DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	This office action is responsive to amendment filed on 07/26/2022.

Response to Amendment
	The Examiner has acknowledged the amended claims 1 – 2, 5, 9 – 10, and 13.

Response to Arguments
Applicant's arguments filed on 07/26/2022 have been fully considered but they are not persuasive.
	Regarding Applicant’s argument (page 7) that Applicant submits that although paragraph 169 of Hankins describes various operating systems of devices that may be enabled for communication with other devices, there is no suggestion or contemplation that the traffic might be encrypted. Further, Hankins appears to suggest that traffic may be monitored by humans (paragraph 37) and that the origination of words is reviewable {abstract), both of which would not be possible with respect to encrypted traffic.
The Examiner respectfully disagrees with Applicant’s assertion because Hankins discloses that The DLP can use standard and/or custom dictionaries to continuously monitor the users 1002, including compressed and/or SSL-encrypted traffic (see paragraph [0053]).

The Examiner contends that the applied reference reads on the claimed language. Also, the Examiner did not rely solely on paragraphs [224 and 225] as argued by Applicant and such paragraphs have been remove for sake of argument.

It appears that applicants are interpreting the claims very narrow without considering the teaching of the reference used in the rejection. Applicants are reminded that the examiner is entitled to the broadest reasonable interpretation of the claims. The Applicants always have the opportunity to amend the claims during prosecution and broad interpretation by the examiner reduces the possibility that the claim, once issued, will be interpreted more broadly than is justified. In re Prater 162 USPQ 541,550-51 (CCPA 1969). 
In view of such, the rejections are maintained and repeated as follows:

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1 - 16 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hankins et al (US 2022/0109685; hereinafter Hankins).
	Regarding claim 1, Hankins discloses a method for classifying a device accessing a computer  network, the method comprising:
providing a framework of models configured to classify the device (abstract; paragraphs [0004 – 0005], [0184]);
reviewing an encrypted network traffic flow (paragraph [0053]; Hankins discloses that the DLP can use standard and/or custom dictionaries to continuously monitor the users 1002, including compressed and/or SSL-encrypted traffic) associated with the device (paragraphs [0035], [0037], [0053]; Hankins discloses that network administrators (e.g., human operators who may be experienced in networking technology) perform services that included monitoring network communications (e.g., network traffic to look for suspicious network device activity);
extracting flow attributes associated with the encrypted network traffic flow (paragraphs [0053], [0077]; Hankins discloses that iteratively evaluating the effect on accuracy of a classifier of filtering from selected network flow communication parameters the identified characters or other elements; and extracting from selected network flow parameters identified characters or other elements for which evaluation of filtering thereof indicates an improvement in accuracy);
deriving further flow attributes based on the extracted flow attributes (paragraph [0077]; Hankins discloses that identifying elements and/or sub-elements to be extracted may, in an embodiment, be performed without human intervention, for example, by searching a large set of flow detail records for elements that occur with a high frequency across all network devices that have been sampled);
determining at least one model of the framework of models based on the derived flow attributes and extracted flow attributes (paragraphs [0035], [0069]; Hankins discloses that particular elements for network communication flow parameters may vary, for example, by network, by network device under evaluation, and/or set of network devices under evaluation. Thus, some elements may be more meaningful than others for training a classifier to identify a network device); and
classifying the device associated with the encrypted network traffic flow based on the at least one model (paragraphs [0069], [0053]; Hankins discloses that relative usefulness of an element to train a classifier to identify a network device typically may be related to its frequency with respect to network communications involving the particular network device relative to its frequency with respect to network communications amongst a large variety of network devices in a large variety of networks).
Regarding claim 2, Hankins discloses a method for classifying a device according to claim 1, wherein classifying the device comprises determining a device type, device make, a device model, or a device screen size, and a platform of the device (paragraphs [0144], [0169]; Hankins discloses Network devices capable of operating as a server device, a client device and/or otherwise, may include, as examples, dedicated rack-mounted servers, desktop computers, laptop computers, set top boxes, tablets, netbooks, smart phones, wearable devices, integrated devices combining two or more features of the foregoing devices).
