Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is the initial office action has been issued in response to patent application, 17/242268, filed on 27 April 2021.  Claims 1-20, as originally filed, are currently pending and have been considered below.  


Claim Rejections - 35 USC § 112
The following is a quotation of the second paragraph of 35 U.S.C. 112:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 


Claim 8:
Claim 8 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.  
Claim 8 recites the limitation “service that includes the security certificate.  There is insufficient antecedent basis for this limitation in the claim.





Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20:
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) receiving, by a processing device, a request from an endpoint device … to update a security posture of the endpoint device … and updating a device record corresponding to the endpoint device to reflect the security posture.
The limitation of receiving, by a processing device, a request from an endpoint device, is a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components. Applicant’s specifications recite “processes may be performed by a combination of hardware, software, firmware and/or by human operators” (0013).  That is, other than reciting “a processing device” “endpoint device”, nothing in the claim element precludes the step from practically being performed in the mind. 
This judicial exception is not integrated into a practical application because the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements are generic computer components claimed to perform their basic functions of receiving, and updating data. The recitation of the computer limitations amounts to mere instructions to implement the abstract idea on a computer, such as using a computer program to enable receiving a request and updating a device record. Taking the elements both individually and as a combination, the computer components at each step of the security process perform purely generic computer functions. The claim as a whole does not amount to significantly more than the abstract idea itself.  Accordingly, the claim recites an abstract idea. 
The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because with respect to integration of the abstract idea into a practical application, the additional element of using “endpoint device”, “a  processing device” to perform both the receiving and updating steps amount to no more than mere instructions using a generic computer component which cannot provide an inventive concept.  The claim is not patent eligible.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-4, 8-11, 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Shravan et al. (US2021/0281576 A1, file date 03/04/2020).

Claims 1 and 18:
With respect to claims 1 and 18, Shravan et al. discloses a method for zero trust security processing for an endpoint device in a network (The network appliance (or a server associated with the network appliance) requests compliance details from the user device based on the configured policies. 0010) (The private network 104 includes a network appliance 110 (e.g., a network access control (NAC) device or a virtual private network (VPN) controller, a software defined perimeter (SDP) controller, etc.), 0022)(Figures 1 and 6)/a non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processing resources of a computer system, causes the one or more processing resources (Instructions embedded or encoded in a computer-readable medium may cause a programmable processor, or other processor, to perform the method, e.g., when the instructions are executed. Computer-readable media may include non-transitory computer-readable storage media, 0051) to perform the method comprising: 
receiving, by a processing device, a request from an endpoint device, wherein the endpoint device includes an endpoint agent executing on the endpoint device (client 120 makes an initial request for access to a protected network zone and/or protected resource 116 within the private network 104 (602), 0043) (Figure 6, 602),
wherein the endpoint agent is configured to update a security posture of the endpoint device (The client 120 monitors for changes on the user device 118 related to the compliance information, the client 120 detects that at least one setting related to the requested compliance information has changed on the user device 118 (622). Based on the updated compliance information, the client 120 provides only compliance information that has changed since the compliance information was last sent to the network appliance 110 (624), 0047) (Figure 6, 620, 622, 624), and 
wherein the request includes the security posture of the endpoint device (The network appliance 110 requests all compliance information related to the identified requirements (606), 0044) (he client 120 sends the collected details (e.g., the requested compliance information) to the network appliance 110 (612), 0045) (Figure 6, 608, 612); and 
updating a device record (a compliance database 124, Figure 1) (The network appliance stores the compliance information in a compliance database, 0010) corresponding to the endpoint device to reflect the security posture received from the endpoint device ((c) evaluating the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) storing the received compliance information in a database associated with the network appliance, 0011) (Based on the updated compliance information, the client 120 provides only compliance information that has changed since the compliance information was last sent to the network appliance 110 (624), 0047) (when the updated compliance information is within the proper timeframe (YES at 626), the network appliance 110 retrieves the stored compliance information from the compliance database 124 (628). The network appliance 110 proceeds determine whether the user device 118 is compliant with the applicable policies (614). As a result of the updated compliance information, the network appliance 110 may adjusts the access level of the user device 118, 0048).

