Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/24/2020 was filed after the mailing date of the application on 6/24/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chandrasekharan (US Patent 10277557) in view of Kargman (US Patent 8775802).


As per claim 1: Chandrasekharan discloses an electronic device, comprising: 
a network communications interface (fig. 2 element 202); 
a processor (fig. 2 element 130); and 
a memory in communication with the processor and configured to store instructions that, when executed by the processor, cause the processor to, instantiate a set of processes (fig. 2 element 140); 
receive, over a network and via the network communications interface, a policy for network socket creation; receive, from the set of processes, a set of requests to create a first set of network sockets used to communicate over the network via the network communications interface (see Chandrasekharan; claim 1; The disclosed apparatus may include (1) a storage device that stores a port list definition as a bitmap that identifies port numbers of network socket ports and (2) a physical processor that (A) formats the port list definition such that the bitmap includes (I) a first set of indices that each represent an offset of one or more network socket ports); 
collect telemetry pertaining to a second set of network sockets used to communicate over the network via the network communications interface (claim 1; (II) a second set of indices that are each paired to an index within the first set of indices and each correspond to port numbers of the network socket ports and whose values are calculated based on the offset of the paired index).
However, Chandrasekharan does not specifically disclose allow or block creation of network sockets in the first set of network sockets, in accordance with the collected telemetry and the policy for network socket creation; and transmit at least some of the telemetry to a controller, over the network and via the network communications interface (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Chandrasekharan and Kargman in it’s entirety, to modify the technique of Chandrasekharan for a first & second set of indices that each represent an offset of one or more network socket ports by adopting Kargman's teaching for filtering socket creation and access. The motivation would have been to improve host-based network socket security controls.
As per claim 2:  The electronic device of claim 1, wherein the telemetry includes at least one of: first indicators of users or processes generating the set of requests; second indicators of port numbers associated with the set of requests; third indicators of Internet Protocol (IP) addresses associated with the set of requests; or fourth indicators of times associated with the set of requests (see Chandrasekharan; claim 1; The disclosed apparatus may include (1) a storage device that stores a port list definition as a bitmap that identifies port numbers of network socket ports and (2) a physical processor that (A) formats the port list definition such that the bitmap includes (I) a first set of indices that each represent an offset of one or more network socket ports).
As per claim 3: The electronic device of claim 1, wherein the telemetry includes at least one of: a type of file accessed via a network socket; a file name accessed via a network socket; a time of use of a network socket; a location of use of a network socket; or a use profile for a network socket (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software). 
As per claim 4: The electronic device of claim 1, wherein the telemetry includes at least one of; indicators of blocked requests to create network sockets; or indicators of allowed requests to create network sockets (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 5: The electronic device of claim 1, wherein the second set of network sockets includes the first set of network sockets (claim 1; (II) a second set of indices that are each paired to an index within the first set of indices and each correspond to port numbers of the network socket ports and whose values are calculated based on the offset of the paired index).
As per claim 6: The electronic device of claim 1, wherein the policy for network socket creation identifies at least one of: a process allowed to create network sockets; or a process prohibited from creating network sockets (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 7: The electronic device of claim 1, wherein the policy for network socket creation indicates at least one of: a first set of port numbers or a first set of IP addresses that a process is allowed to use when requesting creation of a network socket; or a second set of port numbers or a second set of IP addresses that a process is prohibited from using when requesting creation of a network socket (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 8: The electronic device of claim 1, wherein the policy for network socket creation indicates at least one of: a first set of times when a process is allowed to request creation of a network socket; or a second set of times when a process is prohibited from requesting creation of a network socket (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 9: Chandrasekharan discloses a server, comprising:
a network communications interface (fig. 2 element 202);
a processor (fig. 2 element 130); and
a memory in communication with the processor and configured to store instructions that, when executed by the processor (fig. 2 element 140), cause the processor to, receive, via the network communications interface, telemetry pertaining to creation or use of a set of network sockets used by at least one host device to communicate over a network (see Chandrasekharan; claim 1; The disclosed apparatus may include (1) a storage device that stores a port list definition as a bitmap that identifies port numbers of network socket ports and (2) a physical processor that (A) formats the port list definition such that the bitmap includes (I) a first set of indices that each represent an offset of one or more network socket ports);
However, Chandrasekharan does not specifically disclose create or update a policy for network socket creation using the telemetry; and transmit the policy for network socket creation via the network communications interface to a host device (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Chandrasekharan and Kargman in it’s entirety, to modify the technique of Chandrasekharan for a first & second set of indices that each represent an offset of one or more network socket ports by adopting Kargman's teaching for filtering socket creation and access. The motivation would have been to improve host-based network socket security controls.
