DETAILED ACTION
This communication is responsive to the amendment filed on 10/02/2025.
Claims 1, 11 and 20 are independent claims.
Claims 4-5 and 14-15 were previously canceled.
Claims 1-3, 6-13, and 16-20 are pending in this application.
This Action has been made FINAL.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-3, 6-13, and 16-20 are rejected under 35 U.S.C. 101 because the claims are directed to an abstract idea; and because the claim(s) as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea.
As an initial matter, claims 1-4, 6-14, and 16-20 are directed to a method and an apparatus, and non-transitory medium for extraction and performing data transformation and label information based on the governance policies for transmission via network, which fall under the subject matter categories may be ineligible for patent protection if they encompass laws of nature, physical phenomena, and abstract ideas (judicially recognized exceptions).
Regarding claim 1, the claim recites the language of “A method comprising:
extracting, by a device executing a first portion of a distributed application, label information from sensor data by a sidecar proxy for the first portion of the distributed application, wherein the label information indicates a sensor as a source of the sensor data and one or more data governance policies applicable to the sensor data;
verifying, by the device, a signature in the label information to authenticate the sensor as the source of the sensor data;
enforcing, by the device and further based on the label information, at least one data governance policy by selectively passing the sensor data to the first portion of the distributed application or by selectively processing the sensor data by the first portion of the distributed application;
performing, by the device and based on enforcement of the at least one data governance policy, a first data, in the sidecar proxy, transformation of the distributed application on the sensor data using stored data, to form transformed data that is to be further processed by a remote device executing another portion of the distributed application;
forming, by the device and in the sidecar proxy, combined label information for the transformed data by appending the label information with additional label information associated with the stored data and adding an indication of the first data transformation; and
providing, by the device, the transformed data and the combined label information to the remote device to cause the remote device to further enforce, based on the combined label information, the at least one data governance policy in order to perform a second data transformation of the distributed application on the transformed data.”
A/ Analysis under Step 2A, Prong I:
In fact, the claim recites the acting steps of “extracting, …, label information…,” “verifying, …, a signature…”, “performing, …, a first data transformation…”, and “forming, …, combined label information…”, as drafted, are mental processes that, under its broadest reasonable interpretation, cover performance of the limitations in mind (e.g., an observation, evaluation, judgment, option, etc.) but for the recitation of generic computer’s component(s) (e.g., a device, a sensor via network having attachment of a sidecar proxy, which is an application design pattern which abstracts certain features). Therefore, the claim falls within the “Mental Processes” grouping of abstract ideas (see MEPE 2106.04 (a)(2), part III).
*** (Similar analysis are applied to independent claims 11 and 20, respectively)
B/ Analysis under Step 2A, Prong II:
The remaining limitations in claims 1, 11 and 20 do not integrate the judicial exception into a practical application. The additional elements of “a device”, “a sensor”, “a remote device”, and “a sidecar proxy” in claim 1, “a processor” in claim 11, and “a tangible, non-transitory, computer-readable medium” in claim 20, are general computing device/component(s), which are used as tools to perform the above indicated steps of “extracting”, “performing” and “forming” label information being the data transformation; such that it amounts no more than mere instructions to apply the exception using at least a generic computer component (see Mayo, 566 U.S. AT 84). Next, the additional acting steps of “enforcing” and “providing” are insignificant extra solution activities because these the limitations in the additional steps do not specify in details of “how” data/information processes/transforms. Therefore, it does not impose any meaningful limits on practicing the abstract idea (see MPEP 2106.05 (a)-(c), (e)-(h)).
C/ Analysis under Step 2B:
Independent claims 1, 11 and 20 do not include any additional elements, alone or in combination, that are not “well-understood, routine, conventional” (see MPEP 2106.05 (d)).
As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of “a device”, “a sensor” and “a remote device” in claim 1, “a processor” in claim 11, and “a tangible, non-transitory, computer-readable medium” in claim 20 for performing the above indicated limitations which amount to no more than mere instructions to apply the exception using a generic computer component as know by a skill artisan. Next, the additional steps of “enforcing” and “providing” represent insignificant extra solution activities. Thus, taken alone or in combination, these additional steps do not amount to significantly more than mere instructions to apply the exception using a generic computer, e.g., “a device”/ “a remote device” in transmitting the transformed data and the combined label information, that are “well-understood, routine, conventional activity” to a skilled artisan in the relevant technical field of gathering and transmitting data via network within “a sidecar proxy” (see Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362).
