DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Introduction
The claims 1-20 are pending in this application. This is a non-final office action in response to Application Number 18/391,387 filed on 20 December 2023. The applicant of record is Boost SubscriberCo L.L.C. and the inventor of record is Matthew Daniel Kniess.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5 August 2024 was filed after the filing date of the instant application on 20 December 2023 and before the mailing date of the first office action on the merits. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Interpretation
The claims have been considered according to the latest Patent Eligibility Guidelines and are considered eligible.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 8-14, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Krig et al. (U.S. Patent Publication 2015/0319137) in view of Walker et al. (U.S. Patent Publication 2024/0356625).
Regarding claim 1, Krig disclosed a computer-implemented method comprising:
receiving, at one or more computing devices (see Krig Fig. 1 #110, [0017]: “FIG. 1 illustrates a block diagram for a communications system 100. In one embodiment, the communications system 100 may comprise a computer-implemented communications system 100 having a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics, and a network control component 128 operative to determine whether to block the connection 130 based on the one or more determined characteristics….”; [0018]: “…The connection management application 110 may comprise a software application running on a client device, such as a desktop PC, laptop, smartphone, mobile device, or any other client device capable of communication using the Internet. The connection management application 110 may comprise a service, such as a cloud service, and may therefore be implemented on one or more servers acting as a proxy for a client device.” | Fig. 3 #320, [0041]: “FIG. 3 illustrates a block diagram of a centralized system 300. The centralized system 300 may implement some or all of the structure and/or operations for the communications system 100 in a single computing entity, such as entirely within a single device 320.” | Fig. 4, [0046]: “FIG. 4 illustrates a block diagram of a distributed system 400. The distributed system 400 may distribute portions of the structure and/or operations for the communications system 100 across multiple computing entities. Examples of distributed system 400 may include without limitation a client-server architecture, a 3-tier architecture, an N-tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems…” | Fig. 6, [0065]: “FIG. 6 illustrates a block diagram of an exemplary communications architecture 600 suitable for implementing various embodiments as previously described…”; [0068]: “…A communications network may be any one and the combination of wired and/or wireless networks including without limitation…a cellular network…”), metadata information indicative of a route of a data packet through various nodes (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”) of a cellular network (see Krig [0068]: communications network is a cellular network);
updating, by the one or more computing devices, a metadata record representing the data packet (see Krig Fig. 1, [0017]: “…a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics...”) to include the metadata information indicative of a route of the data packet through the various nodes (see Krig [0024]: “…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…” | [0030]: “…In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist. In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…” | [0049]: “…As such, the signals 422 sent over media 420 may comprise data and control signals sent between the user-side content management application 423 and the server-side content management application 425 such that the user of the client device 410 may presented with relevant data—such as the determined characteristics—and receive and respond to queries as to whether a connection should be blocked…”), the metadata record being a portion of a unified database (see Walker combination below) maintained to keep track of various data packets traversing the cellular network (see Krig Fig. 1 #110, [0017]: “FIG. 1 illustrates a block diagram for a communications system 100. In one embodiment, the communications system 100 may comprise a computer-implemented communications system 100 having a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics, and a network control component 128 operative to determine whether to block the connection 130 based on the one or more determined characteristics….”; [0018]: “…The connection management application 110 may comprise a software application running on a client device, such as a desktop PC, laptop, smartphone, mobile device, or any other client device capable of communication using the Internet. The connection management application 110 may comprise a service, such as a cloud service, and may therefore be implemented on one or more servers acting as a proxy for a client device.”; [0020]: “…The traffic analysis component 124 may be generally arranged to determine one or more characteristics of the routing of the connection. These characteristics may comprise information about the connection source 140 or any of the one or more entities through which the connection 130 is routed. These characteristics may comprise a name, country, street address, Internet Protocol (IP) address, service provider, domain name, physical location, GPS coordinates, a type of traffic (e.g. text, binary, encrypted, video, images), a quantity of traffic, and a duration of the connection. In various embodiments, the traffic analysis component 124 may be operative to perform a unified analysis of a plurality of connections wherein each of the plurality of connections is associated with a particular client network application or network task, such as a web browser or the loading of a web page…” | [0030]: “…For example, a request to open a network socket to a remote server may include within it a field specifying one or more of a whitelist, blacklist, and preference list for the routing of the connection 130, such that each intermediate step in the routing of the connection 130 is expected to adhere to the whitelist, blacklist, and/or preference list. In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist…” | Fig. 3 #320, [0041]: “FIG. 3 illustrates a block diagram of a centralized system 300. The centralized system 300 may implement some or all of the structure and/or operations for the communications system 100 in a single computing entity, such as entirely within a single device 320.” | Fig. 4, [0046]: “FIG. 4 illustrates a block diagram of a distributed system 400. The distributed system 400 may distribute portions of the structure and/or operations for the communications system 100 across multiple computing entities. Examples of distributed system 400 may include without limitation a client-server architecture, a 3-tier architecture, an N-tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems…” | Fig. 6, [0065]: “FIG. 6 illustrates a block diagram of an exemplary communications architecture 600 suitable for implementing various embodiments as previously described…”; [0068]: “…A communications network may be any one and the combination of wired and/or wireless networks including without limitation…a cellular network…”); and
providing, in response to a query received from an entity associated with the cellular network (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”), metadata information associated with the route of the data packet through the various nodes (see Krig [0024]: “…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…” | [0030]: “…In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist. In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…” | [0049]: “…As such, the signals 422 sent over media 420 may comprise data and control signals sent between the user-side content management application 423 and the server-side content management application 425 such that the user of the client device 410 may presented with relevant data—such as the determined characteristics—and receive and respond to queries as to whether a connection should be blocked…”).
