DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 5/31/2022.
Claims 1-20 have been canceled.
Claims 21-40 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/7/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11019056.   the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application recite a corresponding method, product and system of claims 1-20 of the patent application.  Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding claims of the patent application.  For example, see the table below for a claim comparison between the instant application and patent application (bolded text indicates significant similarities of major feature in each invention).

Instant Application 17/721714
Patent Application 11019056
Claim 1: 
A method comprising: 
detecting a new device at a threat management facility for an enterprise network; 
in response to determining that the new device includes a user interface and that the new device is manageable by the threat management facility by delivery of a local security agent to the new device, directing the new device to a landing page of a portal configured to manage admission of unrecognized devices onto the enterprise network by interactively guiding a user of the new device through a network entry procedure in the user interface; and 









delivering device management capability to the new device by delivering the local security agent to the new device for installation on the new device.
Claim 1:
A method comprising: 
detecting a device on an enterprise network managed by an administrator; 

when the device provides, to a threat management facility, a heartbeat that identifies the device as one of a set of managed devices for the enterprise network, permitting the device to communicate over the enterprise network; and when the device does not provide the heartbeat to the threat management facility, determining manageability of the device and, upon determining that the device is unmanageable by the threat management facility in a manner consistent with a security policy for the enterprise network, listing the device on an unclaimed device page accessible on the enterprise network and published by a portal for admission, by authorized users of the enterprise network in addition to the administrator, of unrecognized devices onto the enterprise network, and receiving information from an authorized user to associate the device with the authorized user.


Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11310275. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application recite a corresponding method, product and system of claims 1-20 of the patent application.  Furthermore, Examiner notes that each and every limitation of the instant claims appear to be substantially anticipated by the corresponding claims of the patent application.  For example, see the table below for a claim comparison between the instant application and patent application (bolded text indicates significant similarities of major feature in each invention).

Instant Application 17/721714
Patent Application 11310275
Claim 1: 
A method comprising: 
detecting a new device at a threat management facility for an enterprise network; 
in response to determining that the new device includes a user interface and that the new device is manageable by the threat management facility by delivery of a local security agent to the new device, directing the new device to a landing page of a portal configured to manage admission of unrecognized devices onto the enterprise network by interactively guiding a user of the new device through a network entry procedure in the user interface; and 












delivering device management capability to the new device by delivering the local security agent to the new device for installation on the new device.
Claim 1:
A method comprising: 
detecting a device on an enterprise network; 

