said network, a metric about said network, a derived value determined using a plurality of weighted metrics including one metric about said network, a derived value determined using a plurality of metrics, and an external source from said network.”); a logger to generate a log based on the information detected by the measurement trackers and to transmit a report based on the generated log to a recipient (e.g. paragraph 0009, including: “The method may also include: monitoring a log file; and extracting said second level of reporting information from said log file, wherein said log file includes log information about a computer system upon which said agent is executing.”); and a non-compliance enforcer to initiate one or more security actions based on the one or more measurement trackers indicating that a measured metric exceeds an associated threshold measurement value (e.g. paragraph 0015, including: “The condition may be associated with an alarm condition and an alarm condition may be set when a current level of a metric is not in accordance with a predetermined threshold value. Each of said notification messages may include a first level of information about said condition and a second level of information used to perform at least one of the following: determine a cause of said condition, and take a corrective action for said condition.”).

Regarding claims 2 and 12:	Ginter further discloses wherein the one or more measurement trackers includes a mean time to detection tracker that tracks a mean time to a detection of a change at each of the one or more managed devices (e.g. paragraph 0009, including: “The reporting may be performed by an agent that sends a report, said report including one of: a timestamp which increases with time duration, and a sequence number which increases with time duration, used by a receiver of said report. The receiver may use said one of said timestamp or said sequence number in authenticating a report received by said receiver as being sent by said agent, said receiver processing received reports having said one of a timestamp or sequence number which is greater than another one of a timestamp or sequence number associated with a last report received from said agent.”).

Regarding claims 3 and 13:	Ginter further discloses wherein the one or more measurement trackers includes a mean time to isolation tracker that tracks a mean time to an isolation of each managed device of the one or more managed devices when a change is detected at the managed device (paragraphs 0138-0139).

Regarding claims 6 and 16:	Ginter further discloses wherein the one or more measurement trackers includes a mean time to repair tracker that tracks a mean time to repair a managed device of the one or more managed devices after a change is detected at the managed device (paragraph 0131).

Regarding claims 7 and 17:	Ginter further discloses wherein the one or more measurement trackers includes a mean time to service tracker that tracks a mean time to restore a service provided by the one or more managed devices in the network after a disruption of the service caused by a change detected at a managed device of the one or more managed devices (paragraph 0126).


Regarding claims 10 and 20:	Ginter further discloses wherein the one or more security actions includes rolling back a state of a managed device to an earlier known good state when a measured metric for that managed device exceeds the associated threshold measurement value (paragraph 0126).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4, 5, 8, 14, 15, & 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ginter as applied to claims 1 & 11 above, and further in view of Kumar (U.S. Patent Publication 2013/0298244).

Regarding claims 4 and 14:	Although Ginter discloses wherein the one or more measurement trackers includes a hacker investigation tracker (e.g. paragraph 0195), it does not appear that Ginter tracks a time spent by a malicious attacker at a managed device of the one or more managed devices.  However, Kumar discloses a related invention for monitoring devices on a network including inter alia tracking how long a hacker has been attacking the network (i.e. onset of attack plus duration: Kumar, paragraph 0145).  It would have been obvious prior to the effective filing date of the instant application to track a time spent by a malicious attacker at a managed device of the one or more managed devices, as this information is useful in determining a remediation action to perform on an infected device (e.g. Kumar, paragraph 0156).

Regarding claims 5 and 15:	The combination further discloses wherein the managed device is a honeypot designed to provide dummy resources for a malicious attacker to access, the dummy resources being attractive to the malicious attacker (Kumar, paragraph 0086).

Regarding claims 8 and 18:	Ginter does not explicitly disclose wherein the one or more measurement trackers includes a time to compliance tracker that tracks a time for the measured metrics of the one or more managed devices to return to values that are within the threshold measurement values after one or more of the measured metrics exceeds their respective threshold measurement values.  However, Kumar discloses a related invention for monitoring devices on a network including inter alia a compliance scanner to measure how compliant the managed devices are to the security policies of the network (e.g. Kumar, paragraphs 0093-0095).  It would have been obvious prior to the effective filing date of the instant application to include a compliance tracker as one of the metrics in the Ginter invention, as doing so allows one to create integrity profiles for one’s managed devices, for more effective monitoring (e.g. Kumar, paragraph 0098).

Claims 9 & 19 are rejected under 35 U.S.C. 103 as being unpatentable over Ginter as applied to claims 1 & 11 above, and further in view of Bradley (U.S. Patent 7,082,463).

Regarding claims 9 and 19:	Ginter does not explicitly disclose wherein the associated threshold measurement values are specified in a service level agreement for the system.  However, Bradley discloses a related invention for monitoring managed devices (e.g. col. 5, line 37 – col. 6, line 5) wherein this limitation is explicitly taught (col. 4, lines 19-27).  It would have been obvious prior to the effective filing date of the instant invention to specify threshold values for monitoring in a service level agreement, as doing so was a known option within the grasp of a person of ordinary skill in the art for effectively monitoring the level of service being provided by a service provider to a customer (see also Bradley at col. 2, lines 45-55)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
U.S. Patents 11,100,232 (Juncker) & 9,117,069 (Oliphant)
U.S. Patent Publications 2017/0201545 (Nicodemus) & 2016/0330221 (Dulkin)
“Securing Management and Managing Security” (Jacobs)
“IBM Security Solutions Architecture for Network, Server, and Endpoint” (Buecker)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        6/18/2022