DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 10/15/2025 has been entered.
Response to Amendment
Applicant in the reply filed 10/15/2025 lists claim 23 has “Previously Presented”, while the claim amends “sends” to “send” in line 11.
Response to Arguments
Applicant's arguments, see pages 8-21, filed 10/15/2025, with respect to the rejection of claims 1-2, 4-6, 15-17, and 19-25 under 35 U.S.C. § 103 have been fully considered but they are not persuasive.
Applicant first attests that Mahaffey and Gupta do not disclose or render obvious the claimed subject matter.
The Examiner respectfully disagrees.
Applicant's arguments, on pages 8 through 10 fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. This is because Applicant first alleges that Mahaffey does not teach claim 1, duplicates the contents of amended claim 1, reproduces Figure 7 of Mahaffey with Applicant’s interpretation of the reference, and then asserts without evidence the conclusory statement, “The office action essentially concedes this point by acknowledging that "Mahaffey does not explicitly disclose wherein each endpoint agent is registered with a corresponding one of the realms of a plurality of realms, each realm including a realm definition comprising one or more of the group consisting of governing data collection policies, processing methods, and processing facilities as permissible destinations under data protection or privacy restrictions”. Applicant has not pointed out the particular deficiencies in the Final Rejection mailed 05/16/2025 with regard to the combination of the Mahaffey and Gupta references. In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Applicant next argues that “the cited sections of Gupta does not disclose or suggest ‘a computer based agent’ of the type set forth in claim 1”.
The Examiner respectfully disagrees.
The Examiner respectfully submits that the claimed “computer-based endpoint agent” in the amended claims, under the broadest reasonable interpretation, is clearly anticipated and/or rendered obvious by any disclosure of a computer program. In light of the originally filed disclosure, see page 15 (“The endpoint agent 214a corresponds to one of the endpoint agents 214a-214k in FIG. 2. In a typical implementation, the endpoint agent 214a may be implemented by virtue of a computer-based processor executing software at a corresponding one of the endpoint devices 102a-102k in system 100”, emphasis added), it is clear that the broadest reasonable interpretation of the claimed “computer-based endpoint agent” comprises noting more than, as the applicant describes, a computer program and/or software configured to perform the claimed functions. There is no particularly limiting structure recited in the claims to constrain the broadest reasonable interpretation of the claimed “agent”. Furthermore, the Gupta reference was relied upon to teach the registration limitation, and the realm definition limitation.
Applicant next argues on pages 12-14 that Gupta does not “reasonably disclose or suggest” endpoint agents per se, or endpoint agents per se being registered.
The Examiner respectfully disagrees.
As stated above, the claimed “agent” per se is clearly anticipated and/or rendered obvious by the disclosure of any program configured to perform the claimed functions under the broadest reasonable interpretation. Furthermore, in the Final Rejection mailed 05/16/2025, Gupta paragraph [0091] was relied upon to teach the limitation “wherein each endpoint agent is registered with a corresponding one of the realms of the plurality of realms” in combination with the Mahaffey reference.
Applicant specifically argues “the foregoing paragraph [0091] from Gupta does not disclose that the endpoint devices have endpoint agents that are in any way registered… as featured in claim 1. Gupta (in paragraph [0091] or elsewhere) does not mention or seem to suggest any registration process or that an agent in an endpoint device (which is not present in paragraph [0091] to begin with) might somehow come to be registered with one of a plurality of available realms in the Gupta network, as featured in claim 1” on page 13. Applicant’s repeated argument that “agents” or “registering” per se do not appear verbatim in the Gupta reference is unpersuasive.
