Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Status of Claims
Claims 1-20 are subject to examination.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Amended Claims 1, 8, 15 discloses,
“intercepting a communication originating from an artificial intelligence tool to a client device; determining that the communication includes a first content addressed by a data loss prevention policy, where the first content is sensitive data generated by the artificial intelligence tool; creating an identifier for at least a first portion of the communication; storing the identifier for at least the first portion of the communication in a content tracking database; and analyzing a first second portion of second content on a network, from the client device, protected by the data loss prevention policy, subsequent to intercepting the communication, to determine whether the second portion of the second content includes at least partially the identifier for the at least the first portion of the communication, wherein the second content a modified version of the first content”
However, the specification does not implement combination of limitations, “intercepting a communication originating from an artificial intelligence tool to a client device; determining that the communication includes a first content addressed by a data loss prevention policy, where the first content is sensitive data generated by the artificial intelligence tool; creating an identifier for at least a first portion of the communication; storing the identifier for at least the first portion of the communication in a content tracking database; and analyzing a first second portion of second content on a network, from the client device, protected by the data loss prevention policy, subsequent to intercepting the communication, to determine whether the second portion of the second content includes at least partially the identifier for the at least the first portion of the communication, wherein the second content a modified version of the first content”.
As claimed, creating an identifier includes different combination of the portions of the communication, For example, a first portion and a fifth portion (portions of the communication), or a first portion and a last portion of the communication, etc, which is not supported by the specification.
Similarly, the specification does not implement, determine whether the second portion of the second content includes at least partially the identifier for the at least the first portion of the communication, which includes a first digit and a last digit or a first digit and a fifth digit / character of the identifier, i.e., different combination of the parts of the identifier.
The specification does not contain, second content a “modified version” of the first content.
Claims 2-7, 9-14, 16-20 depend upon claims 1, 8 and 15 and hence subject to the same rejections.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 7, 8, 14, 15, is/are rejected under 35 U.S.C. 103 as being unpatentable over NARAYANASWAMY, 20190268379 in view of Official Notice and Bjarnason et al., 20230164176.
Referring to claim(s) 1, 8, 15, NARAYANASWAMY substantially discloses a method comprising: A computing system comprising: a processor; and a memory storing instructions that, when executed by the processor, configures the computing system to: A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by at least one processor cause the at least one processor to: a method comprising: intercepting a communication originating from a source to a client device;
[0068] Cloud-based content sensitivity scanner 165 can perform the sensitivity classification in real-time when the documents are intercepted by the inspection service 155, while in transit to or from the cloud-based services 128A-Z. It can also perform the sensitivity classification when the documents are crawled or registered by the inspection service 155, while at rest in the cloud-based services 128A-Z. It encodes the results of the sensitivity classification in the sensitivity metadata, e.g., by assigning a “sensitive” or “non-sensitive” flag (or label) to a classification field of the sensitivity metadata. Results of sensitivity scanning can be stored 578 in a cloud-based metadata store 145. Additional details about the scanner 165 can be found in the incorporated materials.
determining that the communication includes a first content addressed by a data loss prevention policy, where the first content is sensitive data generated by the source
[0137] One implementation of the disclosed method further includes, in response to detecting a revision or copying of a downloaded document, reevaluating sensitivity of the revised or copied document, generating sensitivity metadata that labels the revised or copied document as sensitive, and updating the local metadata store with the sensitivity metadata generated for the revised or copied document. The disclosed method can further include, in response to detecting data egress events at the endpoint that would push data in the revised or copied document from the endpoint to uncontrolled locations, determining that the revised or copied document is sensitive based on looking up the sensitivity metadata for the revised or copied document in the local metadata store and without scanning the revised or copied document at the endpoint for sensitivity; and enforcing a data loss prevention policy at the endpoint based on the determination. In some cases, the disclosed method further includes embedding the sensitivity metadata.