Dependent claims 2-3, 6-10, 12-13, 16-19 depend on independent claims 1, and 11 and include all the limitations of claims 1 and 11; and hence, claims 2-3, 6-10, 12-13, 16-19 recite the same as being the above abstract idea, respectively.
Dependent claim 2 recites the additional limitation of “wherein the one or more data governance policies control whether the device performs the first data transformation”, which is not integrated into a practical application and/or does not amount to significantly more because the additional step of “control…” is mere “apply it” (or an equivalent) (see Alice Corp. v. CLS Bank, 573 U.S. 208, 221, 110 USPQ2d 1976, 1982-83 (2014); Mayo Collaborative Servs. V. Prometheus Labs. Inc., 566 U.S. 66, 72, 101 USPQ2d 1961, 1965; and Alice Corp., 573 U.S. at 223, 110 USPQ2d at 1983) that does not amount to more than generally linking the use of a judicial exception to a particular technological environment or field of use. The additional element of “the device” is a generic computing component and is being only used as a tool in operating the data transformation based on data governance policies as known by a skill artisan.
Thus, the claim does not include additional limitations/elements that are sufficient to amount to significantly more than the judicial exception because the additional elements/limitations when considered both individually and as an ordered combination do not amount to significantly more.
Dependent claim 3 recites the additional limitation of “wherein the label information is cryptographically signed by the sensor to indicate that the sensor is the source of the sensor data”, which is not integrated into a practical application in specified process of the label information is cryptographically signed by sensor as the source of the sensor data because the claim language provides only further definition of the label information is cryptographically signed by the sensor to indicate that the sensor is the source of the sensor data, which does not amount to significantly more. Also, the “sensor” in the claim is used as tool in performing the cryptographic sign. Thus, the claim does not include additional limitations/elements that are sufficient to amount to significantly more than the judicial exception because the additional elements/limitations when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea (see MPEP 2106.05(a)-(h))
Dependent claim 6 recites the additional limitation of “cryptographically signing the combined label information”, which is not integrated into a practical application in how specified process of signing. Plus, the addition step of “signing” is broadly defined that it can be done mentally (see MPEP 2106.04(a)(2), part III). Thus, the claim does not include additional limitations/elements that are sufficient to amount to significantly more than the judicial exception because the additional elements/limitations when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.
Dependent claim 7 recites the additional limitation of “wherein the device performs the first data transformation in part based on the additional label information associated with the stored data”, which is not integrated into a practical application in specified details of how the first data transformation/the additional label information as associated with the stored data. The claim language seems to provide only further using the “device” as a tool in performing the data transformation and label information associated with the stored data, which does not amount to significantly more than abstract idea of gathering and transmitting the data/information via network as well-understood, routine, conventional, see Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362. Therefore, the claim does not include additional limitations/elements that are sufficient to amount to significantly more than the judicial exception because the additional elements/limitations when considered both individually and as an ordered combination do not amount to significantly more.
Dependent claim 8 recites the additional limitation of “wherein the additional label information indicates one or more data governance policies applicable to the stored data”, which is not integrated into a practical application because the additional limitation does not specify of how the additional label information processes as indicate the governance policies. The claim language provides only further field of use as the additional label information indicates the data governance policies being “applicable” to the stored data which may or may not occur; hence, it does not amount to significantly more.
Thus, the claim does not include additional limitations/elements that are sufficient to amount to significantly more than the judicial exception because the additional elements/limitations when considered both individually and as an ordered combination do not amount to significantly more.
Dependent claim 9 recites the additional limitation of “wherein the sensor is a camera”, which is not integrated into a practical application because the claim language seemly provides a definition of the sensor is a camera, which is being used as tool in the extraction and transmission data that are well-understood, routines, conventional.
Thus, the claim does not include additional limitations/elements that are sufficient to amount to significantly more than the judicial exception because the additional elements/limitations when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.
Dependent claim 10 recites the additional limitation of “configuring the sensor to generate the label information”, which is not integrated into a practical application because the claim language seemly provides of the sensor is used as tool to generating the label information that is well-understood, routines, conventional. Also, the additional step of “configuring” appears mental process that falls within “Mental Processes” grouping abstract ideas. Accordingly, the claim language does not specify in detail of how the label information is generated in functionality. Thus, the claim does not include additional limitations/elements that are sufficient to amount to significantly more than the judicial exception because the additional elements/limitations when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea.