With respect to the use of “unified database” in the limitations above, examiner notes that Krig disclosed a shared database architecture (see Krig Fig. 4, [0046]) and operating in a cellular environment (see Krig [0068]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that a unified database is a type of shared database, however in a related art, Walker disclosed determining an optimum communication path to a UE (see Walker [0036]) and establishing multiple independent communication paths to UEs, e.g., line of sight path and relay-directed path, and selecting the path that avoids interference (see Walker [0034]). Relay devices are registered in a database to allow discovery, setup, and control of relay devices when establishing useful communication paths to terminal devices as well as to allow competition over control of relay deices between different networks and network operators (see Walker [0035]). Information about relay devices are looked up in a database (see Walker [0039]) and information stored in a database is used to plan an appropriate path (see Walker [0040]). “…the reconfigurable relay device can obtain direct information about its location and/or orientation, which may be signaled to a database, or (directly/indirectly) to a controlling access device that can use it for path planning.” (see Walker [0047]) and the database includes device metadata and may be included as part of a core network function (see Walker [0091]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig and Walker to further describe the types of databases used in a cellular network. Including Walker’s teachings would reduce costs (see Walker [0029]), provide rapid calculation of a RF communication signal path (see Walker [0033]), improve quality of a 5G-based wireless communication path (see Walker [0027]), and also provide multiple independent communication paths to the UE to avoid interference (see Walker [0034]).
Regarding claim 2, Krig-Walker disclosed the method of claim 1, wherein a node of the various nodes comprises any one of: a service, a device, or an application (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…” | [0030]: “…For example, a request to open a network socket to a remote server may include within it a field specifying one or more of a whitelist, blacklist, and preference list for the routing of the connection 130, such that each intermediate step in the routing of the connection 130 is expected to adhere to the whitelist, blacklist, and/or preference list. In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist…”).
Regarding claim 3, Krig-Walker disclosed the method of claim 1, further comprising:
determining that a category of one or more categories of metadata information is associated with an action for the category (see Krig [0020]: “The connection management applications 110 may comprise a traffic analysis component 124. The traffic analysis component 124 may be generally arranged to determine one or more characteristics of the routing of the connection. These characteristics may comprise information about the connection source 140 or any of the one or more entities through which the connection 130 is routed. These characteristics may comprise a name, country, street address, Internet Protocol (IP) address, service provider, domain name, physical location, GPS coordinates, a type of traffic (e.g. text, binary, encrypted, video, images), a quantity of traffic, and a duration of the connection. In various embodiments, the traffic analysis component 124 may be operative to perform a unified analysis of a plurality of connections wherein each of the plurality of connections is associated with a particular client network application or network task, such as a web browser or the loading of a web page…”; [0023]: “The connection management application 100 may comprise a network control component 128. The network control component 128 may be arranged to determine whether to block the connection 130 based on the one or more determined characteristics. Any of the determined characteristics may be used as the basis of a decision to block or not to block. The user of the connection management application 110 may be operative to specify one or more rules which indicate that a connection 130 should be blocked if the one or more determined characteristics conform to the settings of the rule. For example, one or more rules may specify that a connection 130 is to be blocked if any of the physical locations that may comprise the one or more determined characteristics corresponds to a set of blacklisted physical locations…” | [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”), wherein the action comprises any one of encrypting data associated with the category, masking data associated with the category, protecting data associated with the category, formatting data associated with the category, or labeling the category (see Krig [0026]: “…In some embodiments, connections to the server or servers corresponding to a uniform resource locator (URL) of the web page may be automatically allowed as being the direct result of a user action, while any connections 130 to other servers are considered according to the rules of the network control component 128. In some embodiments, these rules may be conditional on the type of data being transmitted over the connections 130 or the purpose of the connections 130. For example, a connection 130 to a server hosting textual, image, video, or other media or multimedia content may be allowed unless the connection 130 has determined characteristics corresponding to a specific rule to block (such as a connection to or through a blacklisted country) while a connection 130 to a server acting as a tracking server—which attempts to track the behavior of individual computer users across multiple web pages or web sites—may be blocked, or the user may be asked whether to block, unless the tracking server or tracking servers appear on a whitelist of allowed tracking servers.” | [0033]: “In some embodiments, a standardized icon may be used to communicate that a verified connection path (VCP) has been established for a connection. This may comprise a particular image or may comprise a standardized piece of text, such as “HTTP-VCP://” as a counterpart to the traditional “HTTPS://” indicating a secure connection, where HTTP refers to a “hypertext transfer protocol” and HTTPS refers to a “HTTP secure protocol.” A user client may be operative to display the VCP icon when a connection with verified routing has been established according to the embodiments contained herein, and to not display the VCP icon when no such verified connection has been established…” | [0071]: “In another example, the apparatus may additionally or alternatively comprise where determining the one or more characteristics comprises performing an encrypted exchange with a plurality of routing points of the routing of the connection, the encrypted exchanges comprising public-key based verification of identifying information of the plurality of routing points, determining whether to block the connection comprising blocking the connection when any of the routing points are not securely verified.”); and
responsive to determining that the category is associated with an action for the category, performing the action (see Krig [0020]: “…The traffic analysis component 124 may be generally arranged to determine one or more characteristics of the routing of the connection...These characteristics may comprise a name, country, street address, Internet Protocol (IP) address, service provider, domain name, physical location, GPS coordinates, a type of traffic (e.g. text, binary, encrypted, video, images), a quantity of traffic, and a duration of the connection…”; [0023]: “The connection management application 100 may comprise a network control component 128. The network control component 128 may be arranged to determine whether to block the connection 130 based on the one or more determined characteristics…” | [0026]: “…In some embodiments, connections to the server or servers corresponding to a uniform resource locator (URL) of the web page may be automatically allowed as being the direct result of a user action, while any connections 130 to other servers are considered according to the rules of the network control component 128. In some embodiments, these rules may be conditional on the type of data being transmitted over the connections 130 or the purpose of the connections 130. For example, a connection 130 to a server hosting textual, image, video, or other media or multimedia content may be allowed unless the connection 130 has determined characteristics corresponding to a specific rule to block (such as a connection to or through a blacklisted country) while a connection 130 to a server acting as a tracking server—which attempts to track the behavior of individual computer users across multiple web pages or web sites—may be blocked, or the user may be asked whether to block, unless the tracking server or tracking servers appear on a whitelist of allowed tracking servers.” | [0033]: “In some embodiments, a standardized icon may be used to communicate that a verified connection path (VCP) has been established for a connection. This may comprise a particular image or may comprise a standardized piece of text, such as “HTTP-VCP://” as a counterpart to the traditional “HTTPS://” indicating a secure connection, where HTTP refers to a “hypertext transfer protocol” and HTTPS refers to a “HTTP secure protocol.” A user client may be operative to display the VCP icon when a connection with verified routing has been established according to the embodiments contained herein, and to not display the VCP icon when no such verified connection has been established…” | [0071]: “In another example, the apparatus may additionally or alternatively comprise where determining the one or more characteristics comprises performing an encrypted exchange with a plurality of routing points of the routing of the connection, the encrypted exchanges comprising public-key based verification of identifying information of the plurality of routing points, determining whether to block the connection comprising blocking the connection when any of the routing points are not securely verified.”).
