DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-27 are pending in this application.
Claims 1-12, 14-16, 18-19, 21 and 24-27 are currently amended.
No new IDS was submitted.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/25/2022 has been entered.
 
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 8, 15 and 24 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1 and 13 of U.S. Patent No. US 10,523,702 B2.  Although the conflicting claims are not identical, they are not patentably distinct from each other because claims 1 and 13 and 18 of U.S. Patent No. US 10,523,702 B2 contains every element of claims 1, 8, 15 and 24 of the instant application and thus anticipate the claims of the instant application (see Claim Comparison Table below).


Instant Application 16/671,009
US 10,523,702 B2
1. At least one storage device or storage disk comprising instructions which, when executed, cause one or more processors of a first device to at least: 


attempt to connect to a second device; 





determine a level of trustworthiness of the second device based on connection characteristics of a communication session including the first device and the second device, 





the first device different from the second device, the first device different from a third device which requested to connect to the second device and the second device different from the third device; 



and in response to determining that the second device meets a threshold of trustworthiness, permit a connection between the second device and the third device, the first device separate from the connection.
13. A system for detecting connection anomalies, the system comprising: one or more processors; a memory including instructions that, when executed, cause at least some of the one or more processors to: 
in response to a first device attempting to connect to a second device: attempt to connect to the second device; 




determine a level of trustworthiness of the second device based on first connection characteristics, second connection characteristics, and third connection characteristics, the first connection characteristics corresponding to a first communication including the first device and the second device, the second connection characteristics corresponding to a second communication between the second device and a third device currently connected to the second device, the third connection characteristics corresponding to a third communication including the system and the second device; and 

take an action regarding the attempt by the first device to connect to the second device based on the level of trustworthiness of the second device.
8. A first device comprising: memory including instructions; and at least one processor to execute the instructions to: 



delay a second  device from establishing a first communication session with a third  device; cause the first device to attempt to establish a second communication session with the third  device; 

determine a level of trustworthiness of the third  device based on connection characteristics of the second communication session including the first device  and the third  device, the connection characteristics including a location of the third device, the first device different from the second device, the first device different from the third device, the second device different from the third device; and HANLEY, FLIGHT & ZIMMERMAN, LLCPage 4 of 12 Attorney Docket No. 20344/P85393CApplication No. 16/671,009 Response to the Office action dated November 15, 2021 







permit the second  device to establish the first communication session with the third  device based on the level of trustworthiness.
13. A system for detecting connection anomalies, the system comprising: one or more processors; a memory including instructions that, when executed, cause at least some of the one or more processors to: 
in response to a first device attempting to connect to a second device: attempt to connect to the second device; 




determine a level of trustworthiness of the second device based on first connection characteristics, second connection characteristics, and third connection characteristics, the first connection characteristics corresponding to a first communication including the first device and the second device, the second connection characteristics corresponding to a second communication between the second device and a third device currently connected to the second device, the third connection characteristics corresponding to a third communication including the system and the second device; and 

take an action regarding the attempt by the first device to connect to the second device based on the level of trustworthiness of the second device.
15. A method comprising: 





Obtaining at a third device, a request from a first device to access a second device, delaying, by executing an instruction with at least one processor of the third device, the first device from establishing a first communication session with the second device; 
establishing a second communication session between the third device and the second device; 

determining, by executing an instruction with the at least one processor of the third device, a level of trustworthiness of the second device based on a comparison between first connection characteristics of the second communication and a threshold of trustworthiness, the third device different from the first device, the first device different from the second device and the third device different from the second device; and 







permitting, by executing an instruction with the at least one processor of the third device, the first device to establish the first communication session with the second device based on the comparison, the first communication session not including the third device.
13. A system for detecting connection anomalies, the system comprising: one or more processors; a memory including instructions that, when executed, cause at least some of the one or more processors to: 
in response to a first device attempting to connect to a second device: attempt to connect to the second device; 