creating an identifier for at least a first portion of the communication; storing the identifier for at least the first portion of the communication in a content tracking database; and analyzing a second portion of second content on a network, from the client device,
[0069] Some examples of the sensitivity metadata generated by the inspection service 155 and the cloud-based content sensitivity scanner 165 are unique document identifier, document integrity checksum such as MD5, document fingerprint such as Rabin fingerprint, document true file type such as portable document format (PDF), name of the cloud-based service on which a document is stored, sensitivity (or non-sensitivity) of the document, type of sensitivity such as PCI, PII, and ePHI, name and sensitivity (or non-sensitivity) of the source from which the document originated (e.g., a source cloud-based service, a source website, a source server, a source database, a source partition, a source user, a source user group, a source folder, a source device), inheritance information such as a PDF file created from an original word processing application, and log of activities performed on the document such as creation, revision, versioning, cloning, deletion, sharing, and transmission to or from the cloud-based service. Additional examples of the sensitivity metadata can be found in the incorporated materials.
protected by the data loss prevention policy to determine whether the second portion of the second content includes at least partially the identifier for at least the first portion of the communication, wherein the second content a modified version of the first content.
[0139] In other implementations, a combination of the endpoint traffic monitor and the file system monitor can interpret file system calls issued on common protocols used for transferring files like SMB, NFS, FTP, HTTP, and HTTPS. They can identify and store the origin from which a file has been written, such as a mounted drive (e.g., NFS, SMB) on the network, a mount point on the file system, or a domain name of a server. In one implementation, they can identify and store the original file type or format of a file as inheritance metadata. A child file, saved with a different file type or format than a parent file, inherits a subset of the parent file's metadata in the form of inheritance metadata. Put together, the origin can identify information a data source, a parent file, a user, or a user group. In yet other implementations, when a file or document is locally created on an endpoint, the decision to run a DLP scan on such a file can be conditional on the origin of the file and whether the origin is sensitive.
NARAYANASWAMY also discloses sensitive data such as identity information of the sender.
However, NARAYANASWAMY does not specifically mention about the software being artificial intelligence tool. However, one of ordinary skill in the art would readily know that use of the artificial intelligence tool is well-known in the art, rather novel and hence official notice is taken.
For example, CN 110620846 B discloses,
after obtaining the encryption processing result, can intercept all content or part of the content from the encryption processing result as the sender identification. As an example, MD5 can be used to encrypt the first time stamp to obtain a 32-bit character string, then intercepting the content of the middle 8-24 bit of the 32-bit character string as the sender identifier, 2nd last para, page 8
the first message identifier comprises a sender identifier, further comprises a message type identifier, message template identifier, intelligent message identifier, safety least one of the identifier and the combination condition. wherein the message type identification is used for indicating message type of message content, message template identification is used for indicating message content is message template generated based on message template or message content, intelligent message identification for indicating message content is generated by artificial intelligence; safety is used for safety the message, last para, page 8
the adopted encryption algorithm can be MD5, Base64 or hash algorithm and so on. Optionally, after obtaining the encryption processing result, it can intercept all content or part of the content from the encryption processing result as a message type identification. For example, the 16-bit character can be taken as the message template identifier, 2nd para, page 10
the message content is generated by artificial intelligence, such as generated by intelligent customer service, the message can be called intelligent message, and generating intelligent message identifier for the message content, last 4th para, page 10
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY to include the software being artificial intelligence tool and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the software (tool) for communicating information/message to another entity. The tool provided communication would enable generating and transferring information to a remote device for further processing to implement an action.
NARAYANASWAMY do not disclose, which Bjarnason discloses subsequent to intercepting the communication (analyzing subsequent to the interception, para 31).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the intercepting along with the analyzing. The intercepting would enable collection of data, which would be available so that analyzing of the data would be possible. The analyzing of the data would enable implementing the security for the communications.
Claim(s) 7, 14, is/are rejected under 35 U.S.C. 103 as being unpatentable over NARAYANASWAMY in view of Ylonen et al., 20130191631, Bjarnason and Official Notice.
Referring to claim(s) 7, 14, NARAYANASWAMY, Bjarnason do not disclose, which Ylonen discloses wherein the communication is an in-bound communication coming from an external software into the network protected by the data loss prevention policy. [0149]. For example, an external network through an interceptor. Regarding, artificial intelligence tool, it is rejected as in claim under Official Notice. See claim 1, For example, CN 110620846 B discloses,
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the in-bound communication. The in-bound communication would enable receiving data/information from a remote software. The data would be available for the DLP processing for security.