when the device provides, to a threat management facility, a heartbeat from a local security agent executing on the device that identifies the device as one of a set of managed devices for the enterprise network, permitting the device to communicate over the enterprise network; and when the device does not provide the heartbeat to the threat management facility, identifying a type of the device from among two or more device types, and upon determining that the type includes a user interface and that the type is manageable by the threat management facility by delivery of the local security agent to the device, directing the device to a landing page of a portal configured to manage admission of unrecognized devices onto the enterprise network by interactively guiding a user of the device through a network entry procedure in the user interface and delivering device management capability to the device by delivering the local security agent that provides the heartbeat to the device for installation on the device.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-24, 27-33 and 36-40 are rejected under 35 U.S.C. 103 as being unpatentable over Jumelet et al. (NPL U: “Control the Health of Windows 10-Based Devices”) (hereinafter Jumelet) in view of Oberheide et al. (US 20180007046) (hereinafter Oberheide).
Regarding claim 21, Jumelet discloses a method comprising: detecting a new device at a threat management facility for an enterprise network (Jumelet: pages 3, 18 and 28, “device health status can be combined with user identity information when processing an access request. Access to content is then authorized to the appropriate level of trust”); in response to determining that the new device includes a user interface and that the new device is manageable by the threat management facility (Jumelet: pages 15 and 16, “Device health attestation leverages the TPM to provide cryptographically strong and verifiable measurements of the chain of software used to boot the device. For Windows 10-based devices, Microsoft introduces a new public API that will allow MDM software to access a remote attestation service called Windows Health Attestation Service. A health attestation result, in addition with other elements. can be used to allow or deny access to networks, apps, or services, based on whether devices prove to be healthy. For more information on device health attestation, see the Detect an unhealthy Windows 10-based device section”, //Examiner notes that the user interface is broadly mapped to the Windowing system of the Windows 10-based OS), directing the new device to a landing page of a portal configured to manage admission of unrecognized devices onto the enterprise network by interactively guiding a user of the new device through a network entry procedure in the user interface (Jumelet: pages 17-18 and 27-29, “This is the most secure approach available for Windows 10-based devices to detect when security defenses are down.  During the boot process, the TCG log and PCRs values are sent to a remote Microsoft cloud service. Logs are then checked by the Health Attestation Service to determine what changes have occurred on the device”… “To use the health attestation feature of Windows 10, the device must be equipped with a discrete or firmware TPM. There is no restriction on any particular edition of Windows 10”; page 18, “when starting a device equipped with TMP, a measurement of different components is performed”; and pages 26-29 and 30, “Devices that attempt to connect to resources must have their health evaluated so that unhealthy and noncompliant devices can be detected and reported. To be fully efficient, an end-to-end security solution must impose a consequence for unhealthy devices like refusing access to high-value assets”).
Jumelet does not explicitly disclose the following limitations which are disclosed by Oberheide, by delivery of a local security agent to the new device in response to the determination that a new device is manageable (Oberheide: paragraphs 0061-0062, “when a system operating method 100 determines that the endpoint is unmanaged (but successfully authenticated), the system may generate management status configuration indicia for the endpoint, transmit the management status indicia to the endpoint, and confirm or verify that the endpoint computing device is configured as a managed endpoint based on implementing the management status configuration indicia at the endpoint. The management status configuration indicia may be any information that allows an endpoint to configure itself as a managed device. Thus, the management status configuration indicia may include computer-executable instructions for modifying or configuring systems of the endpoint like a managed device, a management script or management software application that is installed on the endpoint, digital certificates”, [Notes: the management status of the endpoint is confirmed then configuring systems of the endpoint like a managed device and a management script or management software application that is installed on the endpoint]); and delivering device management capability to the new device by delivering the local security agent to the new device for installation on the new device (Oberheide: paragraphs 0061-0062, “when a system operating method 100 determines that the endpoint is unmanaged (but successfully authenticated), the system may generate management status configuration indicia for the endpoint, transmit the management status indicia to the endpoint, and confirm or verify that the endpoint computing device is configured as a managed endpoint based on implementing the management status configuration indicia at the endpoint. The management status configuration indicia may be any information that allows an endpoint to configure itself as a managed device. Thus, the management status configuration indicia may include computer-executable instructions for modifying or configuring systems of the endpoint like a managed device, a management script or management software application that is installed on the endpoint, digital certificates”, [Notes: the management status of the endpoint is confirmed then configuring systems of the endpoint like a managed device and a management script or management software application that is installed on the endpoint]). 
Jumelet and Oberheide are analogous art because they are from the same field of endeavor, access protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Jumelet and Oberheide before him or her, to modify the system of Jumelet to include the delivery of the local security agent to the device based on management status of Oberheide.  The suggestion/motivation for doing so would have been to mitigate and/or eliminate various computer security risks associated with unmanaged endpoints that seek to access digital resources of an entity (Oberheide: paragraph 0011).
Regarding claim 31, claim 31 discloses a method claim that is substantially equivalent to the method of claim 21.  Therefore, the arguments set forth above with respect to claim 21 are equally applicable to claim 31 and rejected for the same reasons.
Regarding claim 40, claim 40 discloses a system claim that is substantially equivalent to the method of claim 21.  Therefore, the arguments set forth above with respect to claim 21 are equally applicable to claim 40 and rejected for the same reasons.
Regarding claims 22 and 32, Jumelet as modified further discloses wherein detecting the new device includes recognizing the new device as new to the enterprise network based on a table of known devices for the enterprise network (Jumelet: pages 15-16 and 23, “MDM solutions are becoming prevalent as a light-weight device management technology. Windows 10 extends the management capabilities that have become available for MDMs. One key feature Microsoft has added to Windows 10 is the ability for MDMs to acquire a strong statement of device health from managed and registered devices.”).