Regarding dependent claims 12-14, and 16-19, the claims are essentially the same as dependent claims 2-4, 6-10 except that they are set forth the claimed invention as an apparatus rather than a method respectively and correspondingly, therefore are rejected under the same reasons set forth in rejections of dependent claims 2-4, and 6-10.
For at least above reasons, claims 1-3, 6-13, and 16-20 are not drawn to eligible subject matter as they are directed to an abstract idea without significant more.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 6-13, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kaveri Poompatnam Chandrasekaran et al., US Pub. No. 2024/0291866 A1 (hereinafter as “Kaveri”) in view of Yadav et al., US Pub. No. 2016/0359872 (hereinafter as “Yadav”), and further in view of Vishik et al., US Pub. No. 2022/0300617 A1 (hereinafter as “Vishik”).
Regarding claim 1, Kaveri teaches a method comprising:
extracting, by a device executing a first portion of a distributed application, label information from sensor data by a sidecar proxy for the first portion of the distributed application (see Fig. 1, wherein the element 170 is broadly interpreted as “a device” executing a first portion of Ridehailing/ridesharing APP 172 (see further in par. [0042]) for extracting or detecting information from sensor data in sensor systems 1, 2, 3 at elements 104, 106, 108; and Fig. 3, elements 360 – Application communicates with the Service Mesh Proxy 352 link to Policy Agent Sidecar 354 as interpreted “a sidecar proxy”, and see in pars. [0025] teaches the label information from the sensor system 104-108, [0026] see e.g., “sensor data captured in real-time by the sensor systems 104-108”, and [0043 and 57-58] disclose the label information, and “detect” the metadata; par. [0045]: “…The data plane may include proxies deployed as sidecar applications to applications/services running in cluster infrastructure 176. The proxies may mediate and control network communications between applications/services. Proxies may collect and report telemetry. The control plane may manage and configure proxies to route traffic…”; and further in pars. [0066-68] e.g., a service mesh proxy to ensure that routing of traffic to the security policy agent sidecar application when the application runs; and pars. [0073-74] e.g., “detect the annotation in the metadata”, and e.g., “detect the label in the metadata”, [0087]), wherein the label information indicates a sensor as a source of the sensor data (Fig. 1 at elements 170 and sensor systems 1-3 at elements 104-108, and par. [0022] discloses various types of sensors, and par. [0025], e.g., the “information from sensor systems 104-108”, and data sources; par. [0031]: “ The AV operational database 124 may store raw AV data generated by the sensor systems 104-108 and other components of the AV 102 and/or data received by the AV 102 from remote systems (e.g., the data center 150, the client computing device 170, etc.). In some embodiments, the raw AV data may include HD LIDAR point cloud data, image or video data, RADAR data, GPS data, and other sensor data that the data center 150 may use for creating or updating AV geospatial data”; and further in pars. [0043], [0073-74] e.g., “the annotation in the metadata”, and e.g., “the label in the metadata”, and [0087] “… the metadata may include an annotation indicating that … and a label indicating…”) and one or more data governance policies applicable to the sensor data (Fig. 3 at element 350 – Policy Bundles, element 354 – Policy Agent Sidecar; par. [0017] via “the security policies” which is interpreted as data governance policies; par. [0046], and pars. [0057-58, and 60] disclose “a security policy” and “security policies”, which is applicable to the sensor data collecting from the sensor systems 104-108 of Fig. 1);
enforcing, by the device and further based on the label information, at least one data governance policy by selectively passing the sensor data to the first portion of the distributed application or by selectively processing the sensor data by the first portion of the distributed application (see par. [0017] “Maintaining security systems that can enforce the security policies can cause significant disruption to the applications that implement the software to enforce security policies. When an update to the entitlements and the security policy is made, a new deployment of the application may be needed, which can disrupt the services that the application is providing. Also, when a change to the security software within the application is made, a new deployment of the application (including definition and rerunning of a new test suite for the application) may be needed”, par. [0018] teaches the controlling whether and how sensor data from 104-108 is processed by the Ridehailing/Ridesharing App 172 as shown in Fig. 1; and further in par. [0046]: “Access to these cloud workloads, via endpoints of the cloud workloads, may be restricted based on entitlements and security policies. Security policies may be enforced by security 192 or some other security solution. Ensuring that access to these cloud workloads are only given to authenticated and authorized users/services may protect these cloud workloads from malicious actors trying to compromise AV operations.”, and par. [0047] via “a control plane”; and pars. [0065] and [0084] for how to process data/metadata/information)
Kaveri does not explicitly teach the limitations: “verifying, by the device, a signature in the label information to authenticate the sensor as the source of the sensor data”, “performing, by the device and based on enforcement of the at least one data governance policy, a first data transformation of the distributed application on the sensor data using stored data, to form transformed data that is to be further processed by a remote device executing another portion of the distributed application;” “forming, by the device and in the sidecar proxy, combined label information for the transformed data by appending the label information with additional label information associated with the stored data and adding an indication of the first data transformation;” and “providing, by the device, the transformed data and the combined label information to the remote device to cause the remote device to further enforce, based on the combined label information, the at least one data governance policy in order to perform a second data transformation of the distributed application on the transformed data.”