Claim(s) 2, 3, 4, 9, 10, 11, 16-18, is/are rejected under 35 U.S.C. 103 as being unpatentable over NARAYANASWAMY in view of Bailey et al., 8621237 2013, Bjarnason and Official Notice.
Referring to claim(s) 2, 9, 16, NARAYANASWAMY, Bjarnason do not disclose, which Bailey discloses wherein the second portion of content is a portion of code (
(32) Another remedial operation 36 involves the controller 54 intercepting and/or deleting the cryptographic key 34 from the source code 30. In the context of intercepting source code 30 at rest (e.g., a source file) with a discovered cryptographic key 34, the controller 54 may quarantine the source file until an authorized user has reviewed the source code 30 and approved the source code 30 for further processing. In the context of intercepting source code 30 with a discovered cryptographic key 34 en route between end points (e.g., an email message or other electronic communication), the controller 54 may block further transmission of the source code 30 and buffer the source code 30 within the source code storage 56 (FIG. 2) until the authorized user has addressed the discovery. col., 6, lines 12-26,
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the code for performing a task. The code would enable analyzing information by the provided software for handling the code for further use when it is determined that the code is safe, col., 6, lines 12-26.
Referring to claim(s) 3, 10, 17, Bailey discloses wherein the analyzing the portion of the code occurs prior to checking the portion of the code into a source code database (
(32) Another remedial operation 36 involves the controller 54 intercepting and/or deleting the cryptographic key 34 from the source code 30. In the context of intercepting source code 30 at rest (e.g., a source file) with a discovered cryptographic key 34, the controller 54 may quarantine the source file until an authorized user has reviewed the source code 30 and approved the source code 30 for further processing. In the context of intercepting source code 30 with a discovered cryptographic key 34 en route between end points (e.g., an email message or other electronic communication), the controller 54 may block further transmission of the source code 30 and buffer the source code 30 within the source code storage 56 (FIG. 2) until the authorized user has addressed the discovery. col., 6, lines 12-26
(23) the controller 54 may store the source code 30 in one or more files (i.e., source code 30 at rest) within a file system. the controller 54 may store the source code 30 as one or more temporarily buffered electronic communications (i.e., source code 30 en route between end point devices). As yet another example, if the electronic device 22 is a software development system and if the source code storage 56 includes a database, the controller 54 may store the source code 30 as one or more entries in a source code repository. Col., 4, lines 60-67.
Referring to claim(s) 4, 11, 18, Bailey discloses when it is determined that the portion of code includes at least the first portion of the communication, preventing the first portion of code from being checked into the source code database
(32) Another remedial operation 36 involves the controller 54 intercepting and/or deleting the cryptographic key 34 from the source code 30. In the context of intercepting source code 30 at rest (e.g., a source file) with a discovered cryptographic key 34, the controller 54 may quarantine the source file until an authorized user has reviewed the source code 30 and approved the source code 30 for further processing. In the context of intercepting source code 30 with a discovered cryptographic key 34 en route between end points (e.g., an email message or other electronic communication), the controller 54 may block further transmission of the source code 30 and buffer the source code 30 within the source code storage 56 (FIG. 2) until the authorized user has addressed the discovery. col., 6, lines 12-26,
Claim(s) 5, 12, 19, is/are rejected under 35 U.S.C. 103 as being unpatentable over NARAYANASWAMY in view of BRANDER et al., 20150350895, Bjarnason and Official Notice.