The claimed “endpoint agent” (a computer program or software under the broadest reasonable interpretation) was disclosed by Mahaffey (see Mahaffey Fig. 6 and [0210-0212] as properly mapped to the endpoint agent in the Final Rejection mailed 05/16/2025, and left un-addressed by the Applicant in the reply filed 10/15/2025). The claimed “wherein each endpoint agent is registered with a corresponding one of the realms of the plurality of realms” was mapped to Gupta paragraph [0091], as Gupta teaches “The policies may be mapped to specific provisions of regulations or standards (e.g., FIG. 3), and the policies can be applicable to an endpoint or a collection of endpoints (i.e., an EPG). In some example embodiments, the network can determine applicable policies for traffic by determining a source EPG and destination EPG and retrieving the applicable policies based on the source EPG and destination EPG. In some example embodiments, the network can dynamically determine an EPG associated with traffic based on a state of a host and/or endpoint, process, or user corresponding to the traffic”. In the Gupta reference, EPGs stand for endpoint groups (“In various example embodiments, networks can employ dynamic policies based on the state of a host and/or endpoint, process, and/or user associated with a flow. Networks can initially associate traffic with a first endpoint group (EPG) and then reassign traffic to one or more second EPGs if a host and/or endpoint state, process state, or user state changes” Gupta [0017]). The broadest reasonable interpretation of “wherein each endpoint is registered with a corresponding one of the realms of the plurality of realms” is met by the Gupta reference by Gupta teaching the retrieval of the applicable policies for the endpoint devices by the network, evidenced by the broad definition of the realms. Applicant’s own originally filed disclosure discloses such a claimed “registration” as sending data to a registry in page 22 and Fig. 5C. Therefore, the Gupta reference teaching the network looking at endpoints to retrieve the applicable policies renders obvious the previously claimed “wherein each endpoint is registered with a corresponding one of the realms of the plurality of realms”.
Applicant then argues on pages 14-19 that “reasonably disclose or suggest” a realm per se, or a realm definition per se including governing data collection policies and identifying processing facilities that are permissible destination for transmitting collected telemetry data under data protection or privacy restrictions associated with the realm to which the corresponding endpoint agent is registered.
The Examiner respectfully disagrees.
As discussed above, Applicant’s argument that the prior art lacking per se recitations of the exact claim language is unpersuasive. From pages 14-19, the Applicant merely continues to reproduce sections of Gupta, assert that the reproduced section does not disclose quotations of exact per se claim language, followed by Applicant’s interpretation of the Gupta reference. Aside from asserting that Gupta does not contain per se verbatim claim language, the Applicant does not adequately describe how the claimed invention is different from the reference. The claimed “realm” is clearly anticipated and/or rendered obvious by disclosing any of partitioning, grouping, identifying a subsection of a network, or grouping of endpoints (endpoint groups disclosed by Gupta; and Applicant’s own disclosure at page 25 states that the disclosed techniques enable grouping of endpoints under “realms”). The claimed “realm definition” is clearly anticipated and/or rendered obvious by information, data, or configurations pertaining to policies, rules, regulations, compliance, and/or restrictions that are adhered to or practiced by devices in the “realm”.
Applicant then attests that claim 20 is allowable because Mahaffey allegedly does not disclose collecting and transmitting one or more screenshots.
The Examiner respectfully disagrees.
Mahaffey [0222] clearly discloses the notification modules 607 and 657 being configured to generate one or more user interface components, and such user interface components may be a graphical icon, color-coded image, or display automatically generated text descriptive of a SNC connection status. The Examiner respectfully submits that the claimed “screenshots” under the broadest reasonable interpretation, in light of the high level of generality recited in the original specification, is anticipated and/or rendered obvious by disclosure of image/graphical data collection/transmission, data activity tracking and/or logging, and/or metadata collection/transmission/association. Mahaffey explicitly disclosing a notification module generating one or more user interface components that may comprise graphical icons, and that the graphical icon may be a color-coded image or display automatically generated descriptive text, renders obvious the claim limitation at issue.
Applicant then attests that claim 21 is allowable because Mahaffey allegedly does not disclose alerts being made available to the human system administrator.
The Examiner respectfully disagrees.
In response to applicant's argument that the alert isn’t made available to a human, a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. If the prior art structure is capable of performing the intended use, then it meets the claim.
Priority
Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(d) as follows:
The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994).
