ATTORNEY DOCKET NO.: ClSOB-20(0000)
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Applicant(s): Philip J.S. Gladstone and Jeffrey A. Kraemer
`Serial No.:
`10/172,305
`For:
`Stateful Distributed Event Processing And Adaptive Security
`Filing Date:
`June 14, 2002
`Examiner: Mohammad W. Reza
`Art Unit:
`2136
`Conf. No.2
`3007
`
`
`Certificate of Transmission Under 37 C.F.R. 1.8
`
`I hereby certify that this correspondence is being electronically transmitted to the
`United States Patent and Trademark Office via the EFS-Web system on: June 13, 2007
`
`Date: October 18, 2007
`
`By: Penny A. Coelho
`(Typed or printed name of person mailing
`Document, whose signature appears below)
`
`
`
` Signature: / ac/
`
`MAIL STOP AF
`
`Commissioner for Patents
`PO Box 1450
`Alexandria, Virginia 22313
`Sir:
`
`g
`
`[4
`
`.
`
`[K
`\0go
`{D
`\\
`
`VQO
`
`AMENDMENT
`
`In response to the Final Office Action mailed on August 21l 2007, please amend
`
`the above-identified Application as follows:
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.1
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.1
`
`
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Applicant(s): Philip J.S. Gladstone and Jeffrey A. Kraemer
`Serial No.:
`10/172,305
`For:
`Stateful Distributed Event Processing And Adaptive Security
`Filing Date:
`June 14, 2002
`Examiner: Mohammad W. Reza
`Art Unit:
`2136
`Conf. No.2
`3007
`
`
`Certificate of Transmission Under 37 C.F.R. 1.8
`
`I hereby certify that this correspondence is being electronically transmitted to the
`United States Patent and Trademark Office via the EFS-Web system on: June 13, 2007
`
`Date: October 18, 2007
`
`By: Penny A. Coelho
`(Typed or printed name of person mailing
`Document, whose signature appears below)
`
`
`
` Signature: / ac/
`
`MAIL STOP AF
`
`Commissioner for Patents
`PO Box 1450
`Alexandria, Virginia 22313
`Sir:
`
`g
`
`[4
`
`.
`
`[K
`\0go
`{D
`\\
`
`VQO
`
`AMENDMENT
`
`In response to the Final Office Action mailed on August 21l 2007, please amend
`
`the above-identified Application as follows:
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.1
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.1
`
`
`
`ATTORNEY DOCKET NO.: ClSO3-20(OOOO)
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Applicant(s): Philip J.S. Gladstone and Jeffrey A. Kraemer
`Serial No.:
`10/172,305
`
`Stateful Distributed Event Processing And Adaptive Security
`For:
`June 14, 2002
`Filing Date:
`Examiner: Mohammad W. Reza
`Art Unit:
`2136
`Conf. No.:
`3007
`
`Certificate of Transmission Under 37 C.F.R.
`
`1.8
`
`I hereby certify that this correspondence is being electronically transmitted to the
`United States Patent and Trademark Office via the EFS-Web system on: June 13, 2007
`
`Date: October18,2007
`
`By: Penny A. Coelho
`(Typed or printed name of person mailing
`Document, whose signature appears below)
`
`Signature:
`
`lpac/
`
`MAIL STOP AF
`Commissioner for Patents
`PO Box 1450
`
`Alexandria, Virginia 22313
`
`Sir:
`
`AMENDMENT
`
`In response to the Final Office Action mailed on August 21, 2007, please amend
`
`the above-identified Application as follows:
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.2
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.2
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-2-
`
`IN THE CLAIMS
`
`1.