Regarding claim 8, Krig-Walker disclosed the method of claim 1, wherein the method further comprises:
receiving metadata information indicative of a route of a second data packet (see Krig [0020]: “…In various embodiments, the traffic analysis component 124 may be operative to perform a unified analysis of a plurality of connections wherein each of the plurality of connections is associated with a particular client network application or network task, such as a web browser or the loading of a web page…” | [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”) through the cellular network (see Krig [0068]: communications network is a cellular network);
determining that the unified database does not include a corresponding metadata record for the second data packet (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”, i.e. potential connection for the packet is not included in a list | [0030]: “…In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…It will be appreciated that any of the enclosed embodiments may be used at the instantiation of a connection, at the reception of an incoming connection, at the creation of an outgoing connection, or an existing connection.”); and
responsive to determining that the unified database does not include a corresponding metadata record for the second data packet, generating a second metadata record representing the second data packet in the unified database (see Krig [0024]: “… In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”, i.e. user specifies whether or not a connection is to be included in a list (generating a record).).
Regarding claim 9, Krig-Walker disclosed the method of claim 1, wherein the unified database is any one or more of: a relational database or a graph database (see Krig Fig. 4, [0046]: shared database architecture; examiner notes that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that the format and structure of the database, e.g., relational vs graph, are matters of implementation choice).
Regarding claim 10, Krig-Walker disclosed the method of claim 1, further comprising providing a user-interface for presentation on a user device, the user-interface configured to represent information from the unified database (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”), the information comprising metadata records from the unified database filtered in accordance with one or more tags (see Krig [0025]: “…In some embodiments, the user may be able to specify which characteristics of the one or more characteristics they wish to be presented with when queried as to whether a connection 130 should be blocked…”).
Regarding claim 11, the claim contains the limitations, substantially as claimed, as described in claim 1 above. Examiner notes that claim 1 describes a computer-implemented method whereas claim 11 describes a non-transitory, computer-readable medium. Krig disclosed, as recited in claim 11: A non-transitory, computer-readable medium storing one or more instructions executable by a computer system (see Krig Fig. 5 #506 system memory; #504 processing unit) to perform operations comprising:
receiving, at one or more computing devices (see Krig Fig. 1 #110, [0017]: “FIG. 1 illustrates a block diagram for a communications system 100. In one embodiment, the communications system 100 may comprise a computer-implemented communications system 100 having a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics, and a network control component 128 operative to determine whether to block the connection 130 based on the one or more determined characteristics….”; [0018]: “…The connection management application 110 may comprise a software application running on a client device, such as a desktop PC, laptop, smartphone, mobile device, or any other client device capable of communication using the Internet. The connection management application 110 may comprise a service, such as a cloud service, and may therefore be implemented on one or more servers acting as a proxy for a client device.” | Fig. 3 #320, [0041]: “FIG. 3 illustrates a block diagram of a centralized system 300. The centralized system 300 may implement some or all of the structure and/or operations for the communications system 100 in a single computing entity, such as entirely within a single device 320.” | Fig. 4, [0046]: “FIG. 4 illustrates a block diagram of a distributed system 400. The distributed system 400 may distribute portions of the structure and/or operations for the communications system 100 across multiple computing entities. Examples of distributed system 400 may include without limitation a client-server architecture, a 3-tier architecture, an N-tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems…” | Fig. 6, [0065]: “FIG. 6 illustrates a block diagram of an exemplary communications architecture 600 suitable for implementing various embodiments as previously described…”; [0068]: “…A communications network may be any one and the combination of wired and/or wireless networks including without limitation…a cellular network…”), metadata information indicative of a route of a data packet through various nodes (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”) of a cellular network (see Krig [0068]: communications network is a cellular network);