The disclosure of the prior-filed application, provisional application 62/903,828, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for one or more claims of this application. In particular, the prior-filed application’s specification fails to provide adequate support for the content of newly claimed dependent claim 28, and therefore the effective filing date of dependent claim 28 is the domestic benefit date of PCT/US20/51739 (09/21/2020).
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they do not include the following reference sign(s) mentioned in the description: 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 26-28 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding Claim 26:
Claim 26 recites “an activity monitor configured to detect security and compliance violations”. Applicant has not pointed out where the new (or amended) claim is supported, nor does there appear to be written description regarding how the inventor intended to achieve the claimed activity monitor detecting security and compliance violations in the application as originally filed.
Dependent claims fall together accordingly.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-2, 4-6, 15-17 and 19-28 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "a corresponding one of the realms with which the computer-based endpoint agent is registered" in lines 17-18. There is insufficient antecedent basis for this limitation in the claim.
Claim 1 recites the limitation “processing facilities to comply with the data protection or privacy restrictions for a corresponding one of the realms with which the computer-based endpoint agent is registered” in lines 16-18. There is insufficient antecedent basis for the registration limitation in the claim.
Claim 1 recites the limitation “such that computer-based memory stores a unique identifier for each specific one of the endpoint devices in logical association with a unique identifier for the corresponding one of the realms”. The recited function does not follow from the structure recited in the claim, so it is unclear whether the function requires some other structure or is simply a result of operating the “device” in a certain manner. Thus, one of ordinary skill in the art would not be able to draw a clear boundary between what is and is not covered by the claim. See MPEP 2173.05(g) for more information.
The limitation “a plurality of user endpoint devices geographically distributed relative to one another such that at least one of the endpoint devices is subject to a first set of data protection or privacy restrictions associated with a first realm of the plurality of realms different from a second set of data protection or privacy restrictions for other endpoint devices associated with a second realm of the plurality of realms” in claim 1 is a relative term which renders the claim indefinite. The term “geographically distributed relative to one another” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. Neither the claims nor the originally filed disclosure provide for one of ordinary skill in the art to ascertain the minimum requirement to achieve “geographically distributed relative to one another”.
Claim 1 recites the limitation “such that at least one of the endpoint devices is subject to a first set of data protection or privacy restrictions associated with a first realm of the plurality of realms different from a second set of data protection or privacy restrictions for other endpoint devices associated with a second realm of the plurality of realms”. The recited function does not follow from the structure recited in the claim, so it is unclear whether the function requires some other structure or is simply a result of operating the “device” in a certain manner. Thus, one of ordinary skill in the art would not be able to draw a clear boundary between what is and is not covered by the claim. See MPEP 2173.05(g) for more information.
Claim 21 recites the limitation "the human system administrator" in line 2. There is insufficient antecedent basis for this limitation in the claim.
Claim 21 recites the limitation “wherein the alert made available on the computer network to the human system administrator is accompanied by one or more of the screenshots that were stored in the cloud storage device and associated with metadata from a triggering user activity”. The recited function does not follow from the structure recited in the claim, so it is unclear whether the function requires some other structure or is simply a result of operating the “device” in a certain manner. Thus, one of ordinary skill in the art would not be able to draw a clear boundary between what is and is not covered by the claim. See MPEP 2173.05(g) for more information.
Claim 27 recites the limitation “the method further comprising”. There is insufficient antecedent basis for this limitation in the claim, and also renders the claim indefinite as it refers to a computer network and a method of use in the same claim.
Dependent claims fall together accordingly.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-2, 4-6, 15-17 and 19-28 are rejected under 35 U.S.C. 103 as being unpatentable over Mahaffey et. al. (US Publication No. US 2015/0188949 A1) hereinafter Mahaffey in view of Gupta et. al. (US Publication No. US 2016/0359915 A1) hereinafter Gupta.