`
`(Currently Amended) A method of maintaining a networked computer system
`
`including first and second nodes and an event processing server, comprising:
`
`the first and second nodes detecting changes in state;
`
`the event processing server receiving notification of the changes in state from the
`
`first and second nodes;
`
`the event processing server correlating the changes in state detected by the first
`
`and second nodes;
`
`the event processing server executing a maintenance decision which affects the
`
`first and second nodes, wherein the maintenance decision is based on the correlating
`
`of the changes in state detected by the first and second nodes, the changes in state a
`
`result of an absence of an event;
`
`wherein the absence of an event comprises at least one of:
`
`an absence of a request for system resources; and
`
`an absence of an event message received within a predetermined time
`
`frame; and
`
`wherein the detecting, transmitting, correlating, and executing occurs without
`
`human intervention[[.]]; and
`
`wherein the event processing server comprises an interceptor inserted in a
`
`communication path of the networked computer system, the method further comprising:
`
`at the interceptor, detecting an access reguest in the communications
`
`m;
`
`generating an event message for the access reguest;
`
`transmitting the event message to the event processing server; and
`
`in response, receiving a policy message from the event processing server
`
`WW
`
`instructions for allowing the access reguest to continue along the
`
`communications path, and
`
`instructions for disallowing the access reguest to continue along the
`
`Patent Owner Finjan, Inc. - EX. 2002, p.3
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.3
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`communications path.
`
`2. (Canceled)
`
`3. (Original) The method of claim 1 wherein the changes in state are recognized by a
`
`reference monitor.
`
`4. (Original) The method of claim 3 wherein the monitor is a stateful reference monitor.
`
`5. (Original) The method of claim 1 wherein the event processing server receiving the
`
`report is the result of one of the first and second nodes reporting to the event
`
`processing server, and the event processing server polling the first and second nodes.
`
`6. (Original) The method of claim 1 further including the event processing server
`
`updating an operating policy on the network.
`
`7. (Original) The method of claim 6 wherein the updating the operating policy includes at
`
`least one of requesting security policy changes on at least one node, requesting
`
`changes to privileges to access system resources on at least one node, tuning system
`
`parameters on at least one node, and modifying network firewall parameters.
`
`8. (Original) The method of claim 6 further including at least one node enacting the
`
`updated operating policy.
`
`9. (Original) The method of claim 1 further including notifying an external entity of
`
`actions taken.
`
`10. (Original) The method of claim 9, wherein the external entity is a network
`
`administrator.
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.4
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.4
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-4-
`
`11. (Original) The method of claim 9, wherein the external entity is a software
`
`application executing on the network.
`
`12. (Currently Amended) A method for maintaining a networked computer system
`
`including:
`
`at least one node detecting at least one change in state;
`
`an event processing server on the network receiving notification of the at least
`
`one change in state from the at least one node; and
`
`the event processing server responding to the notification by executing a
`
`maintenance decision, wherein the maintenance decision is based on the at least one
`
`change in state from the at least one node, the at least one change in state a result of
`
`an absence of an event;
`
`wherein the absence of an event comprises at least one of:
`
`an absence of a request for system resources; and
`
`an absence of an event message received within a predetermined time
`
`frame; and
`
`wherein the detecting, receiving, and responding occurs without human
`
`intervention[[.]]; and
`
`wherein the event processing server comprises an interceptor inserted in a
`
`communication path of the networked computer system, the method further comprising:
`
`at the interceptor, detecting an access reguest in the communications
`
`m;
`
`generating an event message for the access reguest;
`
`transmitting the event message to the event processing server; and
`
`in response, receiving a policy message from the event processing server
`
`comprising at least one of:
`
`instructions for allowing the access reguest to continue along the
`
`communications path, and
`
`instructions for disallowing the access reguest to continue along the
`
`communications path.
`
`Patent Owner Finjan, Inc. - EX. 2002, p.5
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.5
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`13. (Canceled)
`
`14. (Original) The method of claim 12 wherein the change in state is recognized by a
`
`reference monitor.
`
`15. (Original) The method of claim 14 wherein the reference monitor is a stateful
`
`reference monitor.
`
`16. (Original) The method of claim 12 wherein the event processing server receiving the
`
`report is the result of one of the node reporting to the event processing server, and the
`
`event processing server polling the node.