updating, by the one or more computing devices, a metadata record representing the data packet (see Krig Fig. 1, [0017]: “…a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics...”) to include the metadata information indicative of a route of the data packet through the various nodes (see Krig [0024]: “…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…” | [0030]: “…In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist. In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…” | [0049]: “…As such, the signals 422 sent over media 420 may comprise data and control signals sent between the user-side content management application 423 and the server-side content management application 425 such that the user of the client device 410 may presented with relevant data—such as the determined characteristics—and receive and respond to queries as to whether a connection should be blocked…”), the metadata record being a portion of a unified database (see Walker combination below) maintained to keep track of various data packets traversing the cellular network (see Krig Fig. 1 #110, [0017]: “FIG. 1 illustrates a block diagram for a communications system 100. In one embodiment, the communications system 100 may comprise a computer-implemented communications system 100 having a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics, and a network control component 128 operative to determine whether to block the connection 130 based on the one or more determined characteristics….”; [0018]: “…The connection management application 110 may comprise a software application running on a client device, such as a desktop PC, laptop, smartphone, mobile device, or any other client device capable of communication using the Internet. The connection management application 110 may comprise a service, such as a cloud service, and may therefore be implemented on one or more servers acting as a proxy for a client device.”; [0020]: “…The traffic analysis component 124 may be generally arranged to determine one or more characteristics of the routing of the connection. These characteristics may comprise information about the connection source 140 or any of the one or more entities through which the connection 130 is routed. These characteristics may comprise a name, country, street address, Internet Protocol (IP) address, service provider, domain name, physical location, GPS coordinates, a type of traffic (e.g. text, binary, encrypted, video, images), a quantity of traffic, and a duration of the connection. In various embodiments, the traffic analysis component 124 may be operative to perform a unified analysis of a plurality of connections wherein each of the plurality of connections is associated with a particular client network application or network task, such as a web browser or the loading of a web page…” | [0030]: “…For example, a request to open a network socket to a remote server may include within it a field specifying one or more of a whitelist, blacklist, and preference list for the routing of the connection 130, such that each intermediate step in the routing of the connection 130 is expected to adhere to the whitelist, blacklist, and/or preference list. In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist…” | Fig. 3 #320, [0041]: “FIG. 3 illustrates a block diagram of a centralized system 300. The centralized system 300 may implement some or all of the structure and/or operations for the communications system 100 in a single computing entity, such as entirely within a single device 320.” | Fig. 4, [0046]: “FIG. 4 illustrates a block diagram of a distributed system 400. The distributed system 400 may distribute portions of the structure and/or operations for the communications system 100 across multiple computing entities. Examples of distributed system 400 may include without limitation a client-server architecture, a 3-tier architecture, an N-tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems…” | Fig. 6, [0065]: “FIG. 6 illustrates a block diagram of an exemplary communications architecture 600 suitable for implementing various embodiments as previously described…”; [0068]: “…A communications network may be any one and the combination of wired and/or wireless networks including without limitation…a cellular network…”); and
providing, in response to a query received from an entity associated with the cellular network (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”), metadata information associated with the route of the data packet through the various nodes (see Krig [0024]: “…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…” | [0030]: “…In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist. In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…” | [0049]: “…As such, the signals 422 sent over media 420 may comprise data and control signals sent between the user-side content management application 423 and the server-side content management application 425 such that the user of the client device 410 may presented with relevant data—such as the determined characteristics—and receive and respond to queries as to whether a connection should be blocked…”).
With respect to the use of “unified database” in the limitations above, examiner notes that Krig disclosed a shared database architecture (see Krig Fig. 4, [0046]) and operating in a cellular environment (see Krig [0068]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that a unified database is a type of shared database, however in a related art, Walker disclosed determining an optimum communication path to a UE (see Walker [0036]) and establishing multiple independent communication paths to UEs, e.g., line of sight path and relay-directed path, and selecting the path that avoids interference (see Walker [0034]). Relay devices are registered in a database to allow discovery, setup, and control of relay devices when establishing useful communication paths to terminal devices as well as to allow competition over control of relay deices between different networks and network operators (see Walker [0035]). Information about relay devices are looked up in a database (see Walker [0039]) and information stored in a database is used to plan an appropriate path (see Walker [0040]). “…the reconfigurable relay device can obtain direct information about its location and/or orientation, which may be signaled to a database, or (directly/indirectly) to a controlling access device that can use it for path planning.” (see Walker [0047]) and the database includes device metadata and may be included as part of a core network function (see Walker [0091]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig and Walker to further describe the types of databases used in a cellular network. Including Walker’s teachings would reduce costs (see Walker [0029]), provide rapid calculation of a RF communication signal path (see Walker [0033]), improve quality of a 5G-based wireless communication path (see Walker [0027]), and also provide multiple independent communication paths to the UE to avoid interference (see Walker [0034]).