Claims 2, 19:
With respect to claims 2, 19, Shravan et al. discloses the method further comprising: determining, by the processing device, an owner of the endpoint device based at least in part on information received as part of the request from the endpoint device, wherein updating the device record is done based in part upon the owner (identifying information checks (e.g., username and password checks and/or certificate checks) to authenticate a user and/or a device, 0004) (authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”). The authentication credentials include one or more of (i) a username and password that relate to a particular user of user device 118, (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, user account, 0025).

Claim 3:
With respect to claim 3, Shravan et al. discloses wherein determining the owner is done by accessing a network database (the authentication credentials are stored by authentication server 112, 0025). 

Claims 4, 20:
With respect to claims 4, 20, Shravan et al. discloses wherein the security posture includes at least one of: an indication of an out of date operating system executing on the endpoint device, an insecure application executing on the endpoint device, a vulnerable hardware element included as part of the endpoint device, or an up to date virus detection and mitigation application executing on the endpoint device (a policy may require that the user device 118 have a certain antivirus product, settings of the antivirus product, a certain firewall product, settings of the firewall product, a certain patch management product, settings of the patch management product, a certain status of an application (e.g., the application is open, etc.), a certain a file on the device, a certain status of one or more ports, and/or settings of registry keys, etc. The network appliance 110 requests all compliance information related to the identified requirements (606), 0044).



Claim 8:
With respect to claim 8, Shravan et al. discloses wherein the request is a first request (receiving a first request to access a protected network resource from an endpoint device, 0011), wherein the processing device is a first processing device, and wherein the method further comprises:
receiving, by a second processing device, a second request from the endpoint device (second request, 0011), wherein the second request requests access to a network service that includes the security certificate (The authentication credentials include one or more of (ii) a digital certificate, (iii) a cryptographic token, 0025); formatting, by the second processing device, a device record request based at least in part on information derived from the security certificate; and issuing, by the second processing device, the device record request (in response to receiving, by the network appliance, a second request to access a protected network resource from the endpoint device, (a) accessing the compliance information of the endpoint device stored in the database, (b) requesting an update from the endpoint device, (c) in response to requesting the update, receiving updated compliance information that includes less than all of the compliance details required by the policies, (d) in response to receiving, by the network appliance, first updated compliance information that includes only updated ones of the compliance details required by the policies, evaluating the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state, and (e) providing access based on the updated compliance state, 0011)

Claim 9:
With respect to claim 9, Shravan et al. discloses the method further comprising:
receiving, by the first processing device, the device record request (first request, 0011) (Figure 6, 602); and providing, by the first processing device, the device record in response to the device record request (a compliance database 124, Figure 1) (The network appliance stores the compliance information in a compliance database, 0010) (d) in response to receiving, by the network appliance, first updated compliance information that includes only updated ones of the compliance details required by the policies, evaluating the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state, 0011).

Claim 10:
With respect to claim 10, Shravan et al. discloses the method further comprising:
receiving, by the second processing device, the device record; and granting, by the second processing device, access to the network service based at least upon a combination of the security certificate and the device record (a compliance database 124, Figure 1) ((a) determining which compliance information related to policies associated with a role that was granted as a result of the authentication that was performed earlier, The network appliance stores the compliance information in a compliance database, 0010) (d) in response to receiving, by the network appliance, first updated compliance information that includes only updated ones of the compliance details required by the policies, evaluating the compliance of the endpoint device based on the updated compliance information and the compliance information stored in the database to determine an updated compliance state, 0011) (The authentication credentials include one or more of (ii) a digital certificate, (iii) a cryptographic token, 0025).

Claim 11:
With respect to claim 11, Shravan et al. discloses wherein the first processing device is an endpoint management system, wherein the second processing device is an access node, and wherein the endpoint management system and the access node are communicably coupled (Network appliance 110, user device 120, authentication server 112, Figure 1).