Referring to claim(s) 5, 12, 19, NARAYANASWAMY, Bjarnason do not disclose, which Brander discloses wherein the identifier for the at least the first portion of the communication is a first hash value derived from at least the first portion of the communication, deriving a second hash value for the second portion of the second content;
comparing the first hash value and the second hash value; determining that the second portion of the second content includes at least partially the portion of the communication when the first hash value substantially matches the second hash value (
decrypting an incoming message comprises: receiving the incoming message; parsing the incoming message to obtain a signed hash portion, random keying material and an encrypted message portion; hashing the random keying material and the encrypted message portion to create a local hash; decrypting the signed hash portion with the first public signing key to obtain a sent hash; comparing the sent hash with the local hash; responsive to determining that the sent hash and the local hash match, deriving a message key from the first public encryption key, the second private encryption key and the random keying material; and decrypting the incoming message using the message key, claim 8.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing comparing of derived hash values. In responsive to determining that the first hash and the second hash matches, deriving a message key from the first public encryption key, the second private encryption key and the random keying material; and decrypting the incoming message using the message key, claim 8.
Claim(s) 6, 13, 20, is/are rejected under 35 U.S.C. 103 as being unpatentable over NARAYANASWAMY in view of Brander, Official Notice, Bjarnason, Miles et al., 11734411 and Zachary, 20190385269.
Referring to claim(s) 6, 13, 20, Brander discloses wherein the identifier for the at least the first portion of the communication is a first unit derived from at least the first portion of the communication, the analyzing the first portion of the content comprises: deriving a second unit for the second portion of the second content; comparing the first unit and the second unit; determining that the second portion of the second content includes at least partially the portion of the first communication upon condition (
decrypting an incoming message comprises: receiving the incoming message; parsing the incoming message to obtain a signed hash portion, random keying material and an encrypted message portion; hashing the random keying material and the encrypted message portion to create a local hash; decrypting the signed hash portion with the first public signing key to obtain a sent hash; comparing the sent hash with the local hash; responsive to determining that the sent hash and the local hash match, deriving a message key from the first public encryption key, the second private encryption key and the random keying material; and decrypting the incoming message using the message key, claim 8.
NARAYANASWAMY, Bjarnason and Brander do not disclose, which Miles discloses first and second unit, when a similarity score between the first unit and the second unit is above a threshold (
(56) The server system may perform verification of the confirmation data by generating a hash value related to one or more portions of the records (of the second set of records) and a reference value related to the confirmation data, and then compare the hash value and the reference value to determine a similarity score. In one use case, the similarity score may be a binary score of TRUE (e.g., the hash value and the reference value are identical) or FALSE (e.g., the hash value and the reference value are not identical). A similarity score of TRUE may indicate a match between the relevant set of records at the server system and the modified record instances generated by the user device, thereby indicating that the confirmation data is valid. A similarity score of FALSE may indicate that a lack of a match between the relevant set of records at the server system and the modified record instances generated by the user device, thereby indicating that the confirmation data is invalid. Col., 17, lines 19-29.
performing verification of the authentication data using a hash-based value derived from hashing of a combination of inputs comprising a first account identifier and account resource amount of the first record stored in the first memory area and a second account identifier and account resource amount of the second record stored in the first memory area; and in response to (i) the user-application-generated request comprising the one or more commands and (ii) the verification indicating a match between the authentication data and the hash-based value derived from the hashing of the combination of inputs, claim 3.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the similarity score. A similarity score of false would indicate that a lack of a match between the relevant entities and the modified record instances generated by the user device, thereby indicating that the confirmation data is invalid, claim 3.
NARAYANASWAMY, Miles, Bjarnason and Brander do not disclose, which Zachary discloses first and second embedding (
[0081] This transaction on the blockchain includes the embedded hash(es) (or information from which the embedded hash(es) can be derived) and, therefore, the transaction on the blockchain can be used to validate or verify the authenticity of the data through comparing the embedded hash(es) with the hash(es) of the transaction (i.e., the hash(es) stored on the blockchain). In this way, at least in some embodiments, the embedded hash(es) of the data can be used to cross-reference and validate the data that are recorded on the blockchain.
[0089] This event-specific transaction on the blockchain includes the embedded hash(es) (or information from which the embedded hash(es) can be derived) and the event-specific data that was received from the vehicle (along with a timestamp, for example). Therefore, the transaction on the blockchain can be used to validate or verify the authenticity of the data through comparing the embedded hash(es) with the hash(es) of the event-specific transaction (i.e., the hash(es) stored on the blockchain).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing embedding data/information. The embedded of the message/transaction/units would enable storing the information/message. The stored data/information would be available or later use for the processing an action, para 89.