Regarding Claim 1:
Mahaffey discloses a computer network logically segmented into a plurality of realms (Mahaffey Fig. 1 computer network 100, [0036], Fig. 7, [0173-0175], and [0161-0163]), the network comprising: a plurality of user endpoint devices geographically distributed relative to one another (Mahaffey Fig. 7 mobile devices in network 776 are in geographically distributed locations, [0173-0175] may monitor device’s geographical context, [0161-0163] different locations and contexts described) such that at least one of the endpoint devices is subject to a first set of data protection or privacy restrictions associated with a first realm of the plurality of realms different from a second set of data protection or privacy restrictions than other endpoint devices associated with a second realm of the plurality of realms (Mahaffey Fig. 13, [0161-0163], [0173-0175] may monitor device’s geographical context, [0310]); a plurality of data processing facilities coupled to the user endpoint devices over a network (Mahaffey [0210-0212] account manager 662 may handle load balancing amongst servers (data processing facilities)), wherein the data processing facilities are in different geographical regions (Mahaffey [0212] “account manager 662 may transfer SNC functionalities to another server based on a geographical parameter associated with a user or computing device… If computing device 601 moves to a second geographical region, account manager 662 may transfer the connection to an account creation server located in the second geographical region”); and a computer-based endpoint agent in each of the endpoint devices (Mahaffey Fig. 6; [0210-0212]), wherein each endpoint agent is configured to: collect telemetry data relating to user activity at its associated endpoint device (Mahaffey [0213-0216] “System 600 may include malware identifier 666, which may inspect network traffic flowing to and from computing device 601. Malware identifier 666 may be configured to identify attempts to exploit vulnerabilities of computing device 601 and applications 604 which may be installed and running on computing device 601. Malware identifier 666 may monitor traffic and identify malicious files and/or activities based on a predetermined list of filenames. Malware identifier 666 may also identify malicious files and/or activities based on detected behaviors.”) and transmit the collected telemetry data to a selected one of the data processing facilities to comply with the data protection or privacy restrictions (Mahaffey Fig. 13, [0173-0175] geographical context used to determine if a policy exists regarding security or privacy, [0212] functionality is transferred to different servers based on geographical parameters, [0310-0318] contextual information (such as location) used to determine presence or absence of security/privacy policies).
Mahaffey does not explicitly disclose for a corresponding one of the realms with which the computer-based endpoint agent is registered, wherein each endpoint agent is registered with a corresponding one of the realms of the plurality of realms, such that computer-based memory stores a unique identifier for each specific one of the endpoint devices in logical association with a unique identifier for the corresponding one of the realms, wherein each realm has a realm definition that includes governing data collection policies, processing methods, and identifies processing facilities that are permissible destinations for transmitting the collected telemetry data under data protection or privacy restrictions associated with the realm to which the corresponding endpoint agent is registered.
Gupta teaches for a corresponding one of the realms with which the computer-based endpoint agent is registered, wherein each endpoint agent is registered with a corresponding one of the realms of the plurality of realms (Gupta [0051-0057] policies can be set based on endpoint group and compliance module provides for design/implementation/regulatory compliance to enforce the policies of the network; [0091] by looking at the endpoints the applicable policies can be retrieved), such that computer-based memory stores a unique identifier for each specific one of the endpoint devices in logical association with a unique identifier for the corresponding one of the realms (Gupta [0071] “The unique user identification requirement 344 dictates that each user who has access to protected electronic information has a unique identifier. In an example embodiment, the compliance module 212 can assign different users with a same identifier to a restricted EPG”), wherein each realm has a realm definition that includes governing data collection policies, processing methods, and identifies processing facilities that are permissible destinations for transmitting the collected telemetry data under data protection or privacy restrictions associated with the realm to which the corresponding endpoint agent is registered (Gupta [0051-0057] policy builder based on network topology, [0069-0070] and Fig. 2 compliance module stores and defines policies to ensure compliance and allow/deny access, [0091] enforce policies based on source and destination endpoint groups).
It would have been obvious to one having ordinary skill in the art at before the time the invention was effective filed to combine the network disclosed by Mahaffey with the realm definitions taught by Gupta.