determine a level of trustworthiness of the second device based on first connection characteristics, second connection characteristics, and third connection characteristics, the first connection characteristics corresponding to a first communication including the first device and the second device, the second connection characteristics corresponding to a second communication between the second device and a third device currently connected to the second device, the third connection characteristics corresponding to a third communication including the system and the second device; and 

take an action regarding the attempt by the first device to connect to the second device based on the level of trustworthiness of the second device.
24. A compute device comprising: communication circuitry; instructions; and one or more processor cores to execute the instructions to: 
attempt to communicate with a first device; 


determine a level of trustworthiness of the first device based on one or more characteristics of a communication session including the compute device and the first device, the compute device different from the first device, the first device different from a second device and the compute device different from the second device; and 














in response to determining that the first device meets a threshold of trustworthiness, cause the communication circuitry to transmit a message to cause the second device to communicate with the first device separately from the compute device.
1. At least one storage device or storage disk comprising instructions that, when executed, cause a machine to at least: 


responsive to a first device attempting to connect to a second device, attempt to connect to the second device; 





determine a level of trustworthiness of the second device based on first connection characteristics, second connection characteristics, and third connection characteristics, the first connection characteristics corresponding to a first communication session including the first device and the second device, the second connection characteristics corresponding to a second communication session including a third device currently connected to the second device and the second device, the third connection characteristics corresponding to a third communication session including the machine and the second device; and 
prevent the first device from connecting to the second device based on the level of trustworthiness.




Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-2, 4-5, 7-9, 11-12, 14-16, 18-19, 21-25 and 27 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hernacki et al. (Patent No.: US 8,108,536 B1) (hereinafter, “Hernacki”).

As to claim 1, Hernacki discloses at least one storage device or storage disk comprising instructions which, when executed, cause one or more processors of a first device (col. 4, lines 2-5; herein “special-purpose computers” is equivalent to “a first device”) to at least: 
attempt to connect to a second device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein “server 506” is equivalent to the second device); 
determine a level of trustworthiness of the second device based on connection characteristics of a communication session including the first device and the second device, the first device different from the second device, the first device different from a third device which requested to connect to the second device, and the second device different from the third device (“Similarly, if server-trust module 110 in FIG. 1 determines that client 202 in FIG. 2 has previously streamed other applications or data from server 206 (i.e., applications or data that are different from the streaming application identified in step 302), then server-trust module 110 may allow client 202 to stream at least a portion of the streaming application from server 206 if the trust level for server 206 is sufficiently high” –e.g. see, col. 6, lines 36-46; see also, Fig. 5, herein, client 502 is the third device which requests to connection to server 506 which is the second device and reputation service 508 or server-trust module 110 can be considered as first device which determines trustworthiness of the server 506 (i.e. trustworthiness of the second device); according to Fig. 5, all devices are separate from each other); and 
in response to determining that the second device meets a threshold of trustworthiness, permit a connection between the second device and the third device, the first device separate from the connection (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  

As to claim 2, Hernacki discloses wherein the instructions cause the one or more processors of the first device to, in response to determining that the second device does not meet the threshold of trustworthiness, prevent the connection (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  

As to claim 4, Hernacki discloses wherein the instructions cause the one or more processors of the first device to (a) delay establishment of the connection between the second device and the third device or (b) block a communication from the third device to the second device to at least temporarily prevent the establishment of the connection (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein, connection is delayed until a determination of trustworthiness is made about the server 506 (i.e. about the second device)).  

As to claim 5, Hernacki discloses wherein the instructions cause the one or more processors of the first device to at least (a) delay establishment of the connection between the second device and the third device or (b) prevent a transmission of data from the third device to the second device to at least temporarily prevent the establishment of the connection (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein, connection is delayed until a reputation server determines a trust score of the server 506).  

As to claim 7, Hernacki discloses wherein the connection characteristics of the communication session including the first device and the second device include at least one of (a) real time connection characteristics or (b) historic connection characteristics (Hernacki: “FIG. 7 is a block diagram of an exemplary server-trust report 700. As illustrated in this figure, server-trust report 700 may contain previously calculated trust levels for servers, names and digital signatures for servers, IP addresses for servers, names and checksums for applications or streams, and/or trust levels for applications.”-e.g. see, col. 7, lines 47-63).  

