DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
In response to 35 USC 112(b), filed 03/28/2022, the 35 USC 112(b) the previous issues has been resolve, however there are new issues.

In response to 35 USC 112(a), filed 03/28/2022, the 35 USC 112(a) the previous issues has been resolve, however there are new issues.

In response to 35 USC 103, filed 03/28/2022, applicant argues that Tempel reference only discloses that how the agent 1016 (device or node) obtains the updated agent policies from the administrative server, but not how a network device obtains an updated signature rule from a cloud server.
The Examiner respectfully disagrees. The agent acts as the network device that obtains the updated polices from the administrative server that is acting as the cloud server, since the administrative server is connected to the internet.

In response to 35 USC 103, filed 03/28/2022, applicant argues that what is disclosed by Tempel is a process of using the signature for verifying, but not a process of upgrading signature rule itself.
It is noted that the features upon which applicant relies (i.e., a process of upgrading signature rule itself) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).

In response to 35 USC 103, filed 03/28/2022, applicant argues that in Tempel, only that the agent 1016 may send a request for updated agent policies 128 to the administrative server 1002, but under what conditions are met the agent 1016 triggers sending of the upgrade request is not disclosed.
The Examiner respectfully disagrees. Tempel does teach the network device is triggered to send the upgrade request. Tempel discloses “the administrative server may have information to determine if new content is available to the autonomous agent and will only return configuration data to the agent if new data is available. The autonomous agent may periodically poll the administrative server to determine whether or not it has the latest information. If new information is retrieved, the agent will apply the new configuration [Col 4 lines 56-67]. verifying the signature on the updated agent policies 128 and list of agents 1016 [Col 17 lines 18-34]. The agent 1016 may send 1023 a request for updated agent policies 128 to the administrative server 1002.  The agent 1016 may be instructed to poll the administrative server 1002 for updated agent policies using configuration contained in the agent policies [Col 17 lines 45-59]. Updating the agent policies 128 may include applying the new managed node certificates 148, new configurations, etc., to the agent [Col 14 lines 31-33]”. If new data is available means that the current load is not the correct since it is out of date. Therefore, the information needs to be updated. The agent polls “triggers which interprets as asking” the server for the latest information, since the agent does not have the latest information. The agent updated the policies that includes new configuration.

In response to 35 USC 103, filed 03/28/2022, applicant argues that U fails to teach for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device”.
The Examiner respectfully disagrees. U teaches “for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device”. U discloses “ that each node contains type and model of device [0056]. local policy compliance unit 162 may determine whether node 114B is in compliance with one or more of the retrieved security policies. cause node 114A to determine whether node 114B (a target endpoint device, in this example) complies with at least one security policy [0040]. In the case that the node is compliant, the security management device may grant the node access [0058]. Fig. 4A and Fig 4B”. Determine if node B is compliance node A with security policies. The security policies is being interpreted as the signature rule. The node contains type and model of device. A determination is made of the node that contains the type and model with security policies. If the node is compliant the device has access.

In response to 35 USC 103, filed 03/28/2022, applicant argues that there is no motivation to combining Deng with U.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, one of ordinary skill in the art would combine these two references as they both deal with network security. Both references are both classified managing network security and network security policies in general. Furthermore, one would use U for the purpose of improved the security by compiling with the security policies allows one to have access. If device does not comply then it would have no access. The security policies forces the device to be up to date in order to have access.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-2, 4-8, 10-12 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. Claim 1 lines 2 and claim 7 lines 6 contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The specification paragraph 34 recites “when the resources of a network device are sufficient, but the loaded signature rules cannot meet the functions it may take, the network device may actively request for a signature rule from the cloud server to obtain and load the corresponding signature rule so as to achieve the upgrade of the signature rules”. There is no support of triggering a network device to send a upgrade request for a signature rule library to a cloud server in a case that the network device is not correctly loaded the signature rule corresponding to a configuration of resources of the network device. The specification that only discloses triggering is in paragraph [0034] recites “when the resources of a network device are sufficient, but the loaded signature rules cannot meet the functions it may take, the network device may actively request for a signature rule from the cloud server to obtain and load the corresponding signature rule so as to achieve the upgrade of the signature rules”. There is no support of triggering a network device to send a upgrade request for a signature rule library to a cloud server in a case that the network device is not correctly loaded the signature rule corresponding to a configuration of resources of the network device, meaning there is no support of a condition of triggering. The specification just discloses that the network device may actively request, there is no triggering. 
The claims are therefore rendered indefinite. Claims 2, 4-6, 8, 10-12  fall together accordingly as they do not cure the deficiencies of the independent claims. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deng et al. (US 20150074756, hereinafter Deng) in view of U (US 20150281276), and in further view of Tempel et al. (US 9515877).