The motivation for this combination would be in order to greater accomplish the goal of data privacy/protection adherence by enabling the defining of sectors of the network that may fall under various sets of regulations. Adherence to the correct policies is seen as important by Mahaffey in [0345] where contextual information is analyzed to determine security policy compliance.
Regarding Claim 2:
The combination of Mahaffey and Gupta further teaches the computer network of claim 1 (Mahaffey Fig. 1 computer network 100, [0036]), wherein each data processing facility is configured to: analyze the telemetry data to identify potential insider threats posed by the user activity associated with the telemetry data (Mahaffey [0213] “malware identifier 666 may be configured to identify attempts to exploit vulnerabilities of computing device 601 and applications 604 which may be installed and running on computing device 601. Malware identifier 666 may monitor traffic and identify malicious files and/or activities based on a predetermined list of filenames. Malware identifier 666 may also identify malicious files and/or activities based on detected behaviors”); and create an alert if any such insider threat is identified (Mahaffey [0377] in response an alert may be sent (“e.g., via email, to a security alerting console, to a SIEM system”) amongst other actions taken).
Regarding Claim 4:
The combination of Mahaffey and Gupta further teaches the computer network of claim 1 (Mahaffey Fig. 1 computer network 100, [0036]), further comprising an agent data store in each of the endpoint devices (Mahaffey [0314-0315] contextual information can be stored and retrieved from one or more data stores), wherein the agent data store contains data that identifies: one or more of the data processing facilities as being permissible destinations (Mahaffey [0391-399] routing policy can specify permissible routes), under applicable data protection or privacy restrictions (Mahaffey [0394-0396] routing policy can label traffic subject to policy implementations; map labels to routing policy, rule matching), for the telemetry data transmitted by the endpoint agent ([0310-0318] contextual information (such as location) used to determine presence or absence of security/privacy policies); and/or one or more routes through the network as being permissible routes (Mahaffey [0173-0175] geographical context used to determine if a policy exists regarding security or privacy, [0395-0398] different conditions influence the routes as being permissible or not), under applicable data protection or privacy restrictions (Mahaffey [0310-0318] contextual information (such as location) used to determine presence or absence of security/privacy policies), for the telemetry data transmitted by the endpoint agent to one of the permissible destination data processing facilities (Mahaffey [0212] proper server transferred to).
Regarding Claim 5:
The combination of Mahaffey and Gupta further teaches the computer network of claim 4 (Mahaffey Fig. 1 computer network 100, [0036]), wherein the endpoint agent in each endpoint device is configured to transmit the telemetry data to one of the identified permissible destination data processing facilities via one of the identified permissible routes though the network (Mahaffey [0395-0399] different conditions influence the routes as being permissible or not; routing policy may require certain routing actions and to satisfied before transmission).
Regarding Claim 6:
The combination of Mahaffey and Gupta further teaches the computer network of claim 5 (Mahaffey Fig. 1 computer network 100, [0036]), wherein the endpoint agents are configured to periodically receive updates regarding the permissible destination data processing facilities and/or the permissible routes through the network from a remote data store (Mahaffey [0399] routing actions and policies can change; [0203-0207] connection policies can be changed and updated; [0424] “changes may be applied to the routes, propagated or otherwise defined. And, as may be expected, routes may expire for a number of reasons, such as inactivity”).
Regarding Claim 15:
The combination of Mahaffey and Gupta further teaches the computer network of claim 1 (Mahaffey Fig. 1 computer network 100, [0036]), further comprising: computer-based memory storing a plurality of different realm definitions (Gupta [0051] policy builder based on network topology, [0069-0070] and Fig. 2 compliance module stores and defines policies to ensure compliance and allow/deny access), wherein each realm definition identifies one or more of the plurality of data processing facilities in the computer network as permissible destinations (Gupta [0040], [0070] which traffic is allowed or denied depending on endpoint state), under applicable data protection or privacy restrictions (Mahaffey Fig. 13, [0161-0163], [0310]), for telemetry data transmitted by an associated endpoint device (Mahaffey [0213-0216]) wherein each respective one of the endpoint devices is associated with a corresponding one of the realm definitions by virtue the endpoint device’s endpoint agent having registered with that realm definition (Gupta [0091] by looking at the endpoints the applicable policies can be retrieved).