As to claim 8, Hernacki discloses a first device comprising: memory including instructions (col. 4, lines 2-5; herein “special-purpose computers” is equivalent to “a first device”); and at least one processor to execute the instructions to
delay a second device from establishing a first communication session with a third device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein “server 506” is equivalent to the third device; communication session between a client 502 (i.e. second device) and a server 506 (i.e. third device) is delayed until a reputation server determines a trust score of the server 506 (i.e. third device)); 
cause the first device to attempt establish a second communication session with the third device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein “server 506” is equivalent to the third device); 
determine a level of trustworthiness of the third device based on connection characteristics of the second communication session including the first device and the third device, the connection characteristics including a location of the third device, the first device different from the second device, the first device different from the third device, the second device different from the third device (“Similarly, if server-trust module 110 in FIG. 1 determines that client 202 in FIG. 2 has previously streamed other applications or data from server 206 (i.e., applications or data that are different from the streaming application identified in step 302), then server-trust module 110 may allow client 202 to stream at least a portion of the streaming application from server 206 if the trust level for server 206 is sufficiently high” –e.g. see, col. 6, lines 36-46; see also, Fig. 5, herein, client 502 is the second device which requests to connection to server 506 which is the third device and reputation service 508 or server-trust module 110 can be considered as first device which determines trustworthiness of the server 506 (i.e. trustworthiness of the third device); according to Fig. 5, all devices are separate from each other; Further to clarify Hernacki discloses “FIG. 7 is a block diagram of an exemplary server-trust report 700. As illustrated in this figure, server-trust report 700 may contain previously calculated trust levels for servers, names and digital signatures for servers, IP addresses for servers, names and checksums for applications or streams, and/or trust levels for applications.”-e.g. see, col. 7, lines 47-63; herein, destination IP address of the server is equivalent to location of the third device); and 
permit the second device to establish the first communication session with the third device based on the level of trustworthiness (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  

As to claim 9, Hernacki discloses wherein the at least one processor is to, in response to determining that the third device does not meet the threshold of trustworthiness, prevent the second device from establishing the first communication session with the third device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  

As to claim 11, Hernacki discloses wherein the at least one processor is to (a) delay the second device from establishing the first communication session with the third device or (b) prevent the second device from establishing the first communication session with the third device by blocking a communication from the second device to the third device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein, connection is delayed until a determination of trustworthiness is made about the server 506 (i.e. about the second device)).  

As to claim 12, Hernacki discloses wherein the at least one processor is to at least (a) delay the second device from establishing the first communication session with the third device or (b) prevent the second device from establishing the first communication session with the third device by preventing transmission of data from the second device to the third device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein, connection is delayed until a reputation server determines a trust score of the server 506).  

As to claim 14, Hernacki discloses wherein the connection characteristics of the second communication session including the first device and the third device include at least one of (a) real time connection characteristics or (b) historic connection characteristics (Hernacki: “FIG. 7 is a block diagram of an exemplary server-trust report 700. As illustrated in this figure, server-trust report 700 may contain previously calculated trust levels for servers, names and digital signatures for servers, IP addresses for servers, names and checksums for applications or streams, and/or trust levels for applications.”-e.g. see, col. 7, lines 47-63).  