Regarding claim 3, Hankins discloses a method for classifying a device according to claim 2 wherein the device type is classified as one of the group comprising: a tablet, a phone, a laptop, a desktop, a home device and an Internet-of-things device (paragraphs [0004], [0032], [0144]).
Regarding claim 4, Hankins discloses a method for classifying a device according to claim 2 wherein the device platform is classified as one of the group comprising: a Windows platform, an Android platform, and an iOS platform (paragraphs [0144], [0169]).
Regarding claim 5, Hankins discloses a method for classifying a device according to claim 1, further comprising:
determining a confidence level of the classification of the device associated with the encrypted network traffic flow (paragraphs [0053], [0077], [0112]; Hankins discloses that if increasing PVU size does not produce satisfactory results, another option may be to train a classifier with more sample variety (e.g., more records from a wider variety of network devices) in order to improve accuracy);
comparing the confidence level with a predetermined threshold (paragraphs [0077], [0112]; Hankins discloses that vectorized PVUs do not change in this situation because different models are to be used for comparison to a known result. Thus, results between different models may be compared to select an approach that results with a better accuracy than alternatives):
if the confidence level is higher than the predetermined threshold, marking the device associated with the network traffic flow as classified (paragraphs [0077], [0112]; Hankins discloses that if a higher accuracy score remains desired despite the two previous ways to attempt to improve accuracy , different machine learning approaches may be used as another way to attempt to improve prediction accuracy); and 
if the confidence level is lower than the predetermined threshold (paragraphs [0070], [0116]; Hankins discloses that a low or a relatively low qualitative value for identification of a particular network device with respect to elements or sub-elements of network communication flow parameters refers to a relatively small marginal increase), determining whether there is User Agent string associated with the traffic flow (paragraph [0061]; Hankins discloses that the term identifier refers to a character sequence (e.g., character string) used for purposes of identification of a network attribute related to a network communication flow);
if there is a User Agent string available, extracting device data from the User Agent String (paragraphs [0120 - 0123], [0219]; Hankins discloses that customers may have an opportunity to provide custom labels and descriptions for any network device, such as via a user interface, such as the example embodiment shown in FIG. 7. These labels and descriptions may provide further details in the form of character strings (e.g., text) capable of being processed during later training and testing phases); and 
updating the classification with the extracted device data (paragraphs [0120 - 0123]; Hankins discloses that Labels, such as provided by customers, for example, may be used to improve accuracy of an existing classifier by indicating that some character strings should be given a higher weighting. For example, assume a customer labels a device with the character string “rachio.” It is noted that future versions of a classifier may look for that character string within a PVU and amplify a weighting to be assigned to a PVU that includes the character sting).
Regarding claim 6, Hankins discloses a method for classifying a device according to claim 1, further comprising: 
determining an accuracy level for at least one model of the frameworks of models (paragraph [0104]); 
comparing the accuracy level to a predetermined accuracy threshold (paragraphs [0077], [0112]; Hankins discloses that vectorized PVUs do not change in this situation because different models are to be used for comparison to a known result. Thus, results between different models may be compared to select an approach that results with a better accuracy than alternatives); 
if the accuracy level is higher than the accuracy threshold, continue using the at least one model of the framework of models (paragraphs [0077], [0112]); otherwise, updating or removing the model from the framework of models (paragraphs [0110], [0120 - 0123]; Hankins discloses that then current classifiers may be updated in place, thereby potentially continually improving accuracy for discovering new network devices).
	Regarding claim 7, Hankins discloses a method for classifying a device according to claim 2, further comprising: 
determining whether there is further device data to be classified (paragraphs [0004 – 0005], [0184]; Hankins discloses that approaches to address security risks continue to be sought, including techniques to identify and classify network connected devices); and reviewing flow attributes associated with the further device data (paragraphs [0035], [0037]; Hankins discloses that network administrators (e.g., human operators who may be experienced in networking technology) perform services that included monitoring network communications (e.g., network traffic to look for suspicious network device activity).
