DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 8-11 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because:


Regarding claims 8-11, the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because it recites the limitation “the IP policy management service communicatively coupled to the network” that is purely software per ser. The claim as directed to software per se is not statutory because it does not fall in any statutory categories of invention (i.e., Machine, Manufacture, Composition of Mater, and Process)


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claim(s) 1, 2, 4, 8, 9, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Mircescu (US 2016/0173450 A1) in view of Gourlay (US 2014/0280846 A1), in view of Spitaels  (US 2005/0246431 A1).
Regarding Claim 1, 8

Mircescu teaches:

A method for configuring a network with an IP policy management service and a plurality of distributed managed network devices supporting one or more service roles, wherein the IP policy management service performs steps comprising: discovering the at least one managed network devices (fig. 1A plurality of devices coupled to Network regulator 18 that performs IP policy management service, ¶36 distributing network configuration parameters (e.g., network addresses) to clients systems 12a-f, network services implement a (DHCP), ¶37 FIGS. 1-A-B show a network regulator 18 connected to local network 14, network regulator 18 comprises a network appliance configured to perform various services for client systems 12a-f, services include device management, remote configuration of network 14, ¶39 ¶79 device discovery support is provided in provisional application 62/090,547 fig. 1-28); 

configuring each of the discovered managed network devices by deploying one or more configuration updates via the network to the discovered managed network devices (¶52 configure client systems 12a-f, Configuring systems 12a-f , may include software upgrades (configuration updates), ¶87 ¶89 transmission of configuration data/commands (deploying configuration updates) to a target client system, in relation to device discovery, support is provided in provisional application 62/090,547 fig. 1-28).

Mircescu does not teach:

determining the configuration of each managed network device based on selection of a policy for the discovered managed network device, 

wherein the policy includes at least one rule specific to each of the service roles and one or more capabilities of the discovered managed network device; and 


Gourlay teaches:

determining the configuration of each managed network device based on selection of a policy for the discovered managed network device (¶53 fig. 3 step 304 determine device configuration, determine and apply a network policy for a port based on a configuration characteristic of another device that is connected to the network element)
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Mircescu in light of Gourlay in order for determining a network policy for an attached device based on one or more characteristics of the attached device (Gourlay abstract).


Mircescu-Gourlay does not teach:

wherein the policy includes at least one rule specific to each of the service roles and one or more capabilities of the discovered managed network device; and 

Spitaels teaches:

wherein the policy includes at least one rule specific to each of the service roles and one or more capabilities of the discovered managed network device (¶48 DHCP includes two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host, and a mechanism for allocating network addresses to hosts, ¶59 Device 201 may be capable of communicating information between networks such as wireless networks and one or more wired networks such as network 209, ¶10 configuration of the device is performed based upon one or more attributes of a network to which the device is connected, in the case of a wireless communication device that is capable of performing routing, switching/bridging, and repeating forwarding functions, the wireless communication device may configure one or more operating parameters based upon one or more detected attributes of the network to which it is attached); and
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Mircescu- Gourlay in light of Spitaels in order to the perform automatic configuration of the device based upon one or more attributes of a network to which the device is connected. In the case of a wireless communication device that is capable of performing routing, switching/bridging, and repeating forwarding functions, the wireless communication device may configure one or more operating parameters based upon one or more detected attributes of the network to which it is attached (Spitaels ¶10).
 

Regarding Claim 2, 9

Mircescu-Gourlay-Spitaels teaches:

The method of claim 1.


Mircescu teaches:

The method of claim 1, wherein the supporting service roles include at least one of: a DHCP service, a VPN tunnel, Quality of Service (QoS), a router, a wireless router, a network firewall, a DNS service, and a network proxy (¶56 ¶50 fig. 7 network regulator 18 that performs IP policy management service, contains a device detection module 42 and a DHCP module 43, module 43 provides DHCP services for local network 14, ¶59 extract device-type-indicative data from the respective interface (for instance, determine whether the interface is a HTML document or not, and determine a network address of the respective interface (one or more capabilities of the discovered device), support is provided in provisional application 62/090,547 fig. 1-28)

Regarding Claim 4, 11

Mircescu-Gourlay-Spitaels teaches:

The method of claim 1.

