Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	This action is in response to the communication filed on 8/8/2022.
  Claims 21-40 are examined and rejected. 

Information Disclosure Statement
The Information Disclosure Statement (IDS) submitted on 8/3/2022, 8/17/2022, 10/27/2022 and 11/9/2022 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDS statement has been considered by the Examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s) as explained below. See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Double Patent Analysis of Instant application 17,721,614 and US Patent 11,310,264.
Claims 21-40 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-18 of U.S. Patent 11,310,264. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is covered by the U.S. Patent 11,310,264.
This is a non-statutory double patenting rejection. The assignee of the application and the patent is the same.
Exemplary claim 1 with the substantive differences between the conflicting claim 1 identified in bold / underlined is outlined below in the following comparison table.

Claim Comparison Table   
Instant Application
17,721,614
US Patent 
11,310,264
21. A system for threat detection, the system comprising: 
a gateway in a computer network of an enterprise, the gateway configured to detect a request for network traffic from an endpoint in the enterprise, the request including a destination address and the request containing a violation of a network policy for the enterprise, the gateway further configured to identify the endpoint that originated the request, and to query the endpoint to determine a first instance of a source of the request on the endpoint; and 
a threat management facility for managing the enterprise, the threat management facility coupled in a communicating relationship with the gateway, and 
the threat management facility configured to locate one or more other endpoints associated with the enterprise that contain a second instance of the source of the request, and to cause the one or more other endpoints to remediate the second instance of the source on the one or more other endpoints.
1. A system for threat detection, the system comprising: 
      a gateway in an enterprise, the gateway including a memory, and the gateway configured to detect a request for network traffic from an endpoint in the enterprise, the request including a destination address and the request containing a violation of a network policy for the enterprise, the gateway further configured to identify the endpoint that originated the request, and to query the endpoint to determine a source process of the request executing on the endpoint and one or more files on the endpoint operated on by the source process; and 
    a threat management facility for managing the enterprise, the threat management facility coupled in a communicating relationship with the gateway, and 
    the threat management facility configured to locate one or more other endpoints associated with the enterprise that contain the one or more files, and to cause the one or more other endpoints to change a local reputation of the one or more files on the one or more other endpoints.





Claim 21 and independent claim(s) of the instant application is broader in all respects than conflicting claim 1 and independent claim(s) of Patent No. U.S. Patent 11,310,264.  It is clear that all the elements of independent claims of the instant application are to be found in the patent of independent claims. The difference between the instant application claims and claims of patent claims lies in the fact that the patented claim includes more elements and is thus more specific. 
For example, in the instant application claim 21 recites “  a gateway and a threat management facility .. to contain a second instance of the source of the request containing violation of a network policy with destination address and threat facility for management of endpoint(s) along with other steps” similarly in the patent claim 1 the ‘all steps of instant application claim 1 along with ‘endpoints to change a local reputation of the files on endpoint(s) and other steps’. Thus, claim 21 and independent claim(s) of instant application are broader.
The pending claims of the instant application are generic to the species of patent
‘264. Thus, the generic invention is ‘anticipated’ by the species of the patented invention and the instant application claims are generic to the species of invention covered by the patent claim. Therefore, they are not patentably distinct from each other.
This is non-statutory obvious type double patenting rejection since the conflicting claims have been patented.  

Double Patent Analysis of Instant application 17,721,614  and US Patent 10,616,269.
Claims 21-40 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent 10,616,269. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is covered by the U.S. Patent 10,616,269.
This is a provisional non-statutory double patenting rejection. The assignee of the application and the patent is the same.
Exemplary claim 21 with the substantive differences between the conflicting claim 1 identified in bold / underlined is outlined below in the following comparison table.