	Regarding claim 8, Hankins discloses a method for classifying a device according to claim 1, further comprising:
determining at least one traffic action associated with the device classification (paragraphs [0035], [0124]; Hankins discloses that by identifying the network devices communicating over a particular network, network devices that present acceptable risks to security, such as devices from reputable manufacturers, for example, are able to be identified); and
applying the at least one traffic action to the network traffic flow (paragraphs [0035], [0124]; Hankins discloses that network devices that appear to be engaged in unusual (e.g., suspicious) network communication activity, which may present risks, may be identified and may potentially be isolated and/or blocked from communicating over the particular network, for example).
	Regarding claim 9, Hankins discloses a system for classifying a device accessing a computer network, the system comprising:
a learning engine configured to provide a framework of models configured to classify the device (paragraphs [0006], [0040]; Hankins discloses that supervisory machine learning processes build a model based at least in part on known samples, which are employed to “train” a process, in order to make predictions and/or decisions without being explicitly programmed to perform the task);
a packet processing engine configured to review a encrypted network traffic (paragraph [0053]; Hankins discloses that the DLP can use standard and/or custom dictionaries to continuously monitor the users 1002, including compressed and/or SSL-encrypted traffic) flow associated with the device (paragraphs [0147 - 0149], [0157], [0192);
a device classification engine configured to extract flow attributes associated with the encrypted network traffic flow, derive further flow attributes based on the extracted flow attributes and determine at least one model of the framework of models based on the derived flow attributes and extracted encrypted flow attributes (paragraphs [0035], [0037], [0053]; Hankins discloses that network administrators (e.g., human operators who may be experienced in networking technology) perform services that included monitoring network communications (e.g., network traffic to look for suspicious network device activity); and
a device information aggregator configured to classify the device associated with the encrypted network traffic flow based on the at least one model (paragraphs [0053], [0224 - 0225]).
Regarding claim 10, Hankins discloses a system for classifying a device according to claim 1, wherein the device classification engine comprises: 
a device platform classifier configured to classify a device platform based on the extracted and derived flow attributes (paragraphs [0144], [0169]); and 
a device type classifier configured to classify a device based on the extracted and derived flow attributes, comprising determining a device make, a device model, or a device screen size comprising determining a device make, a device model, or a device screen size (paragraphs [0144], [0169]; Hankins discloses Network devices capable of operating as a server device, a client device and/or otherwise, may include, as examples, dedicated rack-mounted servers, desktop computers, laptop computers, set top boxes, tablets, netbooks, smart phones, wearable devices, integrated devices combining two or more features of the foregoing devices).
Regarding claim 11, Hankins discloses a system for classifying a device according to claim 10 wherein the device type is classified as one of the group comprising: 
a tablet, a phone, a laptop, a desktop, a home device and an Internet-of-things device (paragraphs [0004], [0032], [0144]).
	Regarding claim 12, Hankins discloses a system for classifying a device according to claim 10 wherein the device platform is classified as one of the group comprising: 
a Windows platform, an Android platform, and an iOS platform (paragraphs [0144], [0169]).