As per claim 10: The server of claim 9, wherein: the telemetry pertains, at least in part, to creation of the set of network sockets; and the telemetry comprises at least one of: first indicators of users or processes generating a set of requests to create the set of network sockets; second indicators of port numbers associated with the set of requests; third indicators of Internet Protocol (IP) addresses associated with the set of requests; or fourth indicators of times associated with the set of requests (see Chandrasekharan; claim 1; The disclosed apparatus may include (1) a storage device that stores a port list definition as a bitmap that identifies port numbers of network socket ports and (2) a physical processor that (A) formats the port list definition such that the bitmap includes (I) a first set of indices that each represent an offset of one or more network socket ports).
As per claim 11: The server of claim 9, wherein: the telemetry pertains, at least in part, to use of the set of network sockets; and the telemetry comprises at least one of: a type of file accessed via a network socket; a file name accessed via a network socket; a time of use of a network socket; a location of use of a network socket; or a use profile for a network socket (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 12: The server of claim 9, wherein the set of network sockets is associated with a single host device (col 11, lines 30-34; certain embodiments, communication interface 822 may also represent a host adapter configured to facilitate communication between computing system 800 and one or more additional network or storage devices via an external bus or communications channel). 
As per claim 13: The server of claim 9, wherein the set of network sockets is associated with a set of multiple host devices (col 11, lines 30-34; certain embodiments, communication interface 822 may also represent a host adapter configured to facilitate communication between computing system 800 and one or more additional network or storage devices via an external bus or communications channel).
As per claim 14: The server of claim 9, wherein the policy for network socket creation identifies at least one of:
a process allowed to create network sockets; or a process prohibited from creating network sockets (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 15: The server of claim 9, wherein the policy for network socket creation indicates at least one of:
a first set of port numbers or a first set of IP addresses that a process is allowed to use when requesting creation of a network socket; or a second set of port numbers or a second set of IP addresses that a process is prohibited from using when requesting creation of a network socket (see Chandrasekharan; claim 1; The disclosed apparatus may include (1) a storage device that stores a port list definition as a bitmap that identifies port numbers of network socket ports and (2) a physical processor that (A) formats the port list definition such that the bitmap includes (I) a first set of indices that each represent an offset of one or more network socket ports).
As per claim 16: The server of claim 9, wherein the policy for network socket creation indicates at least one of:
a first set of times when a process is allowed to request creation of a network socket; or a second set of times when a process is prohibited from requesting creation of a network socket (see Chandrasekharan; claim 1; The disclosed apparatus may include (1) a storage device that stores a port list definition as a bitmap that identifies port numbers of network socket ports and (2) a physical processor that (A) formats the port list definition such that the bitmap includes (I) a first set of indices that each represent an offset of one or more network socket ports).
As per claim 17: The server of claim 9, wherein: the host device to which the policy for network socket creation is transmitted is a first host device; and
the processor is configured to create or update the policy for network socket creation using at least a portion of the telemetry received from a second host device (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 18: The server of claim 9, wherein the telemetry is received from at least one agent instantiated on the at least one host device (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
As per claim 19: Chandrasekharan discloses a method of providing network security for at least one host device, comprising (See abstract):
receiving at a server, over a network and from the at least one host device, telemetry pertaining to creation or use of a set of network sockets used by the at least one host device to communicate over a network (see Chandrasekharan; claim 1; The disclosed apparatus may include (1) a storage device that stores a port list definition as a bitmap that identifies port numbers of network socket ports and (2) a physical processor that (A) formats the port list definition such that the bitmap includes (I) a first set of indices that each represent an offset of one or more network socket ports). 
However, Chandrasekharan does not specifically disclose creating or updating, at the server and using the telemetry, a policy for network socket creation; and transmitting the policy for network socket creation over the network to a host device (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Chandrasekharan and Kargman in it’s entirety, to modify the technique of Chandrasekharan for a first & second set of indices that each represent an offset of one or more network socket ports by adopting Kargman's teaching for filtering socket creation and access. The motivation would have been to improve host-based network socket security controls.
As per claim 20: The method of claim 19, further comprising: transmitting the policy for network socket creation to each host device of the at least one host device (See Kargman; claim 6; Network sockets may be filtered within the kernel mode framework for isolated process groups to control how the isolated process group processes access networks resources. This is accomplished by using the kernel mode module for filtering socket creation and access. The determination of whether to allow connections to external network resources is mandated by policies setup during initial configuration of the system software). 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANTHONY D BROWN/Primary Examiner, Art Unit 2433