DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant's amendments filed on 12/22/2025 has been received and entered. Currently Claims 1-2 and 4-14 are pending.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/22/2025 has been entered.
Response to Arguments
Applicant’s arguments have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-2 and 4-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As per claims 1, 10 and 14, the claims recite “wherein the central containment component does not initiate any incoming connection into the company network”. It is unclear on what this limitation entails and means. How does the central containment component not initiate any incoming connection into the company network? Is the central containment component prevented from initiating any/all connections? Is the central containment component prevented from initiating any/all connections just to a particular company network? Is the “preventing” on the company network side? For example, the company network blocks all incoming connections from outside the company network?
Dependent claims 2, 4-9 and 11-13 do not further clarify the issues therefore they are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 and 7-14 are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. US 2019/0068622 (hereinafter Lin), in view of Maheve et al. US 2022/0272117 (hereinafter Maheve), Chou US 2018/0323908, and Owen et al. US 2007/0294407 (hereinafter Owen).
As per claim 1, Lin teaches a method for automatically sending containment instructions from a central containment component contained in a public cloud to an endpoint contained inside a company network; the method comprising: via the central containment component, elaborating and placing a secured containment instruction inside a messaging queue of the central containment component (Lin paragraph [0034], [0090]-[0091], [0098], cloud based manager (CBM) placing remediation actions such as quarantines to a queue),
via an edge containment component, running inside the company network, periodically polling a messaging queue service by creating an outgoing connection from the company network to the central containment component in the public cloud as an outgoing polling connection (Lin paragraph [0034], [0090], [0189], [0193], appliance, in the customer site, polls remediation actions from CBM),
when the edge containment component detects the secured containment instruction, retrieving the secured containment instruction, decoding the secured containment instruction and sending the secured containment instruction to the endpoint inside the company network, via the edge containment component (Lin paragraph [0034], [0038], [0045], [0053], [0090], [0118]-[0119], Appliance and CBM communicate using secured API connection. Appliance and network manager communicates using API. Appliance sends remediation actions to network manager.),
wherein the retrieving the secured containment instruction by the edge containment component is performed as a part of the outgoing connection on the outgoing polling connection between two different networks (Lin paragraph [0034], [0090], [0189], [0193], appliance polls remediation actions from CBM).
Lin does not explicitly disclose where a malicious activity has been detected.
Maheve teaches where a malicious activity has been detected (Maheve paragraph [0068], [00710], [0074], malicious activity detected).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin of reporting alarms to a cloud manager and obtaining remediation actions with the teachings of Maheve to include reporting malicious activity to a cloud manager in order to alert the cloud management system of malicious activity in the network and to receive remediation actions.
Lin in view of Maheve does not explicitly disclose receiving data through a specialized design of piggybacking on outgoing connection by using a response to an outgoing channel without a separate channel for data retrieval.
Chou teaches receiving data through a specialized design of piggybacking on outgoing connection by using a response to an outgoing channel without a separate channel for data retrieval (Chou paragraph [0030], receiving requested data via piggybacking on the response to the request).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin in view of Maheve of polling remediation actions with the teachings of Chou to include receiving requested data via piggybacking on the response to the request in order to receive the remediation action via piggybacking on the response message which reduces the number of packets communicated between the appliance and CBM which reduces the communication time between the devices and reduces the resource consumption of the devices.
Lin teaches an appliance in the company network polling for remediation actions from a cloud based manager (CBM). Chou teaches receiving requested data via piggybacking on the response to a request. Therefore, the combination of Lin in view of Chou teaches retrieving remediation actions from the CBM via piggybacking on an outgoing polling channel without a separate channel for data retrieval.
Lin in view of Maheve and Chou does not explicitly disclose wherein external entity does not initiate any incoming connection into a company network.
Owen teaches wherein external entity does not initiate any incoming connection into a company network (Owen paragraph [0023], deny all incoming connections to the enterprise).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin in view of Maheve and Chou of polling remediation actions and receiving the remediation actions via piggybacking on the polling request with the teachings of Owen to include denying all incoming connections to an enterprise in order to protect the enterprise network from outside entities by blocking/denying all incoming connections.
As per claim 2, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the secured containment instruction comprises coding the secured containment instruction to be understood only by the edge containment component (Lin paragraph [0034], [0038], [0045], [0053], [0090], [0118]-[0119], Appliance and CBM communicate using secured API connection. Appliance and network manager communicates using API.).
As per claim 7, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the edge containment component uses an in-built API interface to execute the secured containment instruction on the endpoint (Lin paragraph [0034], [0038], [0053], [0090], Appliance and network manager communicate via API connection. Appliance sends remediation actions to network manager.).
As per claim 8, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the endpoint is a server, a device or a firewall (Lin paragraph [0034], [0090], network manager).
As per claim 9, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the central containment component and the edge containment component operate asynchronously (Lin paragraph [0034], [0089]-[0090], [0189], appliance polls remediation actions and asynchronously posts remediation results back. Appliance performs processes such as polling remediations, forwarding alarms, etc. CBM performs processes such as notifying customers, etc.) (It is obvious to one of ordinary skill in the art that the appliance and the CBM runs/operates their own operations/processes asynchronously with respect to each other).
As per claim 13, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein said piggybacking comprises using the secured containment instruction in said response to the outgoing polling channel of said outgoing polling connection, without initiating the separate channel and without a need for said incoming connection from the central containment component into the company network (Lin paragraph [0034], [0090], [0189], [0193], appliance polls remediation actions from CBM. Lin paragraph [0034], [0038], [0045], [0053], [0090], [0118]-[0119], Appliance and CBM communicate using secured API connection. Appliance and network manager communicates using API. Appliance sends remediation actions to network manager.; Chou paragraph [0030], receiving requested data via piggybacking on the response to the request; Owen paragraph [0023], deny all incoming connections to the enterprise).
As per claims 10-12 and 14, the claims claim a system and a method essentially corresponding to the method claims 1 and 7-9 above, and they are rejected, at least for the same reasons.
Claims 4-6 are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Maheve, Chou and Owen, and further in view of Narasimhan et al. US 2012/0179802 (hereinafter Narasimhan).
As per claim 4, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1.
Lin in view of Maheve, Chou and Owen does not explicitly disclose wherein endpoint sends an acknowledgement of success or failure to edge containment component when instruction is applied.
Narasimhan teaches wherein endpoint sends an acknowledgement of success or failure to edge containment component when instruction is applied (Narasimhan paragraph [0077]-[0078], [0089], endpoint server sends acknowledgement of success or failure to agent).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin in view of Maheve, Chou and Owen of sending acknowledge notification to the cloud manager with the teachings of Narasimhan to include the endpoint sending acknowledgement of success or failure because the results would have been predictable and resulted in the endpoint generating and sending the acknowledgement notification.
As per claim 5, Lin in view of Maheve, Chou, Owen and Narasimhan teaches the method according to claim 4, wherein the edge containment component sends the acknowledgement to the central containment component by creating the outgoing connection and placing the acknowledgement in the messaging queue (Lin paragraph [0057], [0090], [0189], [0220], appliance sends remediation results back to CBM; Narasimhan paragraph [0042], [0077]-[0078], [0089], agent sends the acknowledgement to cloud server).
As per claim 6, Lin in view of Maheve, Chou, Owen and Narasimhan teaches the method according to claim 4, wherein the central containment component periodically polls the messaging queue service to detect any acknowledgement (Lin paragraph [0057], [0090], [0189], [0220], appliance sends remediation results back to CBM; Narasimhan paragraph [0042], [0077]-[0078], [0089]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY TSANG/ Primary Examiner, Art Unit 2495