Regarding Claim 16:
Mahaffey discloses the computer network of claim 15 (Mahaffey Fig. 1 computer network 100, [0036]) … under the applicable data protection or privacy restrictions (Mahaffey [0310-0318] contextual information (such as location) used to determine presence or absence of security/privacy policies).
Mahaffey does not disclose a computer network wherein each respective one of the plurality of realm definitions further identifies one or more permissible routes through the network, … for the telemetry data transmitted by any of the endpoint devices having endpoint agents associated with that realm definition.
Gupta teaches a network wherein each respective one of the plurality of realm definitions further identifies one or more permissible routes through the network (Gupta [0040] specific route through the network is allowed or denied), … for the telemetry data transmitted by any of the endpoint devices having endpoint agents associated with that realm definition (Gupta [0051-0053] permissible routes).
It would have been obvious to one having ordinary skill in the art at before the time the invention was effective filed to combine the network and awareness of privacy and security policies disclosed by Mahaffey with the endpoint agents and permissible routes as taught by Gupta.
The motivation for this combination would be to ensure that the collected telemetry data is not involved in network misconfigurations or vulnerabilities as discussed by Gupta [0053].
Regarding Claim 17:
Mahaffey discloses the computer network of claim 16 (Mahaffey Fig. 1 computer network 100, [0036]).
Mahaffey does not disclose wherein the transmission of the collected telemetry data by each respective endpoint agent is restricted to: being transmitted to a destination selected from one of the permissible destination data processing facilities identified in the realm definition associated with that endpoint agent, and being transmitted via a permissible one of the routes through the network identified in the realm definition associated with that endpoint agent.
Gupta teaches a network wherein the transmission of the collected telemetry data by each respective endpoint agent is restricted to: being transmitted to a destination selected from one of the permissible destination data processing facilities identified in the realm definition associated with that endpoint agent (Gupta [0050-0055] permissible routes and policy verification with conformance evaluation), and being transmitted via a permissible one of the routes through the network identified in the realm definition associated with that endpoint agent (Gupta [0050-0055]).
It would have been obvious to one having ordinary skill in the art at before the time the invention was effective filed to combine the network disclosed by Mahaffey with the restriction of telemetry data transmission to permissible routes as taught by Gupta.
The motivation for this combination would be to ensure compliance by only allowing the transmission of user telemetry data through locations that match the policy of the source, and to improve the potential efficiency of policies as a whole as discussed by Gupta [0054].
Regarding Claim 19:
The combination of Mahaffey and Gupta further teaches the computer network of claim 2 (Mahaffey Fig. 1 computer network 100, [0036]), wherein the alert is made available on the computer network to a human system administrator (Mahaffey [0078] IT admin is alerted with anomalous activity).
Regarding Claim 20:
The combination of Mahaffey and Gupta further teaches the computer network of claim 2 (Mahaffey Fig. 1 computer network 100, [0036]), wherein each respective one of the computer-based endpoint agents is configured to collect and transmit one or more screenshots from the corresponding endpoint device to a cloud storage device for storage (Mahaffey [0222-0223] notification modules can generate and provide user notifications including images).
Regarding Claim 21:
The combination of Mahaffey and Gupta further teaches the computer network of claim 20 (Mahaffey Fig. 1 computer network 100, [0036]), wherein the alert made available on the computer network to the human system administrator is accompanied by one or more of the screenshots that were stored in the cloud storage device (Mahaffey [0222-0223], [0377] logging alert and device traffic for analysis and storage) and associated with metadata from a triggering user activity (Mahaffey [0290-0292], [0377]).
Regarding Claim 22:
Mahaffey discloses the computer network of claim 1 (Mahaffey Fig. 1 computer network 100, [0036]).