Re. claim 1, Deng discloses a method of loading a signature rule, comprising: receiving, by a network device (Deng discloses a security device [0011, 0017, 0019]), a signature rule library sent by a cloud server (the cloud server center may specifically include a receiving cluster server, a signature library publishing server [0045]), wherein the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information (security device is configured to send signature rule usage status information corresponding to itself to the cloud server and update a signature rule according to update information after receiving the update information sent by the cloud server [0019]. to obtain a most active threat signature rule identification list, and after generating update information according to the most active threat signature rule identification list, the cloud server sends the update information to each security device to update a signature rule [0020]. A latest signature feature library published by the signature library publishing server [0046]. When the cloud server determines that a security device with an incorrect configuration exists in the security devices, the cloud server generates update information corresponding to the security device with an incorrect configuration. One security device runs a database application under Linux (operating system), and the following configuration manners are all wrong. Signature rules of a database under Windows (operating system) are configured [0041]); 
and loading, by the network device, the signature rule associated with the device type configuration10 information (When the update information is the signature rule ID set list to be updated of the security device, the security device downloads a signature rule set corresponding to the signature rule ID set list from the cloud server and performs updating [0038]. Obtain a loaded signature rule list of each of the at least one security device according to the configuration data of each of the at least one security device, determine a security device with a signature rule to be updated by comparing the loaded signature rule list of each of the at least one security device with the most active threat signature rule identification list, generate update information corresponding to the security device with a signature rule to be updated [0057]).  
Although Deng discloses signature rules according to the configuration data and comparing it, Deng does not explicitly teach but U teaches the device type configuration information includes device type and device model (U teaches that each node contains type and model of device [0056]); 
for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device (local policy compliance unit 162 may determine whether node 114B is in compliance with one or more of the retrieved security policies. cause node 114A to determine whether node 114B (a target endpoint device, in this example) complies with at least one security policy [0040] (determine if node B is compliance node A with security policies as interpreted as signature rule) Fig. 4A and Fig 4B); 
that matches the local device type configuration information of the network device (in the case that node 114A is compliant (Interpreted as matching) ("YES" branch of 212), security management device 116 may grant node 114A access to enterprise network 106 (216) [0058]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng to include the device type configuration information includes device type and device model; for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device; that matches the local device type configuration information of the network device as disclosed by U. One of ordinary skill in the art would have been motivated for the purpose of denying or approval access to the network, improves security (U [0004]).
Although Deng-U discloses updating the signature rule, Deng-U do not explicitly teach but Tempel teaches triggering a network device to send an upgrade request for a signature rule library to a cloud server, in a case that the network device is not correctly loaded the signature rule corresponding to a configuration of resources of the network device, thereby the network device does not meet requirement of functions that are undertaken by the network device (Tempel teaches the administrative server may have information to determine if new content is available to the autonomous agent and will only return configuration data to the agent if new data is available. The autonomous agent may periodically poll the administrative server to determine whether or not it has the latest information. If new information is retrieved, the agent will apply the new configuration [Col 4 lines 56-67]. verifying the signature on the updated agent policies 128 and list of agents 1016 [Col 17 lines 18-34]. The agent 1016 may send 1023 a request for updated agent policies 128 to the administrative server 1002.  The agent 1016 may be instructed to poll the administrative server 1002 for updated agent policies using configuration contained in the agent policies [Col 17 lines 45-59]. Updating the agent policies 128 may include applying the new managed node certificates 148, new configurations, etc., to the agent [Col 14 lines 31-33] Fig. 10, the agent polls “triggers which interprets as asking” the server for the latest information, since the agent does not have the latest information. The agent updated the policies that includes new configuration).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-u to include sending, by a network device, an upgrade request for a signature rule library to a cloud server, in a case that resources of the network device are sufficient currently, but signature rules that have been loaded in the network device currently do not meet requirements of functions that are undertaken by the network device currently as disclosed by Tempel. One of ordinary skill in the art would have been motivated for the purpose of making the configuration of the device more secured and efficient (Temple [Col 3 lines 50-61]).