Regarding claim 23, Jumelet as modified further discloses wherein the table of known devices stores at least one of a machine identifier for each known device, a media access control address for each known device, and a dynamic host configuration protocol unique identifier for each known address (Jumelet: pages 5, 19 and 23, “Windows 10 contains a configuration service provider (CSP) specialized for interacting with the health attestation feature. A CSP is a component that plugs into the Windows MDM client and provides a published protocol for how MDM servers can configure settings and manage Windows-based devices.”).
Regarding claims 24 and 33, Jumelet as modified further discloses wherein detecting the new device includes recognizing the new device as new to the enterprise network based on a database of registered devices stored by the threat management facility (Jumelet: pages 15-16,  23 and 28, “MDM solutions are becoming prevalent as a light-weight device management technology. Windows 10 extends the management capabilities that have become available for MDMs. One key feature Microsoft has added to Windows 10 is the ability for MDMs to acquire a strong statement of device health from managed and registered devices.”).
Regarding claim 27,  Jumelet as modified further discloses wherein delivering device management capability to the new device includes installing the local security agent on the new device (Oberheide: paragraphs 0061-0062, “when a system operating method 100 determines that the endpoint is unmanaged (but successfully authenticated), the system may generate management status configuration indicia for the endpoint, transmit the management status indicia to the endpoint, and confirm or verify that the endpoint computing device is configured as a managed endpoint based on implementing the management status configuration indicia at the endpoint. The management status configuration indicia may be any information that allows an endpoint to configure itself as a managed device. Thus, the management status configuration indicia may include computer-executable instructions for modifying or configuring systems of the endpoint like a managed device, a management script or management software application that is installed on the endpoint, digital certificates”, [Notes: the management status of the endpoint is confirmed then configuring systems of the endpoint like a managed device and a management script or management software application that is installed on the endpoint]).  The same motivation to modify Jumelet  in view of Oberheide, as applied in claim 21 above, applies here.
Regarding claim 28, Jumelet as modified further discloses wherein delivering device management capability to the new device includes scanning the new device for compliance with a security policy (Jumelet: page 25, “Setting the requirements for device compliance is the first step to ensure that registered devices that do not meet health and compliance requirements are detected, tracked, and have actions enforced by the MDM solution.”).
Regarding claim 29, Jumelet as modified further discloses in response to determining that the new device is not manageable by the threat management facility by delivery of the local security agent to the new device, listing the new device on an unclaimed device page for the enterprise network (Oberheide: paragraphs 0061-0062, “when a system operating method 100 determines that the endpoint is unmanaged (but successfully authenticated), the system may generate management status configuration indicia for the endpoint, transmit the management status indicia to the endpoint, and confirm or verify that the endpoint computing device is configured as a managed endpoint based on implementing the management status configuration indicia at the endpoint. The management status configuration indicia may be any information that allows an endpoint to configure itself as a managed device. Thus, the management status configuration indicia may include computer-executable instructions for modifying or configuring systems of the endpoint like a managed device, a management script or management software application that is installed on the endpoint, digital certificates”, [Notes: the management status of the endpoint is confirmed then configuring systems of the endpoint like a managed device and a management script or management software application that is installed on the endpoint]).  The same motivation to modify Jumelet  in view of Oberheide, as applied in claim 21 above, applies here.
Regarding claim 30, Jumelet as modified further discloses wherein the new device includes a virtual machine (Jumelet: paragraphs 11 and 12, “Other isolated services: for example, on Windows Server 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.”).
Regarding claim 36, Jumelet as modified further discloses wherein detecting the new device includes attempting to query the new device for identifying information (Jumelet: pages 18-19, “Windows 10 supports health attestation scenarios by allowing applications access to the underlying health attestation configuration service provider (CSP) so that applications can request a health attestation token. The measurement of the boot sequence can be checked at any time locally by an antimalware or an MDM agent.”…“The client (a Windows 10-based device with TPM) initiates the request with the remote device health attestation service. Because the health attestation server is expected to be a Microsoft cloud service, the URI is already pre-provisioned in the client.  The client then sends the TCG log, the AIK signed data (PCR values, boot counter) and the AIK certificate information.”).
Regarding claim 37, Jumelet as modified further discloses wherein detecting the new device includes requesting credentials to identify the new device in a network entry procedure hosted by a web portal  (Jumelet: pages 18-19 and 30, “Windows 10 supports health attestation scenarios by allowing applications access to the underlying health attestation configuration service provider (CSP) so that applications can request a health attestation token. The measurement of the boot sequence can be checked at any time locally by an antimalware or an MDM agent.”…).
Regarding claim 38, Jumelet as modified further discloses wherein detecting the new device includes testing a response of the new device to network requests  (Jumelet: pages 7 and 25, “Windows 10 supports health attestation scenarios by allowing applications access to the underlying health attestation configuration service provider (CSP) so that applications can request a health attestation token. The measurement of the boot sequence can be checked at any time locally by an antimalware or an MDM agent.”).
Regarding claim 39, Jumelet as modified further discloses wherein detecting the new device includes fingerprinting the new device based on data that the new device reports in network communications (Jumelet: pages 18, 22-23 and 25, “he measurement of the boot sequence is based on the PCR and TCG log. To establish a static root of trust, when the device is starting, the device must be able to measure the firmware code before execution. In this case, the Core Root of Trust for Measurement (CRTM) is executed from the boot, calculates the hash of the firmware. then stores it by expanding the register PCR[OJ and transfers execution to the firmware”).

