DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Preliminary Amendment, received on 23 November 2020, has been entered into record.  In this amendment, claims 17, 19, and 22 have been canceled.
Claims 1-16, 18, 20, 21, and 23 are presented for examination.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 23 is rejected under 35 U.S.C. 101 as not falling within one of the four statutory categories of invention.  Claim 23 recites “a computer-readable storage medium” which typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media.  Therefore, claim 23 is considered to be non-statutory.  While the specification discusses hardware embodiments to the medium (see specification [0081-0082]), the specification nor the claim language limits the interpretation of the medium to just hardware.  

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 2, 5, 6, 12, 13, 16, and 23 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Carnes, III et al. (US 2020/0067935 A1 and Carnes hereinafter).
As to claims 1 and 23, Carnes discloses a system and method for providing device identification and redirection using whitelisting traffic classification, the system and method having:
determining, by a computing system, a trust score for a network entity in a computer network, the trust score for the network entity indicating a level of trust in the network entity (0054, lines 6-10); 
modifying, by the computing system, a traffic pattern of the computer network based on the trust score for the network entity (0119, lines 5-9).

As to claim 12, Carnes discloses:
one or more processors comprising processing circuitry configured to (0120, lines 1-4): 
determining, by a computing system, a trust score for a network entity in a computer network, the trust score for the network entity indicating a level of trust in the network entity (0054, lines 6-10); 
modifying, by the computing system, a traffic pattern of the computer network based on the trust score for the network entity (0119, lines 5-9); 
one or more storage devices configured to store the trust score for the network entity (0121).

As to claims 2 and 13, Carnes discloses:
wherein modifying the traffic pattern comprises changing, by the computing system, based on the trust score for the network entity, the traffic pattern to divert network traffic away from or direct the network traffic to the network entity (0119, lines 5-9).

As to claims 5 and 16, Carnes discloses:
wherein determining the trust score for the network entity comprises: determining, by the computing system, the trust score for the network entity based on one or more variable factors for the network entity, wherein each of the one or more variable factors for the network entity corresponds to a current characteristic of the network entity (0054, lines 6-16).

As to claim 6, Carnes discloses:
wherein the variable factors include whether software of the network entity is limited to approved applications only, whether the software of the network entity is limited to a first class of applications, or whether the software of the network entity includes a second class of applications (0106, lines 1-4).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 7 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Carnes as applied to claims 1 and 12 above, and further in view of Lester et al. (US Patent 10,432,605 B1 and Lester hereinafter.
As to claims 7 and 18, Carnes fails to specifically disclose:
determining, by the computing system, the trust score for the network entity based on one or more reputational factors for the network entity, wherein each of the reputational factors for the network entity is a function of specified historical events involving the network entity.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Carnes, as taught by Lester.
Lester discloses a system and method for scalable risk-based authentication, the system and method having:
determining, by the computing system, the trust score for the network entity based on one or more reputational factors for the network entity, wherein each of the reputational factors for the network entity is a function of specified historical events involving the network entity (col. 14, lines 11-15).
Given the teaching of Lester, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Carnes with the teachings of Lester by determining trust score based on reputation factors. Lester recites motivation by disclosing that using a trust score based on historical data and factors can dynamically generate an identity trust score (col. 14, lines 11-15). It is obvious that the teachings of Lester would have improved the teachings of Carnes by determining trust score based on reputation factors in order to dynamically generate an identity trust score.

Claim(s) 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Carnes as applied to claim 1 above, and further in view of Reybok, Jr. et al. (US 2017/0171231 A1 and Reybok hereinafter).
As to claim 11, Carnes fails to specifically disclose:
wherein the method further comprises modifying, by the computing system, a testing pattern for the network entity based on the trust score for the network entity.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Carnes, as taught by Reybok.
Reybok discloses a system and method for network threat assessment, the system and method having:
wherein the method further comprises modifying, by the computing system, a testing pattern for the network entity based on the trust score for the network entity (0066).
Given the teaching of Reybok, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Carnes with the teachings of Reybok by modifying a testing pattern based on a trust score.
Reybok recites motivation by disclosing that actions may be taken in response to scoring in order to develop accurate, actionable threat data and spot emerging trends in network attacks (0066, lines 18-27). It is obvious that the teachings of Reybok would have improved the teachings of Carnes by modifying a test pattern based on a trust score in order to spot emerging trends in network attacks.

Allowable Subject Matter
Claims 3, 4, 8-10, 14, 15, 20, and 21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Ananthanpillai et al. (US 2018/0075563 A1) discloses a system and method for radial data visualization.
Connor, II et al. (US 2009/0100504 A1) discloses a system and method for adaptively determining trust in client-server environments.
Herrera-Yagüe et al. (US Patent 9,363,283 B1) discloses a system and method for reputation scoring.
Jakobsson (US 2018/0091453 A1) discloses a system and method for multi-level security analysis and intermediate delivery of an electronic message.
Keith, Jr. (US 2022/0043913 A1) discloses a system and method for analytics with shared traits.
Kraemer (US 2016/0373486 A1) discloses a system and method for security policy deployment and enforcement for detection and control of polymorphic and targeted malware.
Shull et al. (WO 2006/094275 A2) discloses a system and method for trust evaluation.
Stoback et al. (US 2015/0074390 A1) discloses a system and method for classifying risk level in user agent by combining multiple evaluations.
Trepagnier et al. (US 2020/0012796 A1) discloses a system and method for risk rating of vulnerabilities.
Zeng et al. (US 2019/0268366 A1) discloses a system and method for managing risk of vulnerabilities and corresponding change actions to address malware threats.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SARAH SU/Primary Examiner, Art Unit 2431