Response to Arguments
Remarks/Arguments filed 1/20/26, page 8-19, have been fully considered but they are not persuasive. Therefore, rejection of claims 1-20 is maintained.
Regarding the remarks for the amended claims, the rejections are updated accordingly. Please refer to the updated rejections for the amended limitations (with new prior art).
Regarding the remarks,
However, the claims do not require "any combination" of portions, nor do they
require arbitrary positional permutations. The examiner respectfully disagrees. The broadest interpretation of the claims indeed requires to consider each and every combination of portions of the claimed subject matter.
Regarding the remarks,
Written description does not require disclosure of every conceivable permutation or
segmentation strategy. Rather, the inquiry is whether the Specification reasonably
conveys to a person of ordinary skill in the art that the inventors had possession of the
claimed invention. Ariad Pharm., Inc. V. Eli Lilly & Co., 598 F.3d 1336, 1351 (Fed. Cir.
2010). The examiner respectfully disagrees. It is not about permutation or
segmentation strategy. The rejection is about, The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
Regarding the remarks,
B. Use of "First" and "Second" Does Not Introduce New Matter
1. "First" and "Second" Merely Distinguish Different Instances
However, the rejection is not about use of the "First" and "Second".
Regarding the remarks,
C. Identifiers of Different Instances Are Central to the Disclosed Invention
The Examiner's position overlooks that the core inventive concept of the
Specification is tracking reuse, modification, and propagation of AT-generated content.
The Specification explicitly teaches:
generating identifiers (hashes or embeddings) from AI-generated content
[0064]-[0067];
storing those identifiers for later use [0070];
analyzing later content to determine whether it includes the earlier content,
including where the later content has been modified [0075];
and enforcing DLP policies when similarity or partial inclusion is detected
[0076], [0082].
For example, the Specification describes a scenario in which:
AI-generated code is received,
a user modifies or incorporates that code into a larger project, and
the modified code is later analyzed and blocked from check-in when
sufficient similarity is detected [0075], [0081]-[0082].
However, what is claimed is, which is subject to Broadest reasonable interpretation:
“intercepting a communication originating from an artificial intelligence tool to a client device; determining that the communication includes a first content addressed by a data loss prevention policy, where the first content is sensitive data generated by the artificial intelligence tool; creating an identifier for at least a first portion of the communication; storing the identifier for at least the first portion of the communication in a content tracking database; and analyzing a first second portion of second content on a network, from the client device, protected by the data loss prevention policy, subsequent to intercepting the communication, to determine whether the second portion of the second content includes at least partially the identifier for the at least the first portion of the communication, wherein the second content a modified version of the first content”
As claimed, creating an identifier includes different combination of the portions of the communication, For example, a first portion and a fifth portion (portions of the communication), or a first portion and a last portion of the communication, etc, which is not supported by the specification.
Similarly, the specification does not implement, determine whether the second portion of the second content includes at least partially the identifier for the at least the first portion of the communication, which includes a first digit and a last digit or a first digit and a fifth digit / character of the identifier, i.e., different combination of the parts of the identifier.
The specification does not contain, second content a “modified version” of the first content.
Regarding the remarks,
D. "At Least a Portion" and "At Least Partially" Are Explicitly Supported
The Examiner appears to equate "at least a portion" and "at least partially" with
an obligation to disclose every possible segmentation scheme. The Specification directly
contradicts that premise.
The Specification states that:
identifiers can be created for portions of content, including chunks, phrases,
or segments [0064];
embeddings and hashes are specifically designed to detect partial inclusion
and modified versions of content [0066]-[0068], [0075];
embeddings allow detection even where content has been altered to avoid
exact matching [0075].
As such, the Specification expressly supports partial matching and modified
content detection-the exact concepts recited in the claims.
However, the above remarks fall short for what is claimed.