`
`17. (Original) The method of claim 12 wherein the maintenance decision affects the at
`
`least one node detecting the change in state.
`
`18. (Original) The method of claim 12 wherein the maintenance decision affects at least
`
`one node other than the node detecting the change in state.
`
`19. (Original) The method of claim 12 further including the event processing server
`
`updating an operating policy on the network.
`
`20. (Original) The method of claim 19 wherein the updating the operating policy includes
`
`at least one of requesting security policy changes on at least one node, requesting
`
`changes to privileges to access system resources on at least one node, tuning system
`
`parameters on at least one node, and modifying network firewall parameters.
`
`21. (Original) The method of claim 19 further including at least one node enacting the
`
`updated operating policy.
`
`Patent Owner Finjan, Inc. - EX. 2002, p.6
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.6
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-6-
`
`22. (Original) The method of claim 12, further including notifying an external entity of
`
`actions taken.
`
`23. (Original) The method of claim 22, wherein the external entity is a network
`
`administrator.
`
`24. (Original) The method of claim 22, wherein the external entity is a software
`
`application executing on the network.
`
`25. (Currently Amended) A method for maintaining a node on a networked computer
`
`system including:
`
`at least one node detecting a change in state;
`
`the at least one node reacting to the change in state, wherein the change in
`
`state is a result of an absence of an event;
`
`wherein the absence of an event comprises at least one of:
`
`an absence of a request for system resources; and
`
`an absence of an event message received within a predetermined time
`
`frame;
`
`wherein the at least one node detecting and reacting to the change in state
`
`occurs without human intervention; and
`
`the at least one node notifying an event processing server on the network[[.]];
`
`fl
`
`wherein the at least one node comprises an interceptor inserted in a
`
`communication path of the networked computer system, the method further comprising:
`
`at the interceptor, detecting an access reguest in the communications
`
`m;
`
`generating an event message for the access reguest;
`
`transmitting the event message to the at least one node; and
`
`in response, receiving a policy message from the at least one node
`
`comprising at least one of:
`
`Patent Owner Finjan, Inc. - EX. 2002, p.7
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.7
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-7-
`
`instructing the interceptor to allow the access reguest to continue
`
`along the communications path, and
`
`instructing the interceptor to disallow the access reguest to
`
`continue along the communications path.
`
`26. (Canceled)
`
`27. (Original) The method of claim 25 wherein the change in state is recognized by a
`
`reference monitor.
`
`28. (Original) The method of claim 27 wherein the reference monitor is a stateful
`
`reference monitor.
`
`29. (Canceled)
`
`30. (Original) The method of claim 25 further including the event processing server
`
`responding to the notification by updating an operating policy on the network.
`
`31. (Original) The method of claim 30 wherein the updating the operating policy
`
`includes at least one of requesting updates to security policy on at least one node,
`
`requesting changes to privileges to access system resources on at least one node,
`
`tuning system parameters on at least one node, and modifying network firewall
`
`parameters.
`
`32. (Original) The method of claim 30 further including the at least one node enacting
`
`the updated operating policy.
`
`33. (Original) The method of claim 25, further including notifying an external entity of
`
`actions taken.
`
`Patent Owner Finjan, Inc. - EX. 2002, p.8
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.8
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-8-
`
`34. (Original) The method of claim 33, wherein the external entity is a network
`
`administrator.
`
`35. (Original) The method of claim 33, wherein the external entity is a software
`
`application executing on the network.
`
`36. (Currently Amended) A computer-readable medium having instructions recorded
`
`thereon, which instructions, when executed, enable at least one processor in a
`
`networked computer system to:
`
`detect a change in state of a node[[.]]; wherein the change in state is a result of
`
`an absence of an event;
`
`wherein the absence of an event comprises at least one of:
`
`an absence of a request for system resources; and
`
`an absence of an event message received within a predetermined time
`
`frame; and
`
`process instructions defining reacting to the detected change in state[[.]],'a_nd
`
`wherein the node comprises an interceptor inserted in a communication path of
`
`the networked computer system, the method further comprising:
`
`at the interceptor, detecting an access reguest in the communications
`
`1%;
`
`generating an event message for the access reguest;
`
`transmitting the event message to the at least one node; and
`
`in response, receiving a policy message from the at least one node
`
`comprising at least one of:
`
`instructing the interceptor to allow the access reguest to continue
`
`along the communications path, and
`
`instructing the interceptor to disallow the access reguest to
`
`continue along the communications path.