Mahaffey does not disclose a computer network further comprising: a landlord service; an identify access management (IAM) service; a registry; an activity monitor; a cloud storage service; and a user interface at each respective one of the plurality of user endpoint devices.
Gupta teaches a computer network further comprising: a landlord service (Gupta [0069-0070] and Fig. 2 compliance module manages and defines policies and realms (end-point groups)); an identify access management (IAM) service (Gupta [0069] “The person or entity authentication requirement 356 assures that policies and procedures are in place to identify persons or entities seeking access to protected electronic information.”); a registry (Gupta [0069]); an activity monitor (Gupta [0084] network environment sensors 420 can capture data at a granular packet level); a cloud storage service (a cloud storage service;); and a user interface at each respective one of the plurality of user endpoint devices (Gupta Fig. 4, [0077] network environment employs interfaces, and [0096] any of the computing devices in the network can facilitate user interaction with a variety of interfaces).
It would have been obvious to one having ordinary skill in the art at before the time the invention was effective filed to combine the network disclosed by Mahaffey with the additional further elements taught by Gupta.
The motivation for this combination would be in order to better accomplish the goal of ensuring that the data in transmission is treating according the correct policy in various locations labelled as important by Mahaffey [0161-0163] and further accomplished with the additional elements incorporated by Gupta.
Regarding Claim 23:
Mahaffey discloses the computer network of claim 22 (Mahaffey Fig. 1 computer network 100, [0036]).
Mahaffey does not disclose a computer network wherein each of the user interfaces is configured to receive an administrator’s request to create a realm, and, in response to the administrator’s request, to send a UI request to the landlord service to create the realm, wherein the landlord service is configured to send a landlord request to the IAM service to create an agent realm role, in response to receiving the UI request, wherein the IAM service is configured to respond to the landlord request by creating an agent realm role, assigning an agent realm role principal identifier to the landlord service, and sending the agent realm role principal identifier to the landlord service, wherein the landlord service is configured to then sends a landlord-registry request to the registry to create a system configuration for the agent realm, and wherein the registry is configured to respond to the landlord-registry request by creating the system configuration for the agent realm and then sending a confirmation to the landlord service.
Gupta teaches a network wherein each of the user interfaces is configured to receive an administrator’s request to create a realm (Gupta Fig. 1 and [0020-0022] configuration manager 102 provisions and maintains the sensors within a network), and, in response to the administrator’s request, to send a UI request to the landlord service to create the realm (Gupta Fig. 1 and [0020-0022] configuration manager 102 handles creation), wherein the landlord service is configured to send a landlord request to the IAM service to create an agent realm role (Gupta Fig. 1 and [0020-0022] configuration manager 102 handles creation), in response to receiving the UI request, wherein the IAM service is configured to respond to the landlord request by creating an agent realm role (Gupta Fig. 1 and [0050-0051] traffic monitoring system can detect changes to topology and be configured by a network administrator (the agent realm role)), assigning an agent realm role principal identifier to the landlord service (Gupta Fig. 1 and [0021] configuration manager can assign individual identifiers), and sending the agent realm role principal identifier to the landlord service (Gupta Fig. 1 and [0021] configuration manager keeps identifiers stored and apply updates), wherein the landlord service is configured to then send a landlord-registry request to the registry to create a system configuration for the agent realm (Gupta Fig. 1 and [0020-0022] configuration manager 102 handles configuration and updates to settings), and wherein the registry is configured to respond to the landlord-registry request by creating the system configuration for the agent realm (Gupta Fig. 1 and [0020-0022] configuration manager 102 handles configuration and updates to settings) and then sending a confirmation to the landlord service (Gupta [0021] “configuration manager 102 may request for status updates and/or receive heartbeat messages, initiate performance tests, generate health checks, and perform other health monitoring tasks“).
It would have been obvious to one having ordinary skill in the art at before the time the invention was effective filed to combine the network disclosed by Mahaffey with the additional agent realm roles as taught by Gupta.
The motivation for this combination would be to ensure the efficiency and longevity of the entire system because the configuration manager taught by Gupta is more than capable of creating the realm’s sensors, performing updates, and health checks.