Regarding claim 12, the claim contains the limitations, substantially as claimed, as described in claim 1 above. Examiner notes that claim 1 describes a computer-implemented method whereas claim 11 describes a computer-implemented system. Krig disclosed, as recited in claim 12: A computer-implemented system, comprising:
one or more computers (see Krig Fig. 5 #502 computer); and
one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers (see Krig Fig. 5 #504 processing unit; #506 system memory; #532 applications stored on memory), perform one or more operations comprising:
receiving, at one or more computing devices (see Krig Fig. 1 #110, [0017]: “FIG. 1 illustrates a block diagram for a communications system 100. In one embodiment, the communications system 100 may comprise a computer-implemented communications system 100 having a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics, and a network control component 128 operative to determine whether to block the connection 130 based on the one or more determined characteristics….”; [0018]: “…The connection management application 110 may comprise a software application running on a client device, such as a desktop PC, laptop, smartphone, mobile device, or any other client device capable of communication using the Internet. The connection management application 110 may comprise a service, such as a cloud service, and may therefore be implemented on one or more servers acting as a proxy for a client device.” | Fig. 3 #320, [0041]: “FIG. 3 illustrates a block diagram of a centralized system 300. The centralized system 300 may implement some or all of the structure and/or operations for the communications system 100 in a single computing entity, such as entirely within a single device 320.” | Fig. 4, [0046]: “FIG. 4 illustrates a block diagram of a distributed system 400. The distributed system 400 may distribute portions of the structure and/or operations for the communications system 100 across multiple computing entities. Examples of distributed system 400 may include without limitation a client-server architecture, a 3-tier architecture, an N-tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems…” | Fig. 6, [0065]: “FIG. 6 illustrates a block diagram of an exemplary communications architecture 600 suitable for implementing various embodiments as previously described…”; [0068]: “…A communications network may be any one and the combination of wired and/or wireless networks including without limitation…a cellular network…”), metadata information indicative of a route of a data packet through various nodes (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”) of a cellular network (see Krig [0068]: communications network is a cellular network);
updating, by the one or more computing devices, a metadata record representing the data packet (see Krig Fig. 1, [0017]: “…a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics...”) to include the metadata information indicative of a route of the data packet through the various nodes (see Krig [0024]: “…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…” | [0030]: “…In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist. In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…” | [0049]: “…As such, the signals 422 sent over media 420 may comprise data and control signals sent between the user-side content management application 423 and the server-side content management application 425 such that the user of the client device 410 may presented with relevant data—such as the determined characteristics—and receive and respond to queries as to whether a connection should be blocked…”), the metadata record being a portion of a unified database (see Walker combination below) maintained to keep track of various data packets traversing the cellular network (see Krig Fig. 1 #110, [0017]: “FIG. 1 illustrates a block diagram for a communications system 100. In one embodiment, the communications system 100 may comprise a computer-implemented communications system 100 having a connection management application 110 comprising one or more components: a communications component 122 operative to manage a connection 130 for a client, the connection 130 routed over a network, a traffic analysis component 124 operative to determine one or more characteristics of the routing of the connection 130, a logging component 126 operative to create a record in a log of network traffic of the one or more characteristics, and a network control component 128 operative to determine whether to block the connection 130 based on the one or more determined characteristics….”; [0018]: “…The connection management application 110 may comprise a software application running on a client device, such as a desktop PC, laptop, smartphone, mobile device, or any other client device capable of communication using the Internet. The connection management application 110 may comprise a service, such as a cloud service, and may therefore be implemented on one or more servers acting as a proxy for a client device.”; [0020]: “…The traffic analysis component 124 may be generally arranged to determine one or more characteristics of the routing of the connection. These characteristics may comprise information about the connection source 140 or any of the one or more entities through which the connection 130 is routed. These characteristics may comprise a name, country, street address, Internet Protocol (IP) address, service provider, domain name, physical location, GPS coordinates, a type of traffic (e.g. text, binary, encrypted, video, images), a quantity of traffic, and a duration of the connection. In various embodiments, the traffic analysis component 124 may be operative to perform a unified analysis of a plurality of connections wherein each of the plurality of connections is associated with a particular client network application or network task, such as a web browser or the loading of a web page…” | [0030]: “…For example, a request to open a network socket to a remote server may include within it a field specifying one or more of a whitelist, blacklist, and preference list for the routing of the connection 130, such that each intermediate step in the routing of the connection 130 is expected to adhere to the whitelist, blacklist, and/or preference list. In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist…” | Fig. 3 #320, [0041]: “FIG. 3 illustrates a block diagram of a centralized system 300. The centralized system 300 may implement some or all of the structure and/or operations for the communications system 100 in a single computing entity, such as entirely within a single device 320.” | Fig. 4, [0046]: “FIG. 4 illustrates a block diagram of a distributed system 400. The distributed system 400 may distribute portions of the structure and/or operations for the communications system 100 across multiple computing entities. Examples of distributed system 400 may include without limitation a client-server architecture, a 3-tier architecture, an N-tier architecture, a tightly-coupled or clustered architecture, a peer-to-peer architecture, a master-slave architecture, a shared database architecture, and other types of distributed systems…” | Fig. 6, [0065]: “FIG. 6 illustrates a block diagram of an exemplary communications architecture 600 suitable for implementing various embodiments as previously described…”; [0068]: “…A communications network may be any one and the combination of wired and/or wireless networks including without limitation…a cellular network…”); and
providing, in response to a query received from an entity associated with the cellular network (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”), metadata information associated with the route of the data packet through the various nodes (see Krig [0024]: “…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…” | [0030]: “…In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist. In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…” | [0049]: “…As such, the signals 422 sent over media 420 may comprise data and control signals sent between the user-side content management application 423 and the server-side content management application 425 such that the user of the client device 410 may presented with relevant data—such as the determined characteristics—and receive and respond to queries as to whether a connection should be blocked…”).
With respect to the use of “unified database” in the limitations above, examiner notes that Krig disclosed a shared database architecture (see Krig Fig. 4, [0046]) and operating in a cellular environment (see Krig [0068]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that a unified database is a type of shared database, however in a related art, Walker disclosed determining an optimum communication path to a UE (see Walker [0036]) and establishing multiple independent communication paths to UEs, e.g., line of sight path and relay-directed path, and selecting the path that avoids interference (see Walker [0034]). Relay devices are registered in a database to allow discovery, setup, and control of relay devices when establishing useful communication paths to terminal devices as well as to allow competition over control of relay deices between different networks and network operators (see Walker [0035]). Information about relay devices are looked up in a database (see Walker [0039]) and information stored in a database is used to plan an appropriate path (see Walker [0040]). “…the reconfigurable relay device can obtain direct information about its location and/or orientation, which may be signaled to a database, or (directly/indirectly) to a controlling access device that can use it for path planning.” (see Walker [0047]) and the database includes device metadata and may be included as part of a core network function (see Walker [0091]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig and Walker to further describe the types of databases used in a cellular network. Including Walker’s teachings would reduce costs (see Walker [0029]), provide rapid calculation of a RF communication signal path (see Walker [0033]), improve quality of a 5G-based wireless communication path (see Walker [0027]), and also provide multiple independent communication paths to the UE to avoid interference (see Walker [0034]).