Re. claim 7, Deng discloses a network device, comprising: receive a signature rule library sent by a cloud server (Deng discloses the cloud server center may specifically include a receiving cluster server, a signature library publishing server [0045]), wherein the signature rule library contains one or more signature rules, each of which is associated with corresponding device type configuration information (the security device is configured to send signature rule usage status information corresponding to itself to the cloud server and update a signature rule according to update information after receiving the update information sent by the cloud server [0019]. to obtain a most active threat signature rule identification list, and after generating update information according to the most active threat signature rule identification list, the cloud server sends the update information to each security device to update a signature rule [0020]. A latest signature feature library published by the signature library publishing server [0046]. When the cloud server determines that a security device with an incorrect configuration exists in the security devices, the cloud server generates update information corresponding to the security device with an incorrect configuration. One security device runs a database application under Linux (operating system), and the following configuration manners are all wrong. Signature rules of a database under Windows (operating system) are configured [0041]); 
and load the signature rule associated with the device type configuration information (the update information is the signature rule ID set list to be updated of the security device, the security device downloads a signature rule set corresponding to the signature rule ID set list from the cloud server and performs updating [0038]. Obtain a loaded signature rule list of each of the at least one security device according to the configuration data of each of the at least one security device, determine a security device with a signature rule to be updated by comparing the loaded signature rule list of each of the at least one security device with the most active threat signature rule identification list, generate update information corresponding to the security device with a signature rule to be updated [0057]). 
Although Deng discloses signature rules according to the configuration data and comparing it, Deng does not explicitly teach but U teaches a processor (U teaches one or more processors [0067]), wherein, by invoking and executing machine-executable instructions corresponding to a signature rule loading control logic stored on a machine-readable storage medium (one or more computer-readable storage media that store instructions corresponding to the software or firmware [0037]), the processor is caused to:10 the device type configuration information includes device type and device model (that each node contains type and model of device [0056]); for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device (local policy compliance unit 162 may determine whether node 114B is in compliance with one or more of the retrieved security policies. cause node 114A to determine whether node 114B (a target endpoint device, in this example) complies with at least one security policy [0040] (determine if node B is compliance node A with security policies as interpreted as signature rule) Fig. 4A and Fig 4B); that matches the local device type configuration information of the network device (U teaches in the case that node 114A is compliant (Interpreted as matching) ("YES" branch of 212), security management device 116 may grant node 114A access to enterprise network 106 (216) [0058]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng to include the device type configuration information includes device type and device model; for each of the signature rules, determining, by the network device, whether device type configuration information associated with the signature rule matches local device type configuration information of the network device; that matches the local device type configuration information of the network device as disclosed by U. One of ordinary skill in the art would have been motivated for the purpose of denying or approval access to the network, improves security (U [0004]).
Although Deng-U discloses updating the signature rule, Deng-U do not explicitly teach but Tempel teaches trigger a network device to send an upgrade request for a signature rule library to a cloud server, in a case that the network device is not correctly loaded the signature rule corresponding to a configuration of resources of the network device, thereby the network device does not meet requirement of functions that are undertaken by the network device (Tempel teaches the administrative server may have information to determine if new content is available to the autonomous agent and will only return configuration data to the agent if new data is available. The autonomous agent may periodically poll the administrative server to determine whether or not it has the latest information. If new information is retrieved, the agent will apply the new configuration [Col 4 lines 56-67]. verifying the signature on the updated agent policies 128 and list of agents 1016 [Col 17 lines 18-34]. The agent 1016 may send 1023 a request for updated agent policies 128 to the administrative server 1002.  The agent 1016 may be instructed to poll the administrative server 1002 for updated agent policies using configuration contained in the agent policies [Col 17 lines 45-59]. Updating the agent policies 128 may include applying the new managed node certificates 148, new configurations, etc., to the agent [Col 14 lines 31-33] Fig. 10, the agent polls “triggers which interprets as asking” the server for the latest information, since the agent does not have the latest information. The agent updated the policies that includes new configuration).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-u to include sending, by a network device, an upgrade request for a signature rule library to a cloud server, in a case that resources of the network device are sufficient currently, but signature rules that have been loaded in the network device currently do not meet requirements of functions that are undertaken by the network device currently as disclosed by Tempel. One of ordinary skill in the art would have been motivated for the purpose of making the configuration of the device more secured and efficient (Temple [Col 3 lines 50-61]).

Claims 2 and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Deng et al. (US 20150074756, hereinafter Deng), U (US 20150281276), Tempel et al. (US 9515877), and in further view of Shin et al. (US 20150304344, hereinafter Shin).
Re. claim 2, Deng-U-Tempel teach the method according to claim 1, wherein receiving the signature rule library sent by the cloud server. Although Deng-U-Tempel discloses signature rule library, Deng-U-Tempel do not explicitly teach but Shin teaches comprises: receiving, by the network device, the signature rule library sent by the cloud server through a 15 Software Defined Network (SDN) controller (Shin teaches a policy and signature management module which manages creation, update and deletion of the real time blocking rules; an external interface module which provides an interface to send and receive policies of the real time blocking rules [0017]. The vIPS sends the created real time blocking rules to an SDN controller [0018]).  
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include receiving, by the network device, the signature rule library sent by the cloud server through a  Software Defined Network (SDN) controller as disclosed by Shin. One of ordinary skill in the art would have been motivated for the purpose of reducing the bottleneck of the cloud datacenter and efficiently construct and utilize the networks and to expand security of the virtual network system (Shin [0004& 0018]).