In the same field of endeavor (i.e., data processing), Yadav teaches amended limitation:
verifying, by the device, a signature in the label information to authenticate the sensor as the source of the sensor data (pars. [0025] via known as “traffic flow signature”, [0030] “ if a traffic flow varies from its historical signature (packet size, transport control protocol header options, etc.) it may be an attack”, [0458], and [0512], e.g., “Once a host has been profiled, the system can compare the host's signature with a database of signatures and determine if the signature is similar to a malicious host's signature. For example, a malicious host may send a large number of empty or single byte packets while a legitimate host might send a larger number of large packets”, further in par. [0513]; and par. [0635] “labels can be provide by sensors in the computing network and used to manually label some connections”)
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the instant application to combine the teachings of the cited references because the teachings of Yadav would have provided Kaveri with the above indicated limitations for allowing a skill artisan in motivation as modified the teachings of Yadav into the teachings of Kaveri to perform the verification signature in the label information/data to manage and authenticate the sensor and its transmitting data as identified source.
Kaveri and Yadav do not explicitly teach the limitations: “performing, by the device and based on enforcement of the at least one data governance policy, a first data transformation of the distributed application on the sensor data using stored data, to form transformed data that is to be further processed by a remote device executing another portion of the distributed application;” “forming, by the device and in the sidecar proxy, combined label information for the transformed data by appending the label information with additional label information associated with the stored data and adding an indication of the first data transformation;” and “providing, by the device, the transformed data and the combined label information to the remote device to cause the remote device to further enforce, based on the combined label information, the at least one data governance policy in order to perform a second data transformation of the distributed application on the transformed data.”
In the same field of endeavor (i.e., data processing), Vishik teaches:
performing, by the device and based on enforcement of the at least one data governance policy (see Abstract: via “security policies”; and details in par. [0018]), a first data transformation of the distributed application on the sensor data using stored data, to form transformed data that is to be further processed by a remote device executing another portion of the distributed application; (par. [0042] “Each data domain of the one or more data domains 320A-320N may be registered in a global repository…. data is transmitted from the data domain 320A to the data domain 320B, a data domain tag is appended to the data (e.g., Data1+Tag1)…” wherein the “Data1+Tag1” is interpreted as the first data transformation; pars. [0047] “the transmitted data package includes Data1 (e.g., Data0 processed into transformed Data1)+Tag1+Signature (Data1, Tag1)+Signature (Tag1)…” Fig. 2, element 225 – Databases, and par. [0042] “…, a second data domain tag is appended to the transformed data (e.g., Data2) and the previous data domain tag (e.g., Data 2+Tag1+Tag2). As data is transmitted from the data domain 320C to the data domain 320N, a third data domain tag is appended to the transformed data (e.g., Data3) and the previous data domain tags (e.g., Data 3+Tag1+Tag2+Tag3), and so on. In this regard, as data traverses multiple data domains where the data is processed and/or transformed, the tags from each data domain (e.g., each data domain tag) may be concatenated while preserving the integrity of the previous tags”; and [0097] “process the data element into a transformed data element”);
forming, by the device and in the sidecar proxy (Fig. 3 and par. [0045] for teaching at least sidecar and service mesh proxy), combined label information for the transformed data by appending the label information with additional label information associated with the stored data and adding an indication of the first data transformation (par. [0042] “data is transmitted from the data domain 320A to the data domain 320B, a data domain tag is appended to the data (e.g., Data1+Tag1). As data is transmitted from the data domain 320B to the data domain 320C, a second data domain tag is appended to the transformed data (e.g., Data2) and the previous data domain tag (e.g., Data 2+Tag1+Tag2). As data is transmitted from the data domain 320C to the data domain 320N, a third data domain tag is appended to the transformed data (e.g., Data3) and the previous data domain tags (e.g., Data 3+Tag1+Tag2+Tag3), and so on…”; and par. [0048] teaches the combined tags=label information for the transformed data); and
providing, by the device, the transformed data and the combined label information to the remote device (see Figs. 3A-3B, wherein the Data Consumer, e.g., AI Training System is interpreted as the remote device, par. [0027] “a wired network interface to communicate with remote devices…”) to cause the remote device to further enforce, based on the combined label information, the at least one data governance policy in order (pars. [0018], [0045] via “policy enforcement”, and [0046] “…Security policies may be enforced by security 192 or some other security solution. Ensuring that access to these cloud workloads are only given to authenticated and authorized users/services may protect these cloud workloads from malicious actors trying to compromise AV operations”) to perform a second data transformation of the distributed application on the transformed data (pars. [0042] discloses “ (e.g., Data 2+Tag1+Tag2). As data is transmitted from the data domain 320C to the data domain 320N, a third data domain tag is appended to the transformed data (e.g., Data3) and the previous data domain tags (e.g., Data 3+Tag1+Tag2+Tag3)” which is disclosed the second data transformation, and combined label information; and [0048]).