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 5-7, 12-17 are rejected under 35 U.S.C. 103 as being unpatentable over Shravan et al. (US2021/0281576 A1, file date 03/04/2020) in view of Levin et al. (US2022/0029988 A1, file date 07/27/2020).

Claim 5:
With respect to claim 5, Shravan et al. discloses a security certificate for the endpoint device (The authentication credentials include one or more of (ii) a digital certificate, (iii) a cryptographic token, 0025).

Shravan et al. does not disclose wherein the request from the endpoint device is a request to register the endpoint device, the method further comprising: 
generating, by the processing device, a security certificate for the endpoint device; and 
transmitting, by the processing device, the security certificate to the endpoint agent on the endpoint device as claimed.

However, Levin et al. teaches providing zero-trust network security, The intermediate CA certificates are distributed among nodes, authorized entities are allowed to communicate pursuant to a network firewall policy to be enforced (0018), the policy manager 130 is configured to distribute agents and enforce policy management via the nodes 120, the policy manager 130 is configured to generate and send certificate authority (CA) certificates as well as to deploy the agents 122 on the entities 120. The agents 122, when deployed, to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, (0024), wherein the request from the endpoint device is a request to register the endpoint device, the method further comprising: 
generating, by the processing device, a security certificate for the endpoint device (a primary certificate authority (CA) certificate and intermediate CA certificates are created, The primary CA certificate and each intermediate CA certificate identifies the host on which the certificate was generated as well as a cloud provider signature identifying that host, 0026); and 
transmitting, by the processing device, the security certificate to the endpoint agent on the endpoint device (the intermediate CA certificates are sent to respective entities installed on nodes of a network, Each entity receives a unique intermediate CA certificate, new intermediate CA certificates are sent, for example, periodically (e.g., when the current period of time is about to expire), 0028).

Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Levin et al. in Shravan et al. for wherein the request from the endpoint device is a request to register the endpoint device, the method further comprising: generating, by the processing device, a security certificate for the endpoint device; and transmitting, by the processing device, the security certificate to the endpoint agent on the endpoint device as claimed for purposes of enforcing identity-based network firewall policies in a seamless manner which does not require modifying entities or network infrastructure. By distributing CA certificates to and deploying agents at each node, the central authority can cause enforcement of the firewall policy in a distributed manner and without requiring modifying the underlying infrastructure and improve security by providing techniques for preventing unauthorized use of stolen certificates (see Levin et al. 0021)


Claim 6:
With respect to claim 6, Shravan et al. discloses the limitations of claim 1, as addressed. 

Shravan et al. does not disclose wherein the request from the endpoint device is an initial request from the endpoint device, the method further comprising:
generating, by the processing device, a security certificate for the endpoint device; and transmitting, by the processing device, the security certificate to the endpoint agent on the endpoint device as claimed. 

However, Levin et al. teaches providing zero-trust network security, The intermediate CA certificates are distributed among nodes, authorized entities are allowed to communicate pursuant to a network firewall policy to be enforced (0018), the policy manager 130 is configured to distribute agents and enforce policy management via the nodes 120, the policy manager 130 is configured to generate and send certificate authority (CA) certificates as well as to deploy the agents 122 on the entities 120. The agents 122, when deployed, to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, (0024), wherein the request from the endpoint device is an initial request from the endpoint device, the method further comprising:
generating, by the processing device, a security certificate for the endpoint device (a primary certificate authority (CA) certificate and intermediate CA certificates are created, The primary CA certificate and each intermediate CA certificate identifies the host on which the certificate was generated as well as a cloud provider signature identifying that host, 0026); and transmitting, by the processing device, the security certificate to the endpoint agent on the endpoint device (the intermediate CA certificates are sent to respective entities installed on nodes of a network, Each entity receives a unique intermediate CA certificate, new intermediate CA certificates are sent, for example, periodically (e.g., when the current period of time is about to expire), 0028).

Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Levin et al. in Shravan et al. for wherein the request from the endpoint device is an initial request from the endpoint device, the method further comprising: generating, by the processing device, a security certificate for the endpoint device; and transmitting, by the processing device, the security certificate to the endpoint agent on the endpoint device as claimed for purposes of enforcing identity-based network firewall policies in a seamless manner which does not require modifying entities or network infrastructure. By distributing CA certificates to and deploying agents at each node, the central authority can cause enforcement of the firewall policy in a distributed manner and without requiring modifying the underlying infrastructure and improve security by providing techniques for preventing unauthorized use of stolen certificates (see Levin et al. 0021)

Claim 7:
With respect to claim 7, the combination of Shravan et al. and Levin et al. discloses the limitations of claim 5, as addressed. 

Levin et al. teaches providing zero-trust network security, The intermediate CA certificates are distributed among nodes, authorized entities are allowed to communicate pursuant to a network firewall policy to be enforced (0018), the policy manager 130 is configured to distribute agents and enforce policy management via the nodes 120, the policy manager 130 is configured to generate and send certificate authority (CA) certificates as well as to deploy the agents 122 on the entities 120. The agents 122, when deployed, to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, (0024), wherein the method further comprises:
installing the security certificate into a register of the endpoint agent (the intermediate CA certificates are sent to respective entities installed on nodes of a network, 0028).

Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.

The motivation for combining Shravan et al. and Levin et al. is recited in claim 5.

Claim 12:
With respect to claim 1, Shravan et al. discloses a system for zero trust security processing for an endpoint device in a network (The network appliance (or a server associated with the network appliance) requests compliance details from the user device based on the configured policies. 0010) (The private network 104 includes a network appliance 110 (e.g., a network access control (NAC) device or a virtual private network (VPN) controller, a software defined perimeter (SDP) controller, etc.), 0022)(Figures 1 and 6), the system comprising: 
an endpoint device (Figure 1) including a first processing device and a non-transitory computer readable storage medium, wherein the non-transitory computer readable medium includes instructions which when executed by the first processing device cause the endpoint device (Instructions embedded or encoded in a computer-readable medium may cause a programmable processor, or other processor, to perform the method, e.g., when the instructions are executed. Computer-readable media may include non-transitory computer-readable storage media, 0051) to: 
update a security posture of the endpoint device (The client 120 monitors for changes on the user device 118 related to the compliance information, the client 120 detects that at least one setting related to the requested compliance information has changed on the user device 118 (622). Based on the updated compliance information, the client 120 provides only compliance information that has changed since the compliance information was last sent to the network appliance 110 (624), 0047) (Figure 6, 620, 622, 624),
provide the security posture of the endpoint device to a second processing device (The network appliance 110 requests all compliance information related to the identified requirements (606), 0044) (he client 120 sends the collected details (e.g., the requested compliance information) to the network appliance 110 (612), 0045) (Figure 6, 608, 612);
receive a security certificate generated; provide the security certificate to a third processing device as part of a request to access a network (identifying information checks (e.g., username and password checks and/or certificate checks) to authenticate a user and/or a device, 0004) (authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”). The authentication credentials include one or more of (i) a username and password that relate to a particular user of user device 118, (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, user account, 0025).

Shravan et al. does not disclose the security certificate generated based at least in part on the security posture of the endpoint device as claimed.

However, Levin et al. teaches providing zero-trust network security, The intermediate CA certificates are distributed among nodes, authorized entities are allowed to communicate pursuant to a network firewall policy to be enforced (0018), the policy manager 130 is configured to distribute agents and enforce policy management via the nodes 120, the policy manager 130 is configured to generate and send certificate authority (CA) certificates as well as to deploy the agents 122 on the entities 120. The agents 122, when deployed, to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, (0024),
the security certificate generated based at least in part on the security posture of the endpoint device (configured to generate and send certificate authority (CA) certificates to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, 0024). 

Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Levin et al. in Shravan et al. for the security certificate generated based at least in part on the security posture of the endpoint device as claimed for purposes of enforcing identity-based network firewall policies in a seamless manner which does not require modifying entities or network infrastructure. By distributing CA certificates to and deploying agents at each node, the central authority can cause enforcement of the firewall policy in a distributed manner and without requiring modifying the underlying infrastructure and improve security by providing techniques for preventing unauthorized use of stolen certificates (see Levin et al. 0021)


Claim 13:
With respect to claim 13, the combination of Shravan et al. and Levin et al. discloses the limitations of claim 12, as addressed. 