Regarding claim 13, the claim contains the limitations, substantially as claimed, as described in claim 2 above. Krig-Walker disclosed, as recited in claim 13: The system of claim 12, wherein a node of the various nodes comprises any one of: a service, a device, or an application (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…” | [0030]: “…For example, a request to open a network socket to a remote server may include within it a field specifying one or more of a whitelist, blacklist, and preference list for the routing of the connection 130, such that each intermediate step in the routing of the connection 130 is expected to adhere to the whitelist, blacklist, and/or preference list. In various embodiments, the user client may be operative to verify the obedience of the intermediate routing entities to the lists, such as through a query, or an encrypted query, to the intermediate routing entities to confirm their identity, existence on the whitelist, or lack of existence on the blacklist…”).
Regarding claim 14, the claim contains the limitations, substantially as claimed, as described in claim 3 above. Krig-Walker disclosed, as recited in claim 14: The system of claim 12, wherein the operations further comprise:
determining that a category of one or more categories of metadata information is associated with an action for the category (see Krig [0020]: “The connection management applications 110 may comprise a traffic analysis component 124. The traffic analysis component 124 may be generally arranged to determine one or more characteristics of the routing of the connection. These characteristics may comprise information about the connection source 140 or any of the one or more entities through which the connection 130 is routed. These characteristics may comprise a name, country, street address, Internet Protocol (IP) address, service provider, domain name, physical location, GPS coordinates, a type of traffic (e.g. text, binary, encrypted, video, images), a quantity of traffic, and a duration of the connection. In various embodiments, the traffic analysis component 124 may be operative to perform a unified analysis of a plurality of connections wherein each of the plurality of connections is associated with a particular client network application or network task, such as a web browser or the loading of a web page…”; [0023]: “The connection management application 100 may comprise a network control component 128. The network control component 128 may be arranged to determine whether to block the connection 130 based on the one or more determined characteristics. Any of the determined characteristics may be used as the basis of a decision to block or not to block. The user of the connection management application 110 may be operative to specify one or more rules which indicate that a connection 130 should be blocked if the one or more determined characteristics conform to the settings of the rule. For example, one or more rules may specify that a connection 130 is to be blocked if any of the physical locations that may comprise the one or more determined characteristics corresponds to a set of blacklisted physical locations…” | [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”), wherein the action comprises any one of encrypting data associated with the category, masking data associated with the category, protecting data associated with the category, formatting data associated with the category, or labeling the category (see Krig [0026]: “…In some embodiments, connections to the server or servers corresponding to a uniform resource locator (URL) of the web page may be automatically allowed as being the direct result of a user action, while any connections 130 to other servers are considered according to the rules of the network control component 128. In some embodiments, these rules may be conditional on the type of data being transmitted over the connections 130 or the purpose of the connections 130. For example, a connection 130 to a server hosting textual, image, video, or other media or multimedia content may be allowed unless the connection 130 has determined characteristics corresponding to a specific rule to block (such as a connection to or through a blacklisted country) while a connection 130 to a server acting as a tracking server—which attempts to track the behavior of individual computer users across multiple web pages or web sites—may be blocked, or the user may be asked whether to block, unless the tracking server or tracking servers appear on a whitelist of allowed tracking servers.” | [0033]: “In some embodiments, a standardized icon may be used to communicate that a verified connection path (VCP) has been established for a connection. This may comprise a particular image or may comprise a standardized piece of text, such as “HTTP-VCP://” as a counterpart to the traditional “HTTPS://” indicating a secure connection, where HTTP refers to a “hypertext transfer protocol” and HTTPS refers to a “HTTP secure protocol.” A user client may be operative to display the VCP icon when a connection with verified routing has been established according to the embodiments contained herein, and to not display the VCP icon when no such verified connection has been established…” | [0071]: “In another example, the apparatus may additionally or alternatively comprise where determining the one or more characteristics comprises performing an encrypted exchange with a plurality of routing points of the routing of the connection, the encrypted exchanges comprising public-key based verification of identifying information of the plurality of routing points, determining whether to block the connection comprising blocking the connection when any of the routing points are not securely verified.”); and
responsive to determining that the category is associated with an action for the category, performing the action (see Krig [0020]: “…The traffic analysis component 124 may be generally arranged to determine one or more characteristics of the routing of the connection...These characteristics may comprise a name, country, street address, Internet Protocol (IP) address, service provider, domain name, physical location, GPS coordinates, a type of traffic (e.g. text, binary, encrypted, video, images), a quantity of traffic, and a duration of the connection…”; [0023]: “The connection management application 100 may comprise a network control component 128. The network control component 128 may be arranged to determine whether to block the connection 130 based on the one or more determined characteristics…” | [0026]: “…In some embodiments, connections to the server or servers corresponding to a uniform resource locator (URL) of the web page may be automatically allowed as being the direct result of a user action, while any connections 130 to other servers are considered according to the rules of the network control component 128. In some embodiments, these rules may be conditional on the type of data being transmitted over the connections 130 or the purpose of the connections 130. For example, a connection 130 to a server hosting textual, image, video, or other media or multimedia content may be allowed unless the connection 130 has determined characteristics corresponding to a specific rule to block (such as a connection to or through a blacklisted country) while a connection 130 to a server acting as a tracking server—which attempts to track the behavior of individual computer users across multiple web pages or web sites—may be blocked, or the user may be asked whether to block, unless the tracking server or tracking servers appear on a whitelist of allowed tracking servers.” | [0033]: “In some embodiments, a standardized icon may be used to communicate that a verified connection path (VCP) has been established for a connection. This may comprise a particular image or may comprise a standardized piece of text, such as “HTTP-VCP://” as a counterpart to the traditional “HTTPS://” indicating a secure connection, where HTTP refers to a “hypertext transfer protocol” and HTTPS refers to a “HTTP secure protocol.” A user client may be operative to display the VCP icon when a connection with verified routing has been established according to the embodiments contained herein, and to not display the VCP icon when no such verified connection has been established…” | [0071]: “In another example, the apparatus may additionally or alternatively comprise where determining the one or more characteristics comprises performing an encrypted exchange with a plurality of routing points of the routing of the connection, the encrypted exchanges comprising public-key based verification of identifying information of the plurality of routing points, determining whether to block the connection comprising blocking the connection when any of the routing points are not securely verified.”).