Spitaels teaches:

 The method of claim 1, wherein the at least one rule specifies one setting of the discovered managed device behavior (¶48 DHCP includes two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host, and a mechanism for allocating network addresses to hosts, ¶59 Device 201 may be capable of communicating information between networks such as wireless networks and one or more wired networks such as network 209, ¶10 configuration of the device is performed based upon one or more attributes of a network to which the device is connected, in the case of a wireless communication device that is capable of performing routing, switching/bridging, and repeating forwarding functions, the wireless communication device may configure one or more operating parameters based upon one or more detected attributes of the network to which it is attached); and
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Mircescu in light of Spitaels in order to the perform automatic configuration of the device based upon one or more attributes of a network to which the device is connected. In the case of a wireless communication device that is capable of performing routing, switching/bridging, and repeating forwarding functions, the wireless communication device may configure one or more operating parameters based upon one or more detected attributes of the network to which it is attached (Spitaels ¶10).


Claims 3 and 10 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Mircescu-Gourlay-Spitaels as applied to claim 1 above, and further in view of  Strohmenger  (US 2016/0274978 A1).

Regarding Claim 3, 10
Mircescu-Gourlay-Spitaels teaches:

The method of claim 1.

Mircescu-Gourlay-Spitaels does not teach:


The method of claim 1, wherein the discovered managed network device is configurable to use Internet-based cloud services.

Strohmenger teaches:


The method of claim 1, wherein the discovered managed network device is configurable to use Internet-based cloud services (¶71 discovering device 114, cloud can communicate configuration  information to new device. ¶93 The cloud platform 402 can be a public cloud that can be accessible via a public network, such as the Internet, by devices having public network connectivity (e.g., Internet connectivity) and appropriate authorizations to utilize the cloud services 412).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Mircescu-Gourlay-Spitaels in light of Strohmenger in order to facilitate leveraging cloud-based applications and services (e.g., industrial-plant-backup-related services, data collection services, data storage services, modeling services, etc.) associated with the cloud platform (Strohmenger ¶93).

Claim 5 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Mircescu-Gourlay-Spitaels as applied to claim 1 above, and further in view of  Wu (US 2009/0150526 A1).


Regarding Claim 5

Mircescu-Gourlay-Spitaels does not teach:

The method of claim 1, wherein alerts and status information are forwarded to the IP policy management service by the discovered managed network device based on internal network device event notifications or periodically.

Wu teaches:

The method of claim 1, wherein alerts and status information are forwarded to the IP policy management service by the discovered managed network device based on internal network device event notifications or periodically (¶25-33 step 21 DHCP inform message is transmitted to configuration management server of the gateway).

Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Mircescu-Gourlay-Spitaels in light of Wu in order for implementing configuration management of devices in a network (Wu abstract).

Claims 6-7 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Mircescu-Gourlay-Spitaels-Wu as applied to claim 5 above, and further in view of  McClure (US 2012/0144476 A1).


Regarding Claim 6

Mircescu-Gourlay-Spitaels-Wu does not teach:

The method of claim 5, wherein a representation of the network, determined from discovery results and DHCP and other event notifications for the discovered managed devices, is visually represented on a user display screen in a graphical user interface to a user.

McClure teaches:

The method of claim 5, wherein a representation of the network, determined from discovery results and DHCP and other event notifications for the discovered managed devices, is visually represented on a user display screen in a graphical user interface to a user(¶186 entire network map can be relatively accurately stored internally, and translated into a visual representation for reporting, ¶345 148 DHCP for service discovery).
Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Mircescu-Gourlay-Spitaels-Wu in light of McClure in order to provide a system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers (McClure abstract).


Regarding Claim 7

Mircescu-Gourlay-Spitaels-Wu-Mcclure teaches:

The method of claim 6.


Mcclure teaches:

The method of claim 6, wherein the visual representation of the discovered managed device can be manipulated on-screen by the user interacting with the graphical user interface using a user input to configure the policy for the discovered managed device (¶186 entire network map can be relatively accurately stored internally, and translated into a visual representation for reporting, ¶346 compiles the data discovered during security testing into a graphical, informationally hierarchical, and interactive set of documents for review).

Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Mircescu-Gourlay-Spitaels-Wu in light of McClure in order to provide a system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers (McClure abstract).

Claim 12 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Spitaels (US 2005/0246431 A1) in view of Linden (US 2010/0162036 A1).

Regarding Claim 12

Spitaels teaches:

A method of developing a policy for at least one distributed network device communicatively coupled to a network with an IP policy management service and a plurality of distributed managed network devices supporting service roles, wherein the IP policy management service performs the method having steps comprising: using a management device having at least one processor and non-transitory memory with instructions stored therein, executing the instructions using the processor to: automatically discover capabilities of at least one managed network device on the network (¶48 DHCP includes two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host, and a mechanism for allocating network addresses to hosts, ¶59 Device 201 may be capable of communicating information between networks such as wireless networks and one or more wired networks such as network 209, ¶10 configuration of the device is performed based upon one or more attributes of a network to which the device is connected, in the case of a wireless communication device that is capable of performing routing, switching/bridging, and repeating forwarding functions, the wireless communication device may configure one or more operating parameters based upon one or more detected attributes of the network to which it is attached); 





Spitaels does not teach:

automatically determine current attributes of the discovered network device; 

implement rules from a set of rules appropriate for the managed device stored in non-transitory memory as selected by an administrator using a user input; 

store rule parameters entered by an administrator; 

read prior device configurations from management service non-transitory memory; 

review and compile the policy; and 

save the policy to management service non-transitory memory.

Spitaels does not teach:

automatically determine current attributes of the discovered network device (fig. 2B step 221, 231 ¶66 discover device, ¶67 determining the eligibility of the device to join the cluster may be based upon device-identifying, the capabilities of the device (e.g., hardware capabilities, such as processor speed, memory, and the like, software installed (determine attributes of discovered device); 

implement rules from a set of rules appropriate for the managed device stored in non-transitory memory as selected by an administrator using a user input ((fig. 2B step 221, 231 236 ¶66- 68 ¶147 via the cluster management module 466 may provide a configuration interface comprise a network accessible user interface, an Application Programming Interface (API), device-specific configuration may be transmitted to the device by selecting device-specific configuration data from a plurality of different device-specific configurations, each of which may be adapted to particular device hardware and/or software configuration or version); 
store rule parameters entered by an administrator (¶68 ¶147 via the cluster management module 466 may provide a configuration interface comprise a network accessible user interface, an Application Programming Interface (API), device-specific configuration may be transmitted to the device by selecting device-specific configuration (storing rule parameter after being transmitted, and then verified in step 241¶69 ¶87 the cluster master 320 may receive configuration updates (e.g., from a human operator via a configuration interface, from a policy server) ; 

read prior device configurations from management service non-transitory memory (¶27verification of step 241 (comprising comparing to prior device configuration) may comprise the device transmitting a confirmation message to the method 201, the method 201 actively interrogating the device, or the like. If the cluster configuration is verified, the flow may continue to step 251; 

review and compile the policy (¶87 the cluster master 320 may receive configuration updates (e.g., from a human operator via a configuration interface, from a policy server, The configuration updates may include modifications to the cluster policy); and 

save the policy to management service non-transitory memory (¶87 the cluster master 320 may receive configuration updates (e.g., from a human operator via a configuration interface, from a policy server, The configuration updates may include modifications to the cluster policy, ¶64
method may be implemented on a computing device comprising a processor and memory using one or more computer-readable and/or computer-executable instructions).

Therefore, it would have been obvious to the one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Spitaels in light of Linden in order to provide formation of a cluster comprising two or more computing devices configured to provide network services, wherein the cluster may be configured to provide network communications and security services including, but not limited to: providing firewall services, acting as a forward and/or reverse proxy, virtual private networking (VPN), packet filtering, anti-virus services, Internet Provider Security (IPS), tunneling, Spam blocking, Web blocking, and the like (Linden ¶24)



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLUWATOSIN M GIDADO whose telephone number is (571)272-4227.  The examiner can normally be reached on Monday -Friday 8:00 - 4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie can be reached on (571) 270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/OLUWATOSIN M GIDADO/Examiner, Art Unit 2445                                                                                                                                                                                                        
/OSCAR A LOUIE/Supervisory Patent Examiner, Art Unit 2445