Regarding Claim 24:
The combination of Mahaffey and Gupta further discloses the computer network of claim 23 (Mahaffey Fig. 1 computer network 100, [0036]), wherein information relating to the system configuration created by the registry is stored in memory at a data processing facility accessible within the associated realm (Gupta [0029-0031]; [0036] data lake 130 stores a repository of attributes).
Regarding Claim 25:
The combination of Mahaffey and Gupta further discloses the computer network of claim 23 (Mahaffey Fig. 1 computer network 100, [0036]), wherein the UI request includes setup information comprising default data retention information, default routing information as well as agent configuration settings (Gupta Fig. 1 and [0020-0022] configuration manager 102 handles creation; [0048] web-front end and database defaults; [0040] routing information contained in policy attributes 138).
Regarding Claim 26:
The combination of Mahaffey and Gupta further discloses the computer network of claim 1 (Mahaffey Fig. 1 computer network 100, [0036]), wherein collecting the telemetry data that is related to the user activity comprises collecting metadata about the user activity (Mahaffey [0290-0292], [0377]), and wherein transmitting the collected telemetry data to a selected one of the data processing facilities comprises transmitting the metadata to an activity monitor configured to detect security and compliance violations (Mahaffey [0213-0216] “System 600 may include malware identifier 666, which may inspect network traffic flowing to and from computing device 601. Malware identifier 666 may be configured to identify attempts to exploit vulnerabilities of computing device 601 and applications 604 which may be installed and running on computing device 601. Malware identifier 666 may monitor traffic and identify malicious files and/or activities based on a predetermined list of filenames. Malware identifier 666 may also identify malicious files and/or activities based on detected behaviors.”; Fig. 13, [0173-0175] geographical context used to determine if a policy exists regarding security or privacy, [0212] functionality is transferred to different servers based on geographical parameters, [0310-0318] contextual information (such as location) used to determine presence or absence of security/privacy policies) .
Regarding Claim 27:
The combination of Mahaffey and Gupta further discloses the computer network of claim 26 (Mahaffey Fig. 1 computer network 100, [0036]), wherein each endpoint agent is configured to collect and transmit one or more screenshots of a triggering user activity to a cloud storage service (Mahaffey [0222-0223], [0377] logging alert and device traffic for analysis and storage), and wherein the metadata that is transmitted to the activity monitor is processed to determine whether the user activity represented by the metadata might pose a threat to an enterprise (Mahaffey [0213] “malware identifier 666 may be configured to identify attempts to exploit vulnerabilities of computing device 601 and applications 604 which may be installed and running on computing device 601. Malware identifier 666 may monitor traffic and identify malicious files and/or activities based on a predetermined list of filenames. Malware identifier 666 may also identify malicious files and/or activities based on detected behaviors”); the method further comprising: sending an alert to the system administrator, wherein the alert is accompanied by the one or more of the screenshots that were stored in the cloud storage and that are associated with the metadata from the triggering user activity (Mahaffey [0222-0223], [0377] logging alert and device traffic for analysis and storage).
Regarding Claim 28:
The combination of Mahaffey and Gupta further discloses the computer network of claim 26 (Mahaffey Fig. 1 computer network 100, [0036]), wherein each data processing facility is configured to: analyze the metadata to identify potential insider threats posed by the user activity associated with the telemetry data; and create the alert if any such insider threat is identified, wherein the insider threat is an exfiltration risk (Mahaffey [0213] “malware identifier 666 may be configured to identify attempts to exploit vulnerabilities of computing device 601 and applications 604 which may be installed and running on computing device 601. Malware identifier 666 may monitor traffic and identify malicious files and/or activities based on a predetermined list of filenames. Malware identifier 666 may also identify malicious files and/or activities based on detected behaviors”, [0377] in response an alert may be sent (“e.g., via email, to a security alerting console, to a SIEM system”) amongst other actions taken).
Conclusion
The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.L./ Examiner, Art Unit 2496 /JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496