As to claim 15, Hernacki discloses a method comprising: 
obtaining at a third device, a request from a first device to access a second device (Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein “server 506”), 
delaying, by executing an instruction with at least one processor of the third device, the first device from establishing a first communication session with the second device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein “server 506” is equivalent to the second device; communication session between a client 502 (i.e. first device) and a server 506 (i.e. second device) is delayed until a reputation server determines a trust score of the server 506 (i.e. second device)); 
establishing a second communication session between the third device and the second device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein “server 506” is equivalent to the second device); 
determining, by executing an instruction with the at least one processor of the third device, a level of trustworthiness of the second device based on a comparison between first connection characteristics of the second communication session and a threshold of trustworthiness, the third device different from the first device, the first device different from the second device and the third device different from the second device (“Similarly, if server-trust module 110 in FIG. 1 determines that client 202 in FIG. 2 has previously streamed other applications or data from server 206 (i.e., applications or data that are different from the streaming application identified in step 302), then server-trust module 110 may allow client 202 to stream at least a portion of the streaming application from server 206 if the trust level for server 206 is sufficiently high” –e.g. see, col. 6, lines 36-46; see also, Fig. 5, herein, client 502 is the first device which requests to connection to server 506 which is the second device and reputation service 508 or server-trust module 110 can be considered as third device which determines trustworthiness of the server 506 (i.e. trustworthiness of the third device); according to Fig. 5, all devices are separate from each other; Further to clarify Hernacki discloses “FIG. 7 is a block diagram of an exemplary server-trust report 700. As illustrated in this figure, server-trust report 700 may contain previously calculated trust levels for servers, names and digital signatures for servers, IP addresses for servers, names and checksums for applications or streams, and/or trust levels for applications.”-e.g. see, col. 7, lines 47-63; herein, destination IP address of the server is equivalent to location characteristics of the second device); and 
permitting, by executing an instruction with the at least one processor of the third device, the first device to establish the first communication session with the second device based on the comparison, the first communication session not including the third device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  

As to claim 16, Hernacki discloses further including, in response to determining that the second device does not meet the threshold of trustworthiness, preventing the first device from establishing the first communication session with the second device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  


As to claim 18, Hernacki discloses wherein delaying the first device from establishing the first communication session with the second device from establishing the first communication session with the second device includes blocking a communication from the first device to the second device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein, connection is delayed until a determination of trustworthiness of a device).

As to claim 19, Hernacki discloses wherein delaying the first device from establishing the first communication session with the second device includes preventing a transmission of data from the first device to the second device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein, connection is delayed until a reputation server determines a trust score of the server 506). 
 
As to claim 21, Hernacki discloses wherein the instructions cause the one or more processors of the first device to, in response to determining that the second device does not meet the threshold of trustworthiness, instruct the third device not to connect to the second device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37; herein, instructed the client 202 (i.e. third device) to either connect not to connect to the server 206 (i.e. to the second device) ).  

As to claim 22, Hernacki discloses wherein the at least one processor is to, in response to determining that the third device does not meet the threshold of trustworthiness, instruct the second device to not connect to the third device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37; herein, instructed the client 202 (i.e. third device) to either connect not to connect to the server 206 (i.e. to the second device) ).  

As to claim 23, Hernacki discloses further including, in response to determining that the second device does not meet the threshold of trustworthiness, instructing the first device to not connect to the second device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37; herein, instructed the client 202 (i.e. third device) to either connect not to connect to the server 206 (i.e. to the second device) ).  

As to claim 24, Hernacki discloses a compute device comprising: communication circuitry; instructions; and one or more processor cores to execute the instructions to: 
attempt to communicate with a first device (“In one example, client 502 may attempt to stream an application from server 506. Before server 506 streams the application to client 502, client 502 may transmit a request for information about server 506 and/or the application to be streamed from server 506 to reputation service 508. Reputation service 508 may respond by transmitting information about the application and/or about server 506 (such as server-trust report 700 in FIG. 7) to client 502.” –e.g. see, col. 8, lines 66 to col. 9, lines 1-7; herein “server 506” is equivalent to a first device); 
determine a level of trustworthiness of the first device based on one or more characteristics of a communication session including the compute device and the first device, the compute device different from the first device, the first device different from a second device, and the compute device different from the second device (“Similarly, if server-trust module 110 in FIG. 1 determines that client 202 in FIG. 2 has previously streamed other applications or data from server 206 (i.e., applications or data that are different from the streaming application identified in step 302), then server-trust module 110 may allow client 202 to stream at least a portion of the streaming application from server 206 if the trust level for server 206 is sufficiently high” –e.g. see, col. 6, lines 36-46; see also, Fig. 5, herein, client 502 is the second device which requests to connection to server 506 which is the first device and reputation service 508 or server-trust module 110 can be considered as third device which determines trustworthiness of the server 506 (i.e. trustworthiness of the first device); according to Fig. 5, all devices are separate from each other); and
 in response to determining that the first device meets a threshold of trustworthiness, cause the communication circuitry to transmit a message to cause the second device to communicate with the first device separately from the compute device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  