Claim Comparison Table   
Instant Application
17,721,614
US Patent 
10,616,269
21. A system for threat detection, the system comprising: 
a gateway in a computer network of an enterprise, the gateway configured to detect a request for network traffic from an endpoint in the enterprise, the request including a destination address and the request containing a violation of a network policy for the enterprise, the gateway further configured to identify the endpoint that originated the request, and to query the endpoint to determine a first instance of a source of the request on the endpoint; and 
a threat management facility for managing the enterprise, the threat management facility coupled in a communicating relationship with the gateway, and 
the threat management facility configured to locate one or more other endpoints associated with the enterprise that contain a second instance of the source of the request, and to cause the one or more other endpoints to remediate the second instance of the source on the one or more other endpoints.
1. A system comprising: an endpoint associated with an enterprise, the endpoint including a computing device comprising a memory and a processor, the endpoint executing a process from a file, and the endpoint configured to evaluate a local reputation of the file based at least in part on a certificate associated with a source of the file; 

     a gateway associated with the enterprise and coupled in a communicating relationship with the endpoint, the gateway configured to detect the process executing from the file on the endpoint and to request a global reputation of the file from a remote resource, 

      the gateway further configured to enforce a network policy of the enterprise by detecting network traffic from the endpoint in violation of the network policy and providing a violation notification to the remote resource in response to the network traffic; and 

     a threat management facility associated with the enterprise and coupled in a communicating relationship with the gateway and the endpoint, the threat management facility configured to receive the request from the gateway and to determine a global reputation of the file, 

      the threat management facility further configured to receive the local reputation from the endpoint and, in response to receipt of the violation notification, to respond by determining a remedial action for the file on the endpoint based upon the local reputation evaluated by the endpoint based at least in part on the certificate associated with the source of the file, the global reputation of the file determined by the threat management facility, and 
     
      the violation notification from the gateway in response to the network traffic from the endpoint in violation of the network policy. 





Claim 21 and independent claim(s) of the instant application is broader in all respects than conflicting claim 1 and independent claim(s) of Patent No. U.S. Patent 10,616,269.  It is clear that all the elements of independent claims of the instant application are to be found in the patent of independent claims. The difference between the instant application claims and claims of patent claims lies in the fact that the patented claim includes more elements and is thus more specific. 
For example, in the instant application claim 21 recites “  a gateway and a threat management facility .. to contain a second instance of the source of the request containing violation of a network policy with destination address and threat facility for management of endpoint(s) along with other steps” similarly in the patent claim 1 the ‘all steps of instant application claim 1 along with  ‘ .. the threat management facility further configured to receive the local reputation from the endpoint and, in response to receipt of the violation notification, to respond by determining a remedial action for the file on the endpoint based upon the local reputation evaluated by the endpoint and other steps’. Thus, claim 21 and independent claim(s) of instant application are broader.
The pending claims of the instant application are generic to the species of patent
‘264. Thus, the generic invention is ‘anticipated’ by the species of the patented invention and the instant application claims are generic to the species of invention covered by the patent claim. Therefore, they are not patentably distinct from each other.
This is non-statutory obvious type double patenting rejection since the conflicting claims have been patented.  

Double Patent Analysis of Instant application 17,721,614  and US Patent 10,122,753.
Claims 21-40 are rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent 10,122,753. Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is covered by the U.S. Patent 10,122,753.
This is a provisional non-statutory double patenting rejection. The assignee of the application and the patent is the same.
Exemplary claim 21 with the substantive differences between the conflicting claim 1 identified in bold / underlined is outlined below in the following comparison table.



Claim Comparison Table   
Instant Application
17,721,614
US Patent 
10,122,753

21. A system for threat detection, the system comprising: 
a gateway in a computer network of an enterprise, the gateway configured to detect a request for network traffic from an endpoint in the enterprise, the request including a destination address and the request containing a violation of a network policy for the enterprise, the gateway further configured to identify the endpoint that originated the request, and to query the endpoint to determine a first instance of a source of the request on the endpoint; and 
a threat management facility for managing the enterprise, the threat management facility coupled in a communicating relationship with the gateway, and 
the threat management facility configured to locate one or more other endpoints associated with the enterprise that contain a second instance of the source of the request, and to cause the one or more other endpoints to remediate the second instance of the source on the one or more other endpoints.