Re. claim 8, Deng-U-Tempel teach the device according to claim 7, wherein when receiving the signature rule library sent by the 20cloud server. Although Deng-U-Tempel discloses signature rule library, Deng-U-Tempel do not explicitly teach but Shin teaches the machine-executable instructions further cause the processor to: receive the signature rule library sent by the cloud server through a Software Defined Network (SDN) controller (Shin teaches a policy and signature management module which manages creation, update and deletion of the real time blocking rules; an external interface module which provides an interface to send and receive policies of the real time blocking rules [0017]. The vIPS sends the created real time blocking rules to an SDN controller [0018]).  
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include receiving, by the network device, the signature rule library sent by the cloud server through a  Software Defined Network (SDN) controller as disclosed by Shin. One of ordinary skill in the art would have been motivated for the purpose of reducing the bottleneck of the cloud datacenter and efficiently construct and utilize the networks and to expand security of the virtual network system (Shin [0004& 0018]).

Claims 4 and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over  Deng et al. (US 20150074756, hereinafter Deng), U (US 20150281276), Tempel et al. (US 9515877), and in further view of Robitaille et al. (US 20140025790, hereinafter Robitaille).

Re. claim 4, Deng-U-Tempel teach the method according to claim 1. Yet, Deng-U-Tempel do not explicitly disclose but Robitaille discloses wherein the device type configuration information is recorded in a format of Type-Length-Value (TLV) (Robitaille teaches the content of the Advertisement message 311 includes information about the detected or discovered device 302: port identifier, device name, device description, IP address of the device (if known), serial number, firmware/software revision, base MAC address, configuration status, platform identifier, slot identifier, module information, and so on. The information may be encoded using the popular Type-Length-Value (TLV) format [0034]).  
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include wherein the device type configuration information is recorded in a format of Type-Length-Value (TLV) as disclosed by Robitaille. One of ordinary skill in the art would have been motivated for the purpose of having information of interest and in order to encode the information with TLV format, which improves security by having information being encoded (Robitaille [0034]).

Re. claim 10, Deng-U-Tempel teach the device according to claim 7. Yet, Deng-U-Tempel do not explicitly teach but Robitaille teaches wherein the device type configuration information is recorded 30 in a format of Type-Length-Value (TLV) (Robitaille teaches the content of the Advertisement message 311 includes information about the detected or discovered device 302: port identifier, device name, device description, IP address of the device (if known), serial number, firmware/software revision, base MAC address, configuration status, platform identifier, slot identifier, module information, and so on. The information may be encoded using the popular Type-Length-Value (TLV) format [0034]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include wherein the device type configuration information is recorded in a format of Type-Length-Value (TLV) as disclosed by Robitaille. One of ordinary skill in the art would have been motivated for the purpose of having information of interest and in order to encode the information with TLV format, which improves security by having information being encoded (Robitaille [0034]).

Claims 5 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over  Deng et al. (US 20150074756, hereinafter Deng), U (US 20150281276), Tempel et al. (US 9515877), and in further view of Robinson et al. (US 20080005285, hereinafter Robinson).

Re. claim 5, Deng-U-Tempel teach the method according to claim 1. Although Deng-U-Tempel discloses loading an updated signature rule with a change of configuration and a version number, Deng-U-Tempel do not explicitly teach but Robinson teaches wherein loading the signature rule comprises: 25determining, by the network device, whether a version number of the signature rule is higher than that of a signature rule loaded by the network device, and loading, by the network device, the signature rule when the version number of the signature rule is higher than that of the signature rule loaded by the network device (Robinson teaches a policy can require that the program is up to date, such as by date of installation or version number [0036]. A configuration may be a known directory path where the antivirus program is generally installed. A configuration may be a location of where the process is executing. Accordingly, the policy key 210 can search for the path of the program to determine if the program is installed and a date of the installation. The policy key 210 can also identify a version number of the program during the scanning for ensuring an up-to-date compliance. [0046]). 30  
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include wherein loading the signature rule comprises: determining, by the network device, whether a version number of the signature rule is higher than that of a signature rule loaded by the network device, and loading, by the network device, the signature rule when the version number of the signature rule is higher than that of the signature rule loaded by the network device as disclosed by Robitaille. One of ordinary skill in the art would have been motivated for the purpose of ensuring that the policy is updated based on the newer version number, which leads to critical security policies being enforced (Robinson [0036]).