`
`Patent Owner Finjan, Inc. - EX. 2002, p.9
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.9
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-9-
`
`37. (Original) The computer-readable medium of claim 36 further including instructions
`
`defining communicating the change in state to an event processing server.
`
`38. (Original) The computer-readable medium of claim 37 further including instructions
`
`defining processing maintenance instructions received from the event processing
`server.
`
`39. (Original) The computer-readable medium of claim 36 further including instructions
`
`defining transmitting notification to a network administrator of actions taken.
`
`40. (Previously Presented) A computer-readable medium having instructions recorded
`
`thereon, which instructions, when executed, enable at least one processor in a
`
`networked computer system to:
`
`maintain an operating policy for the network;
`
`receive notification of a change in state from at least one node, wherein the
`
`change in state is a result of an absence of an event;
`
`wherein the absence of an event comprises at least one of:
`
`an absence of a request for system resources; and
`
`an absence of an event message received within a predetermined time
`
`frame; and
`
`update the operating policy based on the change in state[[.]];a_nd
`
`wherein the at least one node comprises an interceptor inserted in a
`
`communication path of the networked computer system, the method further comprising:
`
`at the interceptor, detect an access reguest in the communications path;
`
`generate an event message for the access reguest;
`
`transmit the event message to the at least one node;
`
`in response, receive a policy message from the at least one node
`
`comprising at least one of:
`
`instructions for allowing the access reguest to continue along the
`
`communications path, and
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.10
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.10
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-10-
`
`instructions for disallowing the access reguest to continue along the
`
`communications path.
`
`41. (Original) The computer-readable medium of claim 40 further including instructions
`
`defining storing received notifications of changes in state in memory.
`
`42. (Original) The computer-readable medium of claim 41 further including instructions
`
`defining correlating notifications received from a plurality of nodes.
`
`43. (Original) The computer-readable medium of claim 41 further including instructions
`
`defining storing received notifications in electronic file storage.
`
`44. (Original) The computer-readable medium of claim 40, further including instructions
`
`defining notifying an external entity of actions taken.
`
`45. (Original) The computer-readable medium of claim 44, wherein the external entity is
`
`a network administrator.
`
`46. (Original) The computer-readable medium of claim 44, wherein the external entity is
`
`a software application executing on the network.
`
`47. (Currently Amended) A method for maintaining a networked computer system
`
`including:
`
`at least one node detecting at least one change in state;
`
`an event processing server on the network receiving notification of the at least
`
`one change in state from the at least one node;
`
`the event processing server responding to the notification by dispensing a
`
`maintenance decision, wherein the maintenance decision is based on the at least one
`
`change in state from the at least one node, the at least one change in state a result of
`
`an absence of an event; and
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.11
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.11
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-11-
`
`wherein the absence of an event comprises at least one of:
`
`an absence of a request for system resources; and
`
`an absence of an event message received within a predetermined time
`
`frame [[.]],-a_nd
`
`wherein the event processing server comprises an interceptor inserted in a
`
`communication path of the networked computer system, the method further comprising:
`
`at the interceptor, detect an access reguest in the communications path;
`
`generate an event message for the access reguest;
`
`transmit the event message to the at least one node;
`
`in response, receive a policy message from the at least one node
`
`comprising at least one of:
`
`instructions for allowing the access reguest to continue along the
`
`communications path, and
`
`instructions for disallowing the access reguest to continue along the
`
`communications path.
`
`48. (Original) The method of claim 47, further comprising an act of:
`
`executing, by a human operator, the maintenance decision on at least one node
`
`on the networked computer system.