Shravan et al. discloses wherein the security posture includes at least one of: an indication of an out of date operating system executing on the endpoint device, an insecure application executing on the endpoint device, a vulnerable hardware element included as part of the endpoint device, or an up to date virus detection and mitigation application executing on the endpoint device (a policy may require that the user device 118 have a certain antivirus product, settings of the antivirus product, a certain firewall product, settings of the firewall product, a certain patch management product, settings of the patch management product, a certain status of an application (e.g., the application is open, etc.), a certain a file on the device, a certain status of one or more ports, and/or settings of registry keys, etc. The network appliance 110 requests all compliance information related to the identified requirements (606), 0044).

Claim 14:
With respect to claim 14, the combination of Shravan et al. and Levin et al. discloses the limitations of claim 12, as addressed

Shravan et al. discloses wherein the security certificate is generated by the second processing device based at least in part an owner of the endpoint device (identifying information checks (e.g., username and password checks and/or certificate checks) to authenticate a user and/or a device, 0004) (authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”). The authentication credentials include one or more of (i) a username and password that relate to a particular user of user device 118, (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, user account, 0025).

Levin et al. teaches wherein the security certificate is generated by the second processing device based at least in part on the security posture of the endpoint device (configured to generate and send certificate authority (CA) certificates to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, 0024). 

Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.

The motivation for combining Shravan et al. and Levin et al.is recited in claim 12. 

Claim 15:
With respect to claim 15, the combination of Shravan et al. and Levin et al. discloses the limitations of claim 12, as addressed

Shravan et al. discloses wherein the second processing device generates a device  record for the endpoint device (a compliance database 124, Figure 1) (The network appliance stores the compliance information in a compliance database, 0010) based at least in part on the security posture of the endpoint device ((c) evaluating the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) storing the received compliance information in a database associated with the network appliance, 0011) (Based on the updated compliance information, the client 120 provides only compliance information that has changed since the compliance information was last sent to the network appliance 110 (624), 0047) (when the updated compliance information is within the proper timeframe (YES at 626), the network appliance 110 retrieves the stored compliance information from the compliance database 124 (628). The network appliance 110 proceeds determine whether the user device 118 is compliant with the applicable policies (614). As a result of the updated compliance information, the network appliance 110 may adjusts the access level of the user device 118, 0048) and an owner of the endpoint device (identifying information checks (e.g., username and password checks and/or certificate checks) to authenticate a user and/or a device, 0004) (authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”). The authentication credentials include one or more of (i) a username and password that relate to a particular user of user device 118, (ii) a digital certificate, (iii) a cryptographic token, (iv) a biometric token, and/or (v) two-device authorization information, user account, 0025),

Levin et al. teaches wherein the third processing device requests the device record based at least in part on the security certificate received from the endpoint device (configured to generate and send certificate authority (CA) certificates to verify identities and compliance with firewall policies using intermediate CA certificates issued by the policy manager 130, 0024). 

Shravan et al. and Levin et al. are analogous art because they are from the same field of endeavor of zero trust security.

The motivation for combining Shravan et al. and Levin et al.is recited in claim 12. 

Claim 16:
With respect to claim 16, the combination of Shravan et al. and Levin et al. discloses the limitations of claim 12, as addressed

Shravan et al. discloses wherein the second processing device and the third 2 processing device are the same device (first, second, third request from endpoint device, 0011, Claim 9).

Claim 17:
With respect to claim 17, Shravan et al. discloses wherein the second processing device is included in an endpoint management system, wherein the second processing device is included in an access node, and wherein the endpoint management system and the access node are communicably coupled (Network appliance 110, user device 120, authentication server 112, Figure 1).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892). 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-6798.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HELAI SALEHI/           Examiner, Art Unit 2433   

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433