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the instant application to combine the teachings of the cited references because the teachings of Vishik would have provided Kaveri and Yadav with the above indicated limitations for allowing a skill artisan in motivation as modified the teachings of Vishik into the teachings of Kaveri and Yadav to perform the data transformation and combined label information the transformed data more secure through the network traffic is filtered through the sidecar application proxy (Vishik: Figs. 2 and 5; and pars. [0019], [0042-44]).
Regarding claim 2, Vishik teaches: wherein the one or more data governance policies control whether the device performs the first data transformation (Vishik: par. [0017] “data privacy may be preserved by utilizing privacy preserving techniques such as privacy preserving machine learning (PPML), homomorphic encryption, and confidential computing”; par. [0037] “data and/or metadata relating to one or more users, physical locations or areas, applicable laws, policies and/or regulations, user preferences and/or profiles, security and/or authentication data, historical and/or preferred details, and/or the like.”; and par. [0047-48] disclose “device (e.g., 325B)” being used to process the data element in such the data transformation, for instance, the first transformed data Data0 to Data1, and so on).
Regarding claim 3, Vishik teaches: wherein the label information is cryptographically signed by the sensor to indicate that the sensor is the source of the sensor data (Vishik: e.g., data domain tag(s), pars. [0046-48] via cryptographical signature to the data transformation, for instance, the first transformed data Data0 to Data1, and so on; and par. [0044] e.g., “cryptographic protection… verifies cryptographic binding between the data element and the existing data domain tag using a public key”).
Regarding claim 6, Vishik teaches: cryptographically signing the combined label information (pars. [0044], and [0047] …”Data1 and Tag1 are cryptographically signed to be bound together to prevent security attacks”, and [0048] “…A signature is created for each of: the data element, Data2, with the appended tags, Tag1, and Tag2. As such, the resulting data package includes Data2 (e.g., Data1 processed into transformed Data2)+Tag1+Tag2+Signature (Data2, Tag1, Tag2)+Signature (Tag1)+Signature (Tag2). As shown, both Signature (Data2, Tag1, Tag2) and Signature (Tag2) are created using the private key (e.g., PvtK2) of the domain member device (e.g., 325B) processing the data element. As discussed above, Data2 and Tag1 and Tag2 are cryptographically signed to be bound together to prevent security attacks. As discussed above relative to detection and verification logic 201, in the example illustrated in FIG. 3B, the detection and verification logic 201 verifies the cryptographic binding between Data1 and Tag1”).
Regarding claim 7, Vishik teaches: wherein the device performs the first data transformation in part based on the additional label information associated with the stored data (Vishik: pars. [0037] “database(s) 225 may include one or more of storage mediums or devices, repositories, data sources, etc., having any amount and type of information, such as data, metadata, etc., relating to any number and type of applications,…”; and [0042 and 48] as explained above to data transformation including previous/existed transformed data as interpreted as the stored data;).
Regarding claim 8, Vishik teaches: wherein the additional label information indicates one or more data governance policies applicable to the stored data (par. [0037] “data and/or metadata relating to one or more users, physical locations or areas, applicable laws, policies, and/or regulations, user preferences and/or profiles, security and/or authentication data, historical and/or preferred details, and/or the like”, and pars [0042 and 0048] as explained above to data transformation including cryptographical signature(s), and the previous/existed transformed data which is/are interpreted as the stored data).
