DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Applicant's amendments filed on 04/17/2026 has been received and entered. Currently Claims 1-2 and 4-14 are pending.
Response to Arguments
Applicant argues on page 2 of applicant’s remarks that the limitation “wherein the central containment component does not initiate any incoming connection into the company network” cited in the claims is clear.
The examiner respectfully disagrees. In applicant’s remarks the applicant notes that the central component does not initiate any incoming connection into the company network by design. However, the claim limitation as recited is unclear if the central containment component is designed/configured to “not initiate any incoming connection…” or if some other entity is inhibiting/blocking connections from the central containment component thereby resulting in “not initiate any incoming connection…”. Applicant also states in applicant’s remarks that “The edge containment component, for example, running inside the company network, periodically polls this messaging queue by creating an outgoing connection from the company network to the central containment component in the public cloud.”. This only explains that the edge containment component polls data. This does not explain how the central containment component does not initiate any incoming connection into the company network (e.g. all connections into the company network). In other words, how is the central containment component prevented from initiating any/all connections to the company network? Is the central containment component designed/configured to prohibit outgoing connections to the company network? Or is some other entity inhibiting/blocking connections from the central containment component? Or is something else occurring here in order for “the central containment component does not initiate any incoming connection into the company network”.
Applicant argues on pages 3-5 of applicant’s remarks that in the claimed invention, the piggyback is used to improve security and there is no reason for the person skilled in the art to consider Chou '908, with the claimed invention herein.
The examiner notes that although applicant recognizes that using piggybacking techniques improves security, this is not the only advantage to using piggybacking.
In response to applicant's argument that Chou ‘908 is nonanalogous art, it has been held that a prior art reference must either be in the field of the inventor’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the inventor was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). In this case, Applicant’s invention is directed to polling data and receiving the data via piggybacking. Chou ‘908 is also directed to requesting data and receiving the requested data via piggybacking. Therefore, Chou ‘908 is analogous art.
In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning. But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971).
In response to applicant's argument that the examiner has combined an excessive number of references, reliance on a large number of references in a rejection does not, without more, weigh against the obviousness of the claimed invention. See In re Gorman, 933 F.2d 982, 18 USPQ2d 1885 (Fed. Cir. 1991).
In response to applicant's argument that Owen ‘407 is nonanalogous art, it has been held that a prior art reference must either be in the field of the inventor’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the inventor was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). In this case, Applicant’s invention is additional directed to preventing/inhibiting (e.g. does not initiate) any incoming connection into a company network. Owen ‘407 is also directed to configuring to deny all incoming connections into an enterprise. Therefore, Owen ‘407 is analogous art.
Applicant argues on pages 5-6 of applicant’s remarks that the architecture in Owen '407 is completely different from the architecture of the claimed invention.
The examiner notes that the examiner is not implementing the whole architecture of Owen '407 into the primary reference Lin ‘622. Rather the examiner is modifying the primary reference Lin to implement a feature/teaching of Owen of denying incoming connections into an enterprise in order to protect the enterprise network of Lin from outside entities by blocking/denying all incoming connections.
In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the Owen ‘407 reference with Lin in view of Maheve and Chou, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). In this case, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin in view of Maheve and Chou of an appliance, in the customer site, polling remediation actions and receiving the remediation actions via piggybacking on the polling request with the teachings of Owen to include denying all incoming connections to an enterprise in order to protect the enterprise network (e.g. customer site) from outside entities by blocking/denying all incoming connections.
Applicant argues on page 7 of applicant’s remarks that none of the references cited alone or in combination, disclose or suggest such limitations as previously presented.
The examiner respectfully disagrees and refers the applicant to the below 103 rejections of the claims.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-2 and 4-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As per claims 1, 10 and 14, the claims recite “wherein the central containment component does not initiate any incoming connection into the company network”. It is unclear on what this limitation entails and means. How does the central containment component not initiate any incoming connection into the company network? Is the central containment component prevented from initiating any/all connections? Is the central containment component prevented from initiating any/all connections just to a particular company network? Is the “preventing” on the company network side? For example, the company network blocks all incoming connections from outside the company network?
Dependent claims 2, 4-9 and 11-13 do not further clarify the issues therefore they are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 and 7-14 are rejected under 35 U.S.C. 103 as being unpatentable over Lin et al. US 2019/0068622 (hereinafter Lin), in view of Maheve et al. US 2022/0272117 (hereinafter Maheve), Chou US 2018/0323908, and Owen et al. US 2007/0294407 (hereinafter Owen).
As per claim 1, Lin teaches a method for automatically sending containment instructions from a central containment component contained in a public cloud to an endpoint contained inside a company network; the method comprising: via the central containment component, elaborating and placing a secured containment instruction inside a messaging queue of the central containment component (Lin paragraph [0034], [0090]-[0091], [0098], cloud based manager (CBM) placing remediation actions such as quarantines to a queue),
via an edge containment component, running inside the company network, periodically polling a messaging queue service by creating an outgoing connection from the company network to the central containment component in the public cloud as an outgoing polling connection (Lin paragraph [0034], [0090], [0189], [0193], appliance, in the customer site, polls remediation actions from CBM),
when the edge containment component detects the secured containment instruction, retrieving the secured containment instruction, decoding the secured containment instruction and sending the secured containment instruction to the endpoint inside the company network, via the edge containment component (Lin paragraph [0034], [0038], [0045], [0053], [0090], [0118]-[0119], Appliance and CBM communicate using secured API connection. Appliance and network manager communicates using API. Appliance sends remediation actions to network manager.),
wherein the retrieving the secured containment instruction by the edge containment component is performed as a part of the outgoing connection on the outgoing polling connection between two different networks (Lin paragraph [0034], [0090], [0189], [0193], appliance polls remediation actions from CBM).