As to claim 25, Hernacki discloses wherein the one or more processor cores are to, in response to determining that the first device does not meet the threshold of trustworthiness, prevent the second device from communicating with first device (“At step 306, the system may determine whether to stream the streaming application from the server based on the trust level for the server. For example, server-trust module 110 in FIG. 1 may determine whether to allow client 202 in FIG. 2 to stream the streaming application identified in step 302 from server 206 based on a trust level for server 206.” –e.g. see, col. 5, lines 31-37).  
 
As to claim 27, Hernacki discloses wherein the one or more characteristics of the communication session including the compute device and the first device include at least one of (a) real time connection characteristics or (b) historic connection characteristics (Hernacki: “FIG. 7 is a block diagram of an exemplary server-trust report 700. As illustrated in this figure, server-trust report 700 may contain previously calculated trust levels for servers, names and digital signatures for servers, IP addresses for servers, names and checksums for applications or streams, and/or trust levels for applications.”-e.g. see, col. 7, lines 47-63).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3, 10, 17 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki in view of Vitalos (Pub. No.: US 2008/0229382 A1).

As to claim 3, Hernacki may not explicitly disclose wherein the instructions cause the one or more processors of the first device to, in response to determining that the second device does not meet the threshold of trustworthiness, cause transmission of an alert message to the third device, the alert message to indicate that the second device is insufficiently trustworthy.  
However, in an analogous art, Vitalos discloses wherein the instructions cause the one or more processors of the first device to, in response to determining that the second device does not meet the threshold of trustworthiness, cause transmission of an alert message to the third device, the alert message to indicate that the second device is insufficiently trustworthy (“However, if the mobile resident security module 120 determines that the requested data session does not satisfy the security policy(s) 126, then the mobile resident security module 120 prevents the data session from being setup through the IP stack (not shown) and alerts the user of the device 104 and the network operator regarding the condition. The network resident security module 122 logs the denied access attempt.” -e.g. see, Vitalos: [0037]).
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the invention of Hernacki with the teaching of Vitalos in order to prevent potentially harmful applications from originating malicious packets onto the network (Vitalos: [0005]).

As to claim 10, Hernacki may not explicitly disclose wherein the at least one processor is to, in response to determining that the third device does not meet the threshold of trustworthiness, cause transmission of an alert message to the second device, the alert message to indicate that the third device is insufficiently trustworthy.
However, in an analogous art, Vitalos discloses wherein the at least one processor is to, in response to determining that the third device does not meet the threshold of trustworthiness, cause transmission of an alert message to the second device, the alert message to indicate that the third device is insufficiently trustworthy (“However, if the mobile resident security module 120 determines that the requested data session does not satisfy the security policy(s) 126, then the mobile resident security module 120 prevents the data session from being setup through the IP stack (not shown) and alerts the user of the device 104 and the network operator regarding the condition. The network resident security module 122 logs the denied access attempt.” -e.g. see, Vitalos: [0037]).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the invention of Hernacki with the teaching of Vitalos in order to prevent potentially harmful applications from originating malicious packets onto the network (Vitalos: [0005]).