Regarding claim 13, Hankins discloses a system for classifying a device according to claim 9, wherein the device classification engine is further configured to: 
determine a confidence level of the classification of the device associated with the encrypted network traffic flow (paragraphs [0053], [0077], [0112]; Hankins discloses that if increasing PVU size does not produce satisfactory results, another option may be to train a classifier with more sample variety (e.g., more records from a wider variety of network devices) in order to improve accuracy); 
compare the confidence level with a predetermined threshold (paragraphs [0077], [0112]; Hankins discloses that vectorized PVUs do not change in this situation because different models are to be used for comparison to a known result. Thus, results between different models may be compared to select an approach that results with a better accuracy than alternatives); 
if the confidence level is higher than the predetermined threshold, mark the device associated with the network traffic flow as classified (paragraphs [0077], [0112]; Hankins discloses that if a higher accuracy score remains desired despite the two previous ways to attempt to improve accuracy, different machine learning approaches may be used as another way to attempt to improve prediction accuracy); and 
if the confidence level is lower than the predetermined threshold (paragraphs [0070], [0116]; Hankins discloses that a low or a relatively low qualitative value for identification of a particular network device with respect to elements or sub-elements of network communication flow parameters refers to a relatively small marginal increase), determine whether there is User Agent string associated with the traffic flow (paragraph [0061]; Hankins discloses that the term identifier refers to a character sequence (e.g., character string) used for purposes of identification of a network attribute related to a network communication flow); 
if there is a User Agent string available, having a User Agent Parser extract device data from the User Agent String (paragraphs [0120 - 0123], [0219]; Hankins discloses that customers may have an opportunity to provide custom labels and descriptions for any network device, such as via a user interface, such as the example embodiment shown in FIG. 7. These labels and descriptions may provide further details in the form of character strings (e.g., text) capable of being processed during later training and testing phases); and 
wherein the device information aggregator is configured to update the classification with the extracted device data (paragraphs [0120 - 0123]; Hankins discloses that Labels, such as provided by customers, for example, may be used to improve accuracy of an existing classifier by indicating that some character strings should be given a higher weighting. For example, assume a customer labels a device with the character string “rachio.” It is noted that future versions of a classifier may look for that character string within a PVU and amplify a weighting to be assigned to a PVU that includes the character sting).
Regarding claim 14, Hankins discloses a system for classifying a device according to claim 9, further comprising: 
a model monitoring module configured (paragraph [0035]) to: 
determine an accuracy level for at least one model of the frameworks of models (paragraph [0104]); 
compare the accuracy level to a predetermined accuracy threshold (paragraphs [0077], [0112]; Hankins discloses that vectorized PVUs do not change in this situation because different models are to be used for comparison to a known result. Thus, results between different models may be compared to select an approach that results with a better accuracy than alternatives); 
if the accuracy level is higher than the accuracy threshold, continue using the at least one model of the framework of models (paragraphs [0077], [0112]; Hankins discloses that if a higher accuracy score remains desired despite the two previous ways to attempt to improve accuracy, different machine learning approaches may be used as another way to attempt to improve prediction accuracy); 
otherwise, update or remove the model from the framework of models (paragraphs [0110], [0120 - 0123]; Hankins discloses that then current classifiers may be updated in place, thereby potentially continually improving accuracy for discovering new network devices).
Regarding claim 15, Hankins discloses a system for classifying a device according to claim 10, wherein the device classification engine is configured to: 
determine whether there is further device data to be classified (paragraphs [0004 – 0005], [0184]; Hankins discloses that approaches to address security risks continue to be sought, including techniques to identify and classify network connected devices); and review flow attributes associated with the further device data (paragraphs [0035], [0037]; Hankins discloses that network administrators (e.g., human operators who may be experienced in networking technology) perform services that included monitoring network communications (e.g., network traffic to look for suspicious network device activity).
Regarding claim 16, Hankins discloses a system for classifying a device according to claim 9, wherein the system is further configured to: 
determine at least one traffic action associated with the device classification (paragraphs [0035], [0124]; Hankins discloses that by identifying the network devices communicating over a particular network, network devices that present acceptable risks to security, such as devices from reputable manufacturers, for example, are able to be identified); and 
apply the at least one traffic action to the network traffic flow (paragraphs [0035], [0124]; Hankins discloses that network devices that appear to be engaged in unusual (e.g., suspicious) network communication activity, which may present risks, may be identified and may potentially be isolated and/or blocked from communicating over the particular network, for example).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Luhrs et al (US 2016/0267164) discloses system and methods for classifying computing devices based on device attributes.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YVES DALENCOURT whose telephone number is (571)272-3998. The examiner can normally be reached M-F 8AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ario Etienne can be reached on 571-272-4001. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/YVES DALENCOURT/Primary Examiner, Art Unit 2457