Regarding claim 19, the claim contains the limitations, substantially as claimed, as described in claim 8 above. Krig-Walker disclosed, as recited in claim 19: The system of claim 12, wherein the operations further comprise:
receiving metadata information indicative of a route of a second data packet (see Krig [0020]: “…In various embodiments, the traffic analysis component 124 may be operative to perform a unified analysis of a plurality of connections wherein each of the plurality of connections is associated with a particular client network application or network task, such as a web browser or the loading of a web page…” | [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130. In some embodiments, this query may be avoided if the determined characteristics of an incoming connection 130 match one or more whitelist rules which specify that connections matching those rules should be automatically allowed. In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”; [0025]: “…Alternatively or additionally, a user may be presented with a graphical rendering of a multi-hop map of the physical locations through which a connection 130 is routed…”) through the cellular network (see Krig [0068]: communications network is a cellular network);
determining that the unified database does not include a corresponding metadata record for the second data packet (see Krig [0024]: “In various embodiments, the network control component 128 may be operative to present a user of the connection management application 110 with a user interface view containing a query that an incoming connection 130 has been received and that the user may decide to either allow or block the connection 130…In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”, i.e. potential connection for the packet is not included in a list | [0030]: “…In some embodiments, intermediate routing entities may be operative to query the user client to determine whether an entity (such as a country, region, server, network, server operator, or network operator) which is not on any of the whitelist, blacklist, or preference list is allowed…It will be appreciated that any of the enclosed embodiments may be used at the instantiation of a connection, at the reception of an incoming connection, at the creation of an outgoing connection, or an existing connection.”); and
responsive to determining that the unified database does not include a corresponding metadata record for the second data packet, generating a second metadata record representing the second data packet in the unified database (see Krig [0024]: “… In this manner, a user may be able to specify that certain characteristics (such as physical locations) result in a connection 130 being blocked, that certain characteristics result in a connection 130 being automatically allowed, and that any other connection 130 results in the user being queried to determine whether the connection 130 should be allowed or blocked…”, i.e. user specifies whether or not a connection is to be included in a list (generating a record).).
Regarding claim 20, the claim contains the limitations, substantially as claimed, as described in claim 9 above. Krig-Walker disclosed, as recited in claim 20: The system of claim 12, wherein the unified database is any one or more of: a relational database or a graph database (see Krig Fig. 4, [0046]: shared database architecture; examiner notes that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that the format and structure of the database, e.g., relational vs graph, are matters of implementation choice).
Claims 4-7 and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Krig-Walker as applied to claims 1 and 12 above, and further in view of Roure Vila et al. (U.S. Patent Publication 2025/0007817), hereinafter referred to as “Roure”.
Regarding claim 4, Krig-Walker disclosed the invention, substantially as claimed, as described in the method of claim 1, but did not explicitly disclose “wherein the metadata information indicative of the route of the data packet through the various nodes comprises one or more tags corresponding to the one or more of the various nodes”. Examiner notes that it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention that tags are commonly used to classify different types of data. However in a related art, Roure disclosed “Different jurisdictions have different legislation that governs data sovereignty, limits energy consumption of data centers, and provides for sustainability. For example, the European Union (EU) Action Plan for Sustainable Finance will introduce an environmental labeling scheme for data centers to ensure that data centers are energy efficient and sustainable...” (see Roure [0009]). “In some situations, some of the above regulations or other regulations may apply to a device that is in a specific jurisdiction, was in a specific jurisdiction, or will be in a specific jurisdiction. In other situations, the regulations may apply to network traffic traveling through specific jurisdictions or a jurisdiction of virtual applications being run by a device. In some cases, different regulations may apply to a device based on a location of the device or where traffic associated with the device is being transmitted…” (see Roure [0014]). “…Embodiments described herein provide for a “visa” or a “data passport visa” that outlines a set of rules or constraints for regulating devices or network traffic associated with devices to guarantee adherence to jurisdiction-specific legislation policies based on data sovereignty, energy efficiency, energy sources, sustainability, and other factors” (see Roure [0015]). “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110. For example, code 120 may be scanned to determine visa and/or DPP information associated with the device. The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state” (see Roure [0018]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig-Walker and Roure to further clarify the information used when determining routes through a network. Including Roure’s teachings would ensure compliance with jurisdiction-specific legislation policies when regulating network traffic and routes (see Roure [0021]).
Regarding claim 5, Krig-Walker-Roure disclosed the method of claim 4, wherein the one or more tags comprise any one of: a regulatory tag, a privacy tag, a timestamp tag, or a safety tag (see Roure [0018]: “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110...The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig-Walker and Roure to further clarify the information used when determining routes through a network. Including Roure’s teachings would ensure compliance with jurisdiction-specific legislation policies when regulating network traffic (see Roure [0021]).
Regarding claim 6, Krig-Walker-Roure disclosed the method of claim 4, wherein the one or more tags are consumer-defined (see Krig [0025]: “…In some embodiments, the user may be able to specify which characteristics of the one or more characteristics they wish to be presented with when queried as to whether a connection 130 should be blocked...”; examiner notes that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that using user-defined tags is a matter of implementation choice).
