DETAILED ACTION
The Amendment filed on June 09th, 2022 has been entered and made of record.
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. Ian Atzet on August 24rdth, 2022. During the telephone conference, Mr. Atzet has agreed and authorized the Examiner to amend claims 1, 8, 10 & 16-17, to cancel claims 7, 15 & 18.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 06/09/2020, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Examiner’s Amendment
An Examiner’s Amendment to the record appears below. Should the changes and/or additions be unacceptable to the Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Claims
Replacing claims 1, 8, 10 & 16-17, canceling claims 7, 15 & 18 as following:
Claim 1: (Currently Amended) A method, comprising:
in response to receiving, by a network appliance, a first request to access a protected network resource from an endpoint device, wherein the endpoint device is assigned a role and includes a client software module configured to communicate with the network appliance:
determining, by the network appliance, which compliance information related to policies is associated with access of the protected network resource by the endpoint device having the assigned role;
requesting, by the network appliance, all of the determined compliance information from the client software module;
evaluating, by the network appliance, the compliance of the endpoint device based on the compliance information received from the client software module to determine a compliance state and providing access based on the compliance state;
storing, by the network appliance, the received compliance information in a database associated with the network appliance;
in response to receiving, by the network appliance, first updated compliance information that includes only updated ones of the compliance information required by the policies, evaluating, by the network appliance, the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state; [[and]] 
providing, by the network appliance, access to the protected network resource to the endpoint device based on the updated compliance state; and
after a first time period, deleting the compliance information stored in the database,
wherein the compliance information includes at least one of an identity of an antivirus product, settings of the antivirus product, an identity of a firewall product, settings of the firewall product, an identity of a patch management product, settings of the patch management product, a status of an application, a presence of a file on the device, a status of one or more ports, or settings of registry keys.

Claim 7: (Canceled)

Claim 8: (Currently Amended) The method of claim [[1]] 6, further comprising deleting, after [[a]] the first time period, the first updated compliance information stored in the database.

Claim 10: (Currently Amended) A network appliance configured to enforce one or more policies for accessing a protected network resource on a private network, the network appliance comprising:
at least one hardware processor; and 
a non-transitory computer-readable medium having encoded therein programming code executable by the at least one hardware processor to perform or control performance of operations in response to receiving a first request to access the protected network resource from an endpoint device having an assigned role and including a client software module configured to communicate with the network appliance, the operations comprising:
determine, using a policy database, which compliance information related to policies is associated access of the protected network resource by the endpoint device having the assigned role; 
request all of the determined compliance information from the client software module;
evaluate the compliance of the endpoint device based on the compliance information received from the client software module to determine a first compliance state and provide access based on the compliance state;
store the received compliance information in a database associated with the network appliance; 
in response to receiving first updated compliance information that includes only updated ones of the compliance information required by the policies, evaluate the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state; [[and]] 
provide access to the protected network resource to the endpoint device based on the updated compliance state; and
after a first time period, deleting the compliance information stored in the database,
wherein the compliance information includes at least one of an identity of an antivirus product, settings of the antivirus product, an identity of a firewall product, settings of the firewall product, an identity of a patch management product, settings of the patch management product, a status of an application, a presence of a file on the device, a status of one or more ports, or settings of registry keys.

Claim 15: (Canceled)

Claim 16: (Currently Amended) The network appliance of claim [[15]] 10, further comprising in response to receiving, by the network appliance, a third request to access the protected network resource from the endpoint device after the first time period, requesting all of the determined compliance information from the client software module.

Claim 17: (Currently Amended) A method, comprising:
in response to receiving, by a network appliance, a request to access a protected network resource from an endpoint device that includes a client software module configured to communicate with the network appliance:
determining, by the network appliance, whether a compliance database includes compliance information associated with the endpoint device;
in response to the compliance database not including the compliance information associated with the endpoint device:
determining, by the network appliance, which of the compliance information related to policies associated with access of the protected network resource by the endpoint device based on the protected network resource and a role assigned to the endpoint device; and 
requesting, by the network appliance, all of the determined compliance information from the client software module;
in response to the compliance database including the compliance information associated with the endpoint device, accessing, by the network appliance, the compliance information of the endpoint device stored in the database and requesting an update from the endpoint device;
evaluating, by the network appliance, the compliance of the endpoint device based on the compliance information to determine a compliance state; [[and]] 
providing, by the network appliance, access to the protected network resource to the endpoint device based on the compliance state; and
deleting, after a first time period, the compliance information stored in the compliance database, 
wherein the compliance information includes at least one of an identity of an antivirus product, settings of the antivirus product, an identity of a firewall product, settings of the firewall product, an identity of a patch management product, settings of the patch management product, a status of an application, a presence of a file on the device, a status of one or more ports, or settings of registry keys.

Claim 18: (Canceled)

Examiner’s Statement of reason for Allowance
Claims 7, 15 and 18 were canceled. Claims 1-6, 8-14, 16-17 and 19-20 are allowed.
The following is an examiner’s statement of reasons for allowance:
The present invention is directed methods and a network appliance for optimize compliance evaluation of endpoints. The closest prior arts, as previously recited, Sobel (U.S. Pub. Number 2004/0103310) and Jayanti Venkata (U.S. Pub. Number 2016/0088021) are also generally direct to various aspects for enforcement of compliance with network security policies and policy-based compliance management and remediation of devices in an enterprise system. However, none of Sobel and Venkata teaches or suggests, alone or in combination, the particular combinations of steps or elements as recited in the independent claims 1, 10 and 17. For example, none of the cited prior arts teaches or suggests the elements of “in response to receiving, by a network appliance, a first request to access a protected network resource from an endpoint device, wherein the endpoint device is assigned a role and includes a client software module configured to communicate with the network appliance: determining, by the network appliance, which compliance information related to policies is associated with access of the protected network resource by the endpoint device having the assigned role; requesting, by the network appliance, all of the determined compliance information from the client software module; evaluating, by the network appliance, the compliance of the endpoint device based on the compliance information received from the client software module to determine a compliance state and providing access based on the compliance state; storing, by the network appliance, the received compliance information in a database associated with the network appliance; in response to receiving, by the network appliance, first updated compliance information that includes only updated ones of the compliance information required by the policies, evaluating, by the network appliance, the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state; providing, by the network appliance, access to the protected network resource to the endpoint device based on the updated compliance state; and after a first time period, deleting the compliance information stored in the database, wherein the compliance information includes at least one of an identity of an antivirus product, settings of the antivirus product, an identity of a firewall product, settings of the firewall product, an identity of a patch management product, settings of the patch management product, a status of an application, a presence of a file on the device, a status of one or more ports, or settings of registry keys.” Therefore, the claims are allowable over the cited prior arts.
Claims 2-6, 8-9, 11-14, 16 & 19-20  are allowed because of their dependence from independent claims 1, 10 & 17.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
           
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KHOI V LE/
Primary Examiner, Art Unit 2436