Claims 25-26 and 34-35 are rejected under 35 U.S.C. 103 as being unpatentable over Jumelet in view of Oberheide, and further in view of Memmott et al. (US 20170331708) (hereinafter Memmott).
Regarding claims 25 and 34, Jumelet in view of Oberheide does not explicitly disclose the following limitation which is disclosed by Memmott, wherein detecting the new device includes failing to receive a secure heartbeat for the new device (Memmott: paragraphs 0052 , 0081-0082 and 0115, “Once a managed device 202 is selected to provide a service 218, the selected managed device 202 may send out a periodic heartbeat message”… “if the selected managed device 102 stops providing the service 118 or goes offline for some reason, the remaining managed device 102 may negotiate who will provide the service based on the preconfigured election rules”).  Jumelet in view of Oberheide and Memmott are analogous art because they are from the same field of endeavor, access protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Jumelet in view of Oberheide and Memmott before him or her, to modify the system of Jumelet in view of Oberheide to include failing to receive a secure heartbeat for a new device of Memmott.  The suggestion/motivation for doing so would have been to improve the detection coverage of devices to enhance security of the overall system.
Regarding claims 26 and 35, Jumelet as modified further teaches wherein detecting the new device includes failing an attempt authenticate a secure heartbeat for the new device (Memmott: paragraphs 0052 and 0115, “The managed device 102 may fail 602 to receive a periodic message from the selected managed device 102 within a heartbeat message interval 234.”… “if the selected managed device 102 stops providing the service 118 or goes offline for some reason, the remaining managed device 102 may negotiate who will provide the service based on the preconfigured election rules”).  The same motivation to modify Jumelet in view of Oberheide and Memmott, as applied in claim 25 above, applies here.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed here, US 8375117 Using Endpoint Host Checking To Classify Unmanaged Devices In A Network And To Improve Network Location Awareness
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431