Regarding claim 9, Kaveri and Vishik, in combination, teach: wherein the sensor is a camera (Kaveri: par. [0022] discloses, e.g., the sensor system 104 may be a camera system; and Vishik: Fig. 2, elements 231 and 242, and par. [0035] e.g., camera (s) 242 (e.g., Intel® RealSense™ camera)).
Regarding claim 10, Kaveri and Vishik, in combination, teach: configuring the sensor to generate the label information (Kaveri: pars. [0022] e.g., the sensor system 104 may be a camera system, and [0026, 57, and 72-73]; and Vishik: see Fig. 2, element 231 and element 110 – Tagging Mechanism for generating the tags/label information)
Claims 11-14, and 16-20 are rejected in the analysis of above claims 1-4, 6-10; and therefore, the claims are rejected on that basis.
Response to Arguments
Referring to claim rejection under 35 USC 101 as being abstract idea, Applicant’s arguments to amended limitation in respective claim 1 (see Remarks at pages 10-11) have been fully considered, but are not persuasive accordance to the 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50 (Jan. 7, 2019).
Regarding independent claim 1, it appears that the claim recites the limitations in the steps of “extracting,…, label information from sensor data…”, “verifying, …, a signature in the label information…”, “performing, …, a first data transformation…”, and “forming, …, combined label information for the transformed data…”, as drafted, are mental processes because the acting steps of “extracting”, “verifying”, and “performing” can perform via human mind (e.g., an observation or evaluation) that falls within “Mental Processes” grouping abstract idea under Step 2A, Prong I (see MPEP 2106.04(a)(2), Part III).
In additional, examiner realizes that claim 1 does not recite any additional elements/limitations that integrate the judicial exception into “a practical application”. The additional elements of “a device” (e.g., computing device) having at least “a processor” and/or “a memory”, “a remote device”, “a sensor” as a camera, and “a sidecar proxy” are higher generic computing component(s), which are used as tools for performing the steps of “extracting”, “performing”, and “forming” as known by a skill artisan without specifying in details of how data and combined label information is/are being processed and/or transformed. Furthermore, the additional steps of “enforcing” and “providing” represent insignificant extra-solution activities under Step 2A, Prong II (see MPEP 2106.05(a)-(c), and (e)-(h)). These insignificant extra-solution activities are also well-understood, routine, conventional activities as known by a skill artisan in the relevant technical field of gathering data via network within the sidecar proxy for inter-service communications, monitoring, and security (i.e., microservices, and mesh services), see Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (see MPEP 2106.05(d)).
For at least above explained reasons, the rejections are maintained.
(*** Similar analysis under Steps 2A (Prong I and Prong II), and Step 2B are also applied to independent claims 11 and 20, respectively).
Referring to claim rejection under 35 USC 103, Applicant's arguments with respective independent claim 1 (same as to claims 11, and 20) to the amended feature/limitation (see Remarks, pages 12-16) have been fully considered but are moot in view of the new grounds of rejection necessitated by applicant's amendment to the claims. Applicant's newly amended features are taught implicitly, expressly, or impliedly by the prior art of record.
In addition, regarding claim 1, examiner respectfully submits that Vishik teaches the amended feature: “enforcement of the at least one data governance policy” (see Abstract: via “security policies”; and details in pars. [0018], [0045] via “policy enforcement”, and [0046] “…Security policies may be enforced by security 192 or some other security solution. Ensuring that access to these cloud workloads are only given to authenticated and authorized users/services may protect these cloud workloads from malicious actors trying to compromise AV operations”).
For at least above reason(s), the rejections are maintained.
Prior Arts
The prior art made of record on form PTO-892 and not relied upon is considered pertinent to applicant's disclosure. Applicant is required under 37 C.F.R. § 1.111(c) to consider these references fully when responding to this action.
It is noted that any citation to specific, pages, columns, lines, or figures in the prior art references and any interpretation of the references should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. See In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275,277 (CCPA 1968)); Merck & Co. v. Biocraft Laboratories, 874 F.2d 804, 10 USPQ2d 1843 (Fed. Cir.), cert. denied, 493 U.S. 975 (1989).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jessica N. Le whose telephone number is (571)270-1009. The examiner can normally be reached M-F 9:30 am - 5:30 pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHERIEF BADAWI can be reached on (571) 272-9782. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jessica N Le/Examiner, Art Unit 2169
/SHERIEF BADAWI/Supervisory Patent Examiner, Art Unit 2169