What is claimed is, which is subject to Broadest reasonable interpretation:
“intercepting a communication originating from an artificial intelligence tool to a client device; determining that the communication includes a first content addressed by a data loss prevention policy, where the first content is sensitive data generated by the artificial intelligence tool; creating an identifier for at least a first portion of the communication; storing the identifier for at least the first portion of the communication in a content tracking database; and analyzing a first second portion of second content on a network, from the client device, protected by the data loss prevention policy, subsequent to intercepting the communication, to determine whether the second portion of the second content includes at least partially the identifier for the at least the first portion of the communication, wherein the second content a modified version of the first content”
As claimed, creating an identifier includes different combination of the portions of the communication, For example, a first portion and a fifth portion (portions of the communication), or a first portion and a last portion of the communication, etc, which is not supported by the specification.
Similarly, the specification does not implement, determine whether the second portion of the second content includes at least partially the identifier for the at least the first portion of the communication, which includes a first digit and a last digit or a first digit and a fifth digit / character of the identifier, i.e., different combination of the parts of the identifier.
Regarding the remarks for the evidence for official notice, the prior office action contained, teachings of CN 110620846 B for it.
Regarding the remarks for the amended limitations:
PNG
media_image1.png
494
780
media_image1.png
Greyscale
The above amendment is made over the rejections of prior office action.
One of ordinary skilled in the art would readily know that the intercepting would happen before analyzing. Addition of such obvious / well-known and expected in the art would not make the claimed subject matter novel.
NARAYANASWAMY substantially discloses a method comprising: A computing system comprising: a processor; and a memory storing instructions that, when executed by the processor, configures the computing system to: A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by at least one processor cause the at least one processor to: a method comprising: intercepting a communication originating from a source to a client device;
[0068] Cloud-based content sensitivity scanner 165 can perform the sensitivity classification in real-time when the documents are intercepted by the inspection service 155, while in transit to or from the cloud-based services 128A-Z. It can also perform the sensitivity classification when the documents are crawled or registered by the inspection service 155, while at rest in the cloud-based services 128A-Z. It encodes the results of the sensitivity classification in the sensitivity metadata, e.g., by assigning a “sensitive” or “non-sensitive” flag (or label) to a classification field of the sensitivity metadata. Results of sensitivity scanning can be stored 578 in a cloud-based metadata store 145. Additional details about the scanner 165 can be found in the incorporated materials.
determining that the communication includes a first content addressed by a data loss prevention policy, where the first content is sensitive data generated by the source
[0137] One implementation of the disclosed method further includes, in response to detecting a revision or copying of a downloaded document, reevaluating sensitivity of the revised or copied document, generating sensitivity metadata that labels the revised or copied document as sensitive, and updating the local metadata store with the sensitivity metadata generated for the revised or copied document. The disclosed method can further include, in response to detecting data egress events at the endpoint that would push data in the revised or copied document from the endpoint to uncontrolled locations, determining that the revised or copied document is sensitive based on looking up the sensitivity metadata for the revised or copied document in the local metadata store and without scanning the revised or copied document at the endpoint for sensitivity; and enforcing a data loss prevention policy at the endpoint based on the determination. In some cases, the disclosed method further includes embedding the sensitivity metadata.
creating an identifier for at least a first portion of the communication; storing the identifier for at least the first portion of the communication in a content tracking database; and analyzing a second portion of second content on a network, from the client device,
[0069] Some examples of the sensitivity metadata generated by the inspection service 155 and the cloud-based content sensitivity scanner 165 are unique document identifier, document integrity checksum such as MD5, document fingerprint such as Rabin fingerprint, document true file type such as portable document format (PDF), name of the cloud-based service on which a document is stored, sensitivity (or non-sensitivity) of the document, type of sensitivity such as PCI, PII, and ePHI, name and sensitivity (or non-sensitivity) of the source from which the document originated (e.g., a source cloud-based service, a source website, a source server, a source database, a source partition, a source user, a source user group, a source folder, a source device), inheritance information such as a PDF file created from an original word processing application, and log of activities performed on the document such as creation, revision, versioning, cloning, deletion, sharing, and transmission to or from the cloud-based service. Additional examples of the sensitivity metadata can be found in the incorporated materials.
protected by the data loss prevention policy to determine whether the second portion of the second content includes at least partially the identifier for at least the first portion of the communication, wherein the second content a modified version of the first content.