1. A system comprising: 

     an endpoint associated with an enterprise, the endpoint including a computing device comprising a memory and a processor, the endpoint executing a process from a file, the process, during execution, opening a data file for manipulation, and the endpoint configured to evaluate a local reputation of the file using one or more local criteria including a first criterion based on a user executing the process and to evaluate the local reputation of the file further based on evaluating one or more of an origin of the data file, evaluating a reputation of an environment for the data file, evaluating a reputation of a user that created the data file, and evaluating a reputation of the process using the data file; 

    a gateway associated with the enterprise and coupled in a communicating relationship with the endpoint, the gateway configured to detect the process executing from the file on the endpoint and to request a global reputation of the file from a remote resource, the gateway further configured to enforce a network policy of the enterprise by detecting network traffic from the endpoint in violation of the network policy and providing a violation notification to the remote resource in response to the network traffic; and 

   a threat management facility associated with the enterprise and coupled in a communicating relationship with the gateway and the endpoint, the threat management facility configured to receive the request from the gateway and to determine a global reputation of the file, the threat management facility further configured to receive the local reputation from the endpoint and the violation notification from the gateway, wherein the threat management facility is configured to respond to the violation notification by determining a remedial action for the file on the endpoint based upon the local reputation evaluated by the endpoint using the first criterion based on the user executing the process from the file, the global reputation of the file determined by the threat management facility, and the violation notification from the gateway in response to the network traffic from the endpoint in violation of the network policy.





Claim 21 and independent claim(s) of the instant application is broader in all respects than conflicting claim 1 and independent claim(s) of Patent No. U.S. Patent 10,122,753.  It is clear that all the elements of independent claims of the instant application are to be found in the patent of independent claims. The difference between the instant application claims and claims of patent claims lies in the fact that the patented claim includes more elements and is thus more specific. 
For example, in the instant application claim 21 recites “  a gateway and a threat management facility .. to contain a second instance of the source of the request containing violation of a network policy with destination address and threat facility for management of endpoint(s) along with other steps” similarly in the patent claim 1 the ‘all steps of instant application claim 1 along with  ‘ .. the threat management facility further configured configured to receive the local reputation from the endpoint and the violation notification from the gateway, wherein the threat management facility is configured to respond to the violation notification by determining a remedial action for the file on the endpoint based upon the local reputation evaluated by the endpoint using the first criterion based on the user executing the process from the file, the global reputation of the file determined by the threat management facility, and the violation notification from the gateway in response to the network traffic from the endpoint in violation of the network policy and other steps’. Thus, claim 21 and independent claim(s) of instant application are broader.
The pending claims of the instant application are generic to the species of patent
‘753. Thus, the generic invention is ‘anticipated’ by the species of the patented invention and the instant application claims are generic to the species of invention covered by the patent claim. Therefore, they are not patentably distinct from each other.
This is non-statutory obvious type double patenting rejection since the conflicting claims have been patented.  
A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus)." ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
This is non-statutory obvious type double patenting rejection.  

					Examiner Notes 
Claims overcome prior art rejection and only DP rejection is pending. 
Examiner request to file eTD to overcome DP rejection. 

Prior Art of Record
         The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Xie et al US Patent 10,742,601
Cooley et al US Patent 9,781,019
Sadovsky et al US Patent 9,210,183
Gopal et al US Patent 9,270,698
Rathor et al US Patent 9,124,636
Bettini et al US Patent 8,918,881
Visbal et al US Patent 8,832,832
Bettini et al US Patent 8,819,772
Nicodemus et al US Publication 2013/0254833
                                         REASONS FOR ALLOWANCE
          The following is an examiner’s statement of reasons for allowance:
Examiner finds claims dated 8/8/2022 are persuasive for reason of allowance.  
Although the claims are rejected under Double Patent rejection, the claim(s) overcome any prior art rejection as the prior art of record does not explicitly disclose, in light of other features recited in independent claims 1, 9 and 17 as follows :
Claim 1 ‘ .. the threat management facility configured to locate one or more other endpoints associated with the enterprise that contain a second instance of the source of the request, and to cause the one or more other endpoints to remediate the second instance of the source on the one or more other endpoints along with additional detailed steps in claim(s) as described in independent claim(s) on 8/8/2022. 

However, each of the cited references or reference from the updated search, at least, fails to teach or suggest in combination with the rest of the limitations recited in the independent claim(s).
None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim(s) under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Dependent claims depend on allowed independent claims, therefore they are allowed. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/           Examiner, Art Unit 2431