`
`49. (Original) The method of claim 47, further comprising an act of:
`
`executing, without human intervention, the maintenance decision on at least one
`
`node on the networked computer system.
`
`50. (Original) The method of claim 49, wherein a human operator is prompted and
`
`allotted a predetermined period to execute the maintenance decision before it is
`
`executed without human intervention.
`
`51. (Previously Presented) The method of claim 1 wherein, in response to an intrusion
`
`detection, a human operator is prompted and allotted a predetermined period to
`
`Patent Owner Finjan, Inc. - Ex. 2002, p. 12
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.12
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-12-
`
`execute the maintenance decision in accordance with the intrusion detection before the
`
`maintenance decision is executed without human intervention.
`
`52. (Previously Presented) The method of claim 25 wherein, in response to an intrusion
`
`detection, a human operator is prompted and allotted a predetermined time period to
`
`execute the maintenance decision in accordance with the intrusion detection before the
`
`maintenance decision is executed without human intervention.
`
`53. (Previously Presented) The computer-readable medium of claim 40 wherein, in
`
`response to an intrusion detection, a human operator is prompted and allotted a
`
`predetermined time period to execute the maintenance in accordance with the
`
`intrusion detection decision before the maintenance decision is executed without
`
`human intervention.
`
`54. (Canceled)
`
`55. (Canceled)
`
`56. (Canceled)
`
`57. (Canceled)
`
`58. (Canceled)
`
`59. (Canceled)
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.13
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.13
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: CISO3-20(0000)
`
`-13-
`
`REMARKS
`
`In response to the Final Office Action mailed on August 21, 2007, Applicants
`
`respectfully request reconsideration. Claims 1, 3-12, 14-25, 27-28 and 30-53 are now
`
`pending in this Application. Claims 1, 12, 25, 36, 40 and 47 are independent claims and
`
`the remaining claims are dependent claims.
`
`In this Amendment, claims 1, 12, 25, 36,
`
`40 and 47 have been amended and claims 57-59 have been cancelled. Applicants
`
`believe that the claims as presented are in condition for allowance. A notice to this
`
`affect is respectfully requested.
`
`Applicants would like to thank the Examiner for the interview held on October 1,
`
`2007, to discuss distinctions between the pending claims and cited prior art; namely, the
`
`distinctions between claims 57-59 and the Manganaris reference (U.S. Patent
`
`Application No. 20020082886). Per the Examiner’s Interview Summary, independent
`
`claims 1, 25 and 40 have been amended to include the limitations from now canceled
`
`claims 57, 58 and 59, respectively.
`
`In the same vein, since independent claims 12, 36
`
`and 47 parallel independent claims 1, 25 and 40, the limitations from claims 57-59 have
`
`also been amended to these independent claims.
`
`Applicant(s) hereby petition(s) for any extension of time which is required to
`
`maintain the pendency of this case.
`
`If there is a fee occasioned by this response,
`
`including an extension fee, that is not covered by an enclosed check, please charge any
`
`deficiency to Deposit Account No. 50-3735.
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.14
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.14
`
`
`
`US. Application No.: 10/172,305
`
`Attorney Docket No.: ClSO3-20(0000)
`
`-14-
`
`If the enclosed papers or fees are considered incomplete, the Patent Office is
`
`respectfully requested to contact the undersigned collect at (508) 616-9660, in
`
`Westborough, Massachusetts.
`
`Respectfully submitted,
`
`/JCS/
`
`Jonathan C. Siekmann, Esq.
`Attorney for Applicant
`Registration No.: 58,259
`Chapin Intellectual Property Law, LLC
`Westborough Office Park
`1700 West Park Drive
`
`Westborough, Massachusetts 01581
`Telephone: (508) 616-9660
`Facsimile:
`(508) 616-9661
`
`Attorney Docket No.: ClSO3-20(0000)
`
`Dated: October 18, 2007
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.15
`
`Patent Owner Finjan, Inc. - Ex. 2002, p.15
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
