Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-6, 8-10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Epstein (US 2017/0262523) in view of Kavi (US 2018/0176262)


Regarding Claim 1,

Epstein (US 2017/0262523) teaches a method comprising:
accessing a message of a communication associated with a device coupled to a network (Paragraph [0015] “message” of communication which includes data from the device coupled to the network) determining a plurality of values associated with a plurality of respective portions of the packet (Paragraph [0028] “list of open ports, operating system version, DHCP option list, MAC address…”);  
accessing a threshold value; determining, by a processing device, a device identification of the device based on at least one of the plurality of values and the threshold value; and storing the device identification (Paragraph [0025] “if the new device signature is measured…to be within the predetermined threshold…add new device signature”)
Epstein does not explicitly teach wherein the wherein the message of communication is a packet and apply a security policy based on the device identification
Kavi (US 2018/0176262) teaches wherein the message of communication is a packet (Paragraph [0028] teaches a message of communication is a packet) and apply a security policy based on the device identification (Paragraph [0030] teaches applying a security policy based on device identification)

It would have been obvious to one of ordinary skill in the art to modify Epstein the security policy of Kavi 

The motivation is to categorize and a uniform security applied to a group (Paragraph [0030] of Kavi)


Regarding Claim 2,

Epstein and Kavi teaches the method of claim 1. Epstein teaches wherein the determining of the device identification comprises comparing the threshold value to a combination of at least two values of the plurality of values (Paragraph [0028] “each signature may have multiple coordinates…”).  

Regarding Claim 3,

Epstein and Kavi teaches the method of claim 1. Epstein teaches wherein the determining of the plurality of values associated with the plurality of respective portions of the packet comprises passive packet analysis (Paragraph [0015] “this information may be collected passively”).  

Regarding Claim 4,

Epstein and Kavi teaches the method of claim 1 further comprising: 
applying a respective weight to each respective value of the plurality of values associated with the packet, wherein the determining of the device identification is based on at least one of the plurality of values and at least one respective weight (Paragraph [0017, 0028, 0030]).  


Regarding Claim 6,

Epstein and Kavi teaches the method of claim 1. Epstein teaches wherein a value of the plurality of values is based on a dynamic host control protocol (DHCP) parameter of the packet (Paragraph [0015] “DHCP”).  

Regarding Claim 8,

Epstein and Kavi teaches the method of claim 1. Epstein teaches wherein a value of the plurality of values is based on a protocol associated with the packet (Paragraph [0015] “device identification information…from network protocols”).  

Regarding Claim 9,

Epstein and Kavi teaches the method of claim 1. Epstein teaches wherein a value of the plurality of values is based on a banner associated with the packet (Paragraph [0015] “Banner Grabbing”).  

Regarding Claim 10,

Epstein and Kavi teaches the method of claim 1. Epstein teaches wherein a value of the plurality of values is based on a media access control (MAC) address associated with the packet (Paragraph [0015] “MAC address”).  



Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Epstein in view of Kavi in view of Desai (US 2018/0234326)


Regarding Claim 5,

Epstein and Kai teaches the method of claim 1, but does not explicitly teach wherein a value of the plurality of values is based on a cipher suite associated with the device
Desai teaches wherein a value of the plurality of values is based on a cipher suite associated with the device (Paragraph [0007] “device fingerprinting….TLS/SSL”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to substitute the identifying value in Epstein with the identifying value of cipher suite associated of Desai and the results would be predictable (i.e. Epstein would use cipher suite associated as an identifying value)




Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Epstein and Kavi in view of Arkin (US 2007/0297349).

Regarding Claim 7,

Epstein and Kavi teaches the method of claim 1. While Epstein teaches wherein a value of the plurality of values is based on a dynamic host control protocol (DHCP) option (Paragraph [0028] “DHCP option list”), Epstein does not explicitly teach wherein the value is based on an DHCP operating system parameter of the packet
Arkin (US 2007/0297349) teaches wherein the identification value is based on an DHCP operating system parameter of the packet (Paragraph [0106] “analyzes…DHCP messages to identify the operating system”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to substitute the identifying value of DHCP option in Epstein with the identifying value of DHCP operating system of Arkin and the results would be predictable (i.e. Epstein would use DHCP operating system parameter as an identifying value)

Double Patenting
A rejection based on double patenting of the “same invention” type finds its support in the language of 35 U.S.C. 101 which states that “whoever invents or discovers any new and useful process... may obtain a patent therefor...” (Emphasis added). Thus, the term “same invention,” in this context, means an invention drawn to identical subject matter. See Miller v. Eagle Mfg. Co., 151 U.S. 186 (1894); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Ockert, 245 F.2d 467, 114 USPQ 330 (CCPA 1957).
A statutory type (35 U.S.C. 101) double patenting rejection can be overcome by canceling or amending the claims that are directed to the same invention so they are no longer coextensive in scope. The filing of a terminal disclaimer cannot overcome a double patenting rejection based upon 35 U.S.C. 101.
Claim 11-15 is/are rejected under 35 U.S.C. 101 as claiming the same invention as that of claim 1-5 of prior U.S. Patent No. 10,862,885. This is a statutory double patenting rejection.


The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.


Claims 16-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 6-10 of U.S. Patent No. 10,862,885. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the instant application removes limitations from the parent application. It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to remove limitations from the US patent 10,862,885 and the results would be predictable.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439