[0139] In other implementations, a combination of the endpoint traffic monitor and the file system monitor can interpret file system calls issued on common protocols used for transferring files like SMB, NFS, FTP, HTTP, and HTTPS. They can identify and store the origin from which a file has been written, such as a mounted drive (e.g., NFS, SMB) on the network, a mount point on the file system, or a domain name of a server. In one implementation, they can identify and store the original file type or format of a file as inheritance metadata. A child file, saved with a different file type or format than a parent file, inherits a subset of the parent file's metadata in the form of inheritance metadata. Put together, the origin can identify information a data source, a parent file, a user, or a user group. In yet other implementations, when a file or document is locally created on an endpoint, the decision to run a DLP scan on such a file can be conditional on the origin of the file and whether the origin is sensitive.
NARAYANASWAMY also discloses sensitive data such as identity information of the sender.
However, NARAYANASWAMY does not specifically mention about the software being artificial intelligence tool. However, one of ordinary skill in the art would readily know that use of the artificial intelligence tool is well-known in the art, rather novel and hence official notice is taken.
For example, CN 110620846 B discloses,
after obtaining the encryption processing result, can intercept all content or part of the content from the encryption processing result as the sender identification. As an example, MD5 can be used to encrypt the first time stamp to obtain a 32-bit character string, then intercepting the content of the middle 8-24 bit of the 32-bit character string as the sender identifier, 2nd last para, page 8
the first message identifier comprises a sender identifier, further comprises a message type identifier, message template identifier, intelligent message identifier, safety least one of the identifier and the combination condition. wherein the message type identification is used for indicating message type of message content, message template identification is used for indicating message content is message template generated based on message template or message content, intelligent message identification for indicating message content is generated by artificial intelligence; safety is used for safety the message, last para, page 8
the adopted encryption algorithm can be MD5, Base64 or hash algorithm and so on. Optionally, after obtaining the encryption processing result, it can intercept all content or part of the content from the encryption processing result as a message type identification. For example, the 16-bit character can be taken as the message template identifier, 2nd para, page 10
the message content is generated by artificial intelligence, such as generated by intelligent customer service, the message can be called intelligent message, and generating intelligent message identifier for the message content, last 4th para, page 10
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY to include the software being artificial intelligence tool and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the software (tool) for communicating information/message to another entity. The tool provided communication would enable generating and transferring information to a remote device for further processing to implement an action.
NARAYANASWAMY do not disclose, which Bjarnason discloses subsequent to intercepting the communication (analyzing subsequent to the interception, para 31).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention disclosed by NARAYANASWAMY and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing the intercepting along with the analyzing. The intercepting would enable collection of data, which would be available so that analyzing of the data would be possible. The analyzing of the data would enable implementing the security for the communications.
Conclusion
Pertinent prior art:
Bjarnason et al., 20230164176
[0031] More specifically, at step 202, the mitigation device 102 receives a subset of structured data having a plurality of fields. For example, this subset may include a subset (snapshot) of the traffic flow records. In one embodiment, the mitigation device 102 may obtain data that is representative of particular network traffic transmitted over a network during a particular time interval which may be loaded, for example, from a Packet Capture (PCAP) file or some other type of log file. In another embodiment, packets flowing through the network may be intercepted and analyzed by the mitigation device 102 to detect whether or not one or more components of the protected network 100 are being attacked and/or protect the one or more protected components 108 from being overloaded. In some embodiments functionality of the mitigation device 102 may include selective interception of packets, selective modification of those intercepted packets and the subsequent release/reinsertion of the packets, modified or unmodified, and/or release of new packets, back into the general stream of network traffic. Table 1 shown below illustrates an exemplary snapshot that includes packet header information associated with ten different packets. While only ten packets are shown in Table 1, a subset can comprise any number of packets. For example, a subset can comprise from approximately 1000 packets to approximately 5000 packets. As computational systems become more powerful, it is conceivable that the mitigation device 102 can process a substantially higher number of packets without degrading the overall performance of the system.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HARESH N PATEL/Primary Examiner, Art Unit 2496