As to claim 17, Hernacki may not explicitly disclose further including, in response to determining that the second device does not meet the threshold of trustworthiness, transmitting an alert message to the first device, the alert message to indicate that the second device is insufficiently trustworthy.
However, in an analogous art, Vitalos discloses further including, in response to determining that the second device does not meet the threshold of trustworthiness, transmitting an alert message to the first device, the alert message to indicate that the second device is insufficiently trustworthy (“However, if the mobile resident security module 120 determines that the requested data session does not satisfy the security policy(s) 126, then the mobile resident security module 120 prevents the data session from being setup through the IP stack (not shown) and alerts the user of the device 104 and the network operator regarding the condition. The network resident security module 122 logs the denied access attempt.” -e.g. see, Vitalos: [0037]).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the invention of Hernacki with the teaching of Vitalos in order to prevent potentially harmful applications from originating malicious packets onto the network (Vitalos: [0005]).

As to claim 26, Hernacki may not explicitly disclose wherein the one or more processor cores are to, in response to determining that the first device does not meet the threshold of trustworthiness, cause the communication circuitry to transmit an alert message to the second device, the alert message to indicate that the first device is insufficiently trustworthy.
However, in an analogous art, Vitalos discloses wherein the one or more processor cores are to, in response to determining that the first device does not meet the threshold of trustworthiness, cause the communication circuitry to transmit an alert message to the second device, the alert message to indicate that the first device is insufficiently trustworthy (“However, if the mobile resident security module 120 determines that the requested data session does not satisfy the security policy(s) 126, then the mobile resident security module 120 prevents the data session from being setup through the IP stack (not shown) and alerts the user of the device 104 and the network operator regarding the condition. The network resident security module 122 logs the denied access attempt.” -e.g. see, Vitalos: [0037]). 
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the invention of Hernacki with the teaching of Vitalos in order to prevent potentially harmful applications from originating malicious packets onto the network (Vitalos: [0005]).

Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hernacki in view of Krivosheev et al. (Pub. No.: US 2010/0313248 A1) (hereinafter, “Krivosheev”).

As to claim 6, Hernacki may not explicitly disclose wherein the data includes data related to a password associated with a user of the third device.  
However, in an analogous art, Krivosheev discloses wherein the data includes data related to a password associated with a user of the third device (Krivosheev: “Based on a trust level provided by the verification service for the requesting domain, corrective actions may be taken to warn the user or prevent transmission of login credentials. Alternatively, verification may be performed on applications residing on a local computer.” -Krivosheev: abstract).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the invention of Hernacki with the teaching of Krivosheev in order to reduce the likelihood that a user will send login credentials to a malicious or fraudulent web domain (Krivosheev: [0002]).

As to claim 13, Hernacki may not explicitly disclose wherein the data includes data related to a password associated with a user of the second device.  
However, in an analogous art, Krivosheev discloses wherein the data includes data related to a password associated with a user of the second device (Krivosheev: “Based on a trust level provided by the verification service for the requesting domain, corrective actions may be taken to warn the user or prevent transmission of login credentials. Alternatively, verification may be performed on applications residing on a local computer.” -Krivosheev: abstract).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the invention of Hernacki with the teaching of Krivosheev in order to reduce the likelihood that a user will send login credentials to a malicious or fraudulent web domain (Krivosheev: [0002]).

As to claim 20, Hernacki may not explicitly disclose wherein the data includes data related to a password associated with a user of the first device.  
However, in an analogous art, Krivosheev discloses wherein the data includes data related to a password associated with a user of the first device (Krivosheev: “Based on a trust level provided by the verification service for the requesting domain, corrective actions may be taken to warn the user or prevent transmission of login credentials. Alternatively, verification may be performed on applications residing on a local computer.” -Krivosheev: abstract).  
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention was made to modify the invention of Hernacki with the teaching of Krivosheev in order to reduce the likelihood that a user will send login credentials to a malicious or fraudulent web domain (Krivosheev: [0002]).

Response to Arguments
Applicant’s arguments with respect to claims 1, 8, 15 and 24 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

SUMAN DEBNATH
Patent Examiner
Art Unit 2495



/S.D/Examiner, Art Unit 2495                                                                                                                                                                                                        

/PONNOREAY PICH/Primary Examiner, Art Unit 2495