Lin does not explicitly disclose where a malicious activity has been detected.
Maheve teaches where a malicious activity has been detected (Maheve paragraph [0068], [00710], [0074], malicious activity detected).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin of reporting alarms to a cloud manager and obtaining remediation actions with the teachings of Maheve to include reporting malicious activity to a cloud manager in order to alert the cloud management system of malicious activity in the network and to receive remediation actions.
Lin in view of Maheve does not explicitly disclose receiving data through a specialized design of piggybacking on outgoing connection by using a response to an outgoing channel without a separate channel for data retrieval.
Chou teaches receiving data through a specialized design of piggybacking on outgoing connection by using a response to an outgoing channel without a separate channel for data retrieval (Chou paragraph [0030], receiving requested data via piggybacking on the response to the request).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin in view of Maheve of polling remediation actions with the teachings of Chou to include receiving requested data via piggybacking on the response to the request in order to receive the remediation action via piggybacking on the response message which reduces the number of packets communicated between the appliance and CBM which reduces the communication time between the devices and reduces the resource consumption of the devices.
Lin teaches an appliance in the company network polling for remediation actions from a cloud based manager (CBM). Chou teaches receiving requested data via piggybacking on the response to a request. Therefore, the combination of Lin in view of Chou teaches retrieving remediation actions from the CBM via piggybacking on an outgoing polling channel without a separate channel for data retrieval.
Lin in view of Maheve and Chou does not explicitly disclose wherein external entity does not initiate any incoming connection into a company network.
Owen teaches wherein external entity does not initiate any incoming connection into a company network (Owen paragraph [0023], deny all incoming connections to the enterprise).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin in view of Maheve and Chou of an appliance, in the customer site, polling remediation actions and receiving the remediation actions via piggybacking on the polling request with the teachings of Owen to include denying all incoming connections to an enterprise in order to protect the enterprise network (e.g. customer site) from outside entities by blocking/denying all incoming connections.
As per claim 2, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the secured containment instruction comprises coding the secured containment instruction to be understood only by the edge containment component (Lin paragraph [0034], [0038], [0045], [0053], [0090], [0118]-[0119], Appliance and CBM communicate using secured API connection. Appliance and network manager communicates using API.).
As per claim 7, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the edge containment component uses an in-built API interface to execute the secured containment instruction on the endpoint (Lin paragraph [0034], [0038], [0053], [0090], Appliance and network manager communicate via API connection. Appliance sends remediation actions to network manager.).
As per claim 8, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the endpoint is a server, a device or a firewall (Lin paragraph [0034], [0090], network manager).
As per claim 9, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein the central containment component and the edge containment component operate asynchronously (Lin paragraph [0034], [0089]-[0090], [0189], appliance polls remediation actions and asynchronously posts remediation results back. Appliance performs processes such as polling remediations, forwarding alarms, etc. CBM performs processes such as notifying customers, etc.) (It is obvious to one of ordinary skill in the art that the appliance and the CBM runs/operates their own operations/processes asynchronously with respect to each other).
As per claim 13, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1, wherein said piggybacking comprises using the secured containment instruction in said response to the outgoing polling channel of said outgoing polling connection, without initiating the separate channel and without a need for said incoming connection from the central containment component into the company network (Lin paragraph [0034], [0090], [0189], [0193], appliance polls remediation actions from CBM. Lin paragraph [0034], [0038], [0045], [0053], [0090], [0118]-[0119], Appliance and CBM communicate using secured API connection. Appliance and network manager communicates using API. Appliance sends remediation actions to network manager.; Chou paragraph [0030], receiving requested data via piggybacking on the response to the request; Owen paragraph [0023], deny all incoming connections to the enterprise).
As per claims 10-12 and 14, the claims claim a system and a method essentially corresponding to the method claims 1 and 7-9 above, and they are rejected, at least for the same reasons.
Claims 4-6 are rejected under 35 U.S.C. 103 as being unpatentable over Lin in view of Maheve, Chou and Owen, and further in view of Narasimhan et al. US 2012/0179802 (hereinafter Narasimhan).
As per claim 4, Lin in view of Maheve, Chou and Owen teaches the method according to claim 1.
Lin in view of Maheve, Chou and Owen does not explicitly disclose wherein endpoint sends an acknowledgement of success or failure to edge containment component when instruction is applied.
Narasimhan teaches wherein endpoint sends an acknowledgement of success or failure to edge containment component when instruction is applied (Narasimhan paragraph [0077]-[0078], [0089], endpoint server sends acknowledgement of success or failure to agent).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Lin in view of Maheve, Chou and Owen of sending acknowledge notification to the cloud manager with the teachings of Narasimhan to include the endpoint sending acknowledgement of success or failure because the results would have been predictable and resulted in the endpoint generating and sending the acknowledgement notification.
As per claim 5, Lin in view of Maheve, Chou, Owen and Narasimhan teaches the method according to claim 4, wherein the edge containment component sends the acknowledgement to the central containment component by creating the outgoing connection and placing the acknowledgement in the messaging queue (Lin paragraph [0057], [0090], [0189], [0220], appliance sends remediation results back to CBM; Narasimhan paragraph [0042], [0077]-[0078], [0089], agent sends the acknowledgement to cloud server).
As per claim 6, Lin in view of Maheve, Chou, Owen and Narasimhan teaches the method according to claim 4, wherein the central containment component periodically polls the messaging queue service to detect any acknowledgement (Lin paragraph [0057], [0090], [0189], [0220], appliance sends remediation results back to CBM; Narasimhan paragraph [0042], [0077]-[0078], [0089]).
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY TSANG/ Primary Examiner, Art Unit 2495
Prosecution Insights