Re. claim 11, Deng-U-Tempel teach the device according to claim 7. Although Deng-U-Tempel discloses loading an updated signature rule with a change of configuration and a version number, Deng-U-Tempel do not explicitly teach but Robinson teaches wherein when loading the signature rule to the network device, the machine-executable instructions further cause the processor to: determine whether a version number of the signature rule is higher than that of a signature rule 5loaded by the network device, and
    PNG
    media_image1.png
    7
    3
    media_image1.png
    Greyscale
load the signature rule to the network device when the version number of the signature rule is higher than that of the signature rule loaded by the network device (Robinson teaches a policy can require that the program is up to date, such as by date of installation or version number [0036]. A configuration may be a known directory path where the antivirus program is generally installed. A configuration may be a location of where the process is executing. Accordingly, the policy key 210 can search for the path of the program to determine if the program is installed and a date of the installation. The policy key 210 can also identify a version number of the program during the scanning for ensuring an up-to-date compliance. [0046]).  
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include wherein loading the signature rule comprises: determining, by the network device, whether a version number of the signature rule is higher than that of a signature rule loaded by the network device, and loading, by the network device, the signature rule when the version number of the signature rule is higher than that of the signature rule loaded by the network device as disclosed by Robitaille. One of ordinary skill in the art would have been motivated for the purpose of ensuring that the policy is updated based on the newer version number, which leads to critical security policies being enforced (Robinson [0036]).

Claims 6 and 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over  Deng et al. (US 20150074756, hereinafter Deng), U (US 20150281276), Tempel et al. (US 9515877), and in further view of Schultz et al. (US 20170063927, hereinafter Schultz).

Re. claim 6, Deng-U-Tempel teach the method according to claim 1. Although Deng-U-Tempel discloses that only the needed information is extract, Deng-U-Tempel do not explicitly teach but Shultz teaches further comprising:73025599.113 PP186153USdiscarding, by the network device, the signature rule associated with the device type configuration information that does not match the local device type configuration information of the network device (Schultz teaches matching the device identifier information included therein with the active security policy 118, and either allowing or denying the packet to be forwarded to the application function block (such as where the active security policy is enforced by the network function block 112) or accepting or discarding the packets (such as where the active security policy 118 is enforced by the application function block 114) (this is interpreted as accepting when it is matching and discarding when it is does not match[0041]). 5  
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include discarding, by the network device, the signature rule associated with the device type configuration information that does not match the local device type configuration information of the network device as disclosed by Robitaille. One of ordinary skill in the art would have been motivated for the purpose of discarding packets to go forward, improves security by the packets are permitted to pass as long as they conform to the active security policy (Schultz [0036 and 0042]).

Re. claim 12, Deng-U-Tempel teach the device according to claim 7. Although Deng-U-Tempel discloses that only the needed information is extract, Deng-U-Tempel do not explicitly teach but Shultz teaches wherein the machine-executable instructions further cause the 10 processor to: discard the signature rule associated with the device type configuration information that does not match the local device type configuration information of the network device (Schultz teaches matching the device identifier information included therein with the active security policy 118, and either allowing or denying the packet to be forwarded to the application function block (such as where the active security policy is enforced by the network function block 112) or accepting or discarding the packets (such as where the active security policy 118 is enforced by the application function block 114) [0041]).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify the method disclosed by Deng-U-Tempel to include discarding, by the network device, the signature rule associated with the device type configuration information that does not match the local device type configuration information of the network device as disclosed by Robitaille. One of ordinary skill in the art would have been motivated for the purpose of discarding packets to go forward, improves security by the packets are permitted to pass as long as they conform to the active security policy (Schultz [0036 and 0042]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Oh (US 20100037317) discloses the external module method call, which may include various data, is compared to the signature rules that are correlated to an attack attempt. If there is a match, then a resulting action part defined in the signature rule is evaluated. Otherwise, the external module is invoked. Latest signature rules can be downloaded.
Burgett (US 9665535) discloses update the configuration parameters if configuration server 160 determines that such configuration parameters do not match the configuration parameters stored (e.g., if the configuration parameters on the device are not current or up to date)

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEVIN A AYALA whose telephone number is (571)270-3912. The examiner can normally be reached Monday-Thursday 8AM-5PM; Friday: Variable EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/K.A./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496