Regarding claim 7, Krig-Walker-Roure disclosed the method of claim 4, wherein the query comprises a compliance-related query (see Roure [0018]: “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110...The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state”), and providing the metadata information comprises:
filtering metadata records of the unified database (see Krig [0025]: “…In some embodiments, the user may be able to specify which characteristics of the one or more characteristics they wish to be presented with when queried as to whether a connection 130 should be blocked...”) by the one or more tags associated with the compliance-related query (see Roure [0018]: “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110...The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state” | [0021]: “Each of locations A, B, C, D, and E may be associated with different legislation policies based on data sovereignty, energy efficiency, sustainability, and other factors. Different legislation policies may need to be enforced for the device or the network traffic based on the locations of the device, the virtual applications, and the network traffic associated with the device. According to embodiments described herein, device 110 may be associated with a digital product visa that uses information associated with the device 110 and policies/legislations associated with different jurisdictions to guarantee the jurisdiction-specific legislation policies are enforced. For example, a jurisdiction at location A might have policies indicating that network traffic can traverse a jurisdiction at location C, but cannot traverse a jurisdiction at location F. Therefore, when device 110 is at location A, the digital product visa associated with device 110 indicates that network traffic associated with device 110 cannot go through devices at location F. Therefore, as illustrated in FIG. 1, network traffic associated with device 110 may be transmitted to location E through a device at location C and not through a device at location F.”); and
providing information associated with the route of one or more data packets associated with metadata records corresponding to the one or more tags (see Krig [0025]: “…In some embodiments, the user may be able to specify which characteristics of the one or more characteristics they wish to be presented with when queried as to whether a connection 130 should be blocked.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig-Walker and Roure to further clarify the information used when determining routes through a network. Including Roure’s teachings would ensure compliance with jurisdiction-specific legislation policies when regulating network traffic (see Roure [0021]).
Regarding claim 15, the claim contains the limitations, substantially as claimed, as described in claim 4 above. As recited in claim 15: Krig-Walker disclosed the invention, substantially as claimed, as described in the system of claim 12, but did not explicitly disclose “wherein the metadata information indicative of the route of the data packet through the various nodes comprises one or more tags corresponding to the one or more of the various nodes”. Examiner notes that it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention that tags are commonly used to classify different types of data. However in a related art, Roure disclosed “Different jurisdictions have different legislation that governs data sovereignty, limits energy consumption of data centers, and provides for sustainability. For example, the European Union (EU) Action Plan for Sustainable Finance will introduce an environmental labeling scheme for data centers to ensure that data centers are energy efficient and sustainable...” (see Roure [0009]). “In some situations, some of the above regulations or other regulations may apply to a device that is in a specific jurisdiction, was in a specific jurisdiction, or will be in a specific jurisdiction. In other situations, the regulations may apply to network traffic traveling through specific jurisdictions or a jurisdiction of virtual applications being run by a device. In some cases, different regulations may apply to a device based on a location of the device or where traffic associated with the device is being transmitted…” (see Roure [0014]). “…Embodiments described herein provide for a “visa” or a “data passport visa” that outlines a set of rules or constraints for regulating devices or network traffic associated with devices to guarantee adherence to jurisdiction-specific legislation policies based on data sovereignty, energy efficiency, energy sources, sustainability, and other factors” (see Roure [0015]). “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110. For example, code 120 may be scanned to determine visa and/or DPP information associated with the device. The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state” (see Roure [0018]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig-Walker and Roure to further clarify the information used when determining routes through a network. Including Roure’s teachings would ensure compliance with jurisdiction-specific legislation policies when regulating network traffic and routes (see Roure [0021]).
Regarding claim 16, the claim contains the limitations, substantially as claimed, as described in claim 5 above. Krig-Walker-Roure disclosed, as recited in claim 16: The system of claim 15, wherein the one or more tags comprise any one of: a regulatory tag, a privacy tag, a timestamp tag, or a safety tag (see Roure [0018]: “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110...The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig-Walker and Roure to further clarify the information used when determining routes through a network. Including Roure’s teachings would ensure compliance with jurisdiction-specific legislation policies when regulating network traffic (see Roure [0021]).
Regarding claim 17, the claim contains the limitations, substantially as claimed, as described in claim 6 above. Krig-Walker-Roure disclosed, as recited in claim 17: The system of claim 15, wherein the one or more tags are consumer-defined (see Krig [0025]: “…In some embodiments, the user may be able to specify which characteristics of the one or more characteristics they wish to be presented with when queried as to whether a connection 130 should be blocked...”; examiner notes that it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that using user-defined tags is a matter of implementation choice).
Regarding claim 18, the claim contains the limitations, substantially as claimed, as described in claim 7 above. Krig-Walker-Roure disclosed, as recited in claim 18: The system of claim 15, wherein the query comprises a compliance-related query (see Roure [0018]: “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110...The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state”), and providing the metadata information comprises:
filtering metadata records of the unified database (see Krig [0025]: “…In some embodiments, the user may be able to specify which characteristics of the one or more characteristics they wish to be presented with when queried as to whether a connection 130 should be blocked...”) by the one or more tags associated with the compliance-related query (see Roure [0018]: “FIG. 1 shows a device 110, such as a networking device, router, etc., and a code 120 associated, affixed, embedded, or integrated with the device 110, and which is transported geographically along with the device 110, according to an example embodiment. The code 120 may be, for example, a Quick Response (QR) code, a Uniform Resource Locator (URL) or another type of code that, when scanned, links to information associated with the device 110...The information linked to by the code 120 may dynamically change. For example, the information may change based on a location of the device 110, based on updated regulations for different jurisdictions, etc. Device 110 may additionally and optionally include tag 130. Tag 130 may operate to geographically track device 110 as device 110 is transported in an unpowered state” | [0021]: “Each of locations A, B, C, D, and E may be associated with different legislation policies based on data sovereignty, energy efficiency, sustainability, and other factors. Different legislation policies may need to be enforced for the device or the network traffic based on the locations of the device, the virtual applications, and the network traffic associated with the device. According to embodiments described herein, device 110 may be associated with a digital product visa that uses information associated with the device 110 and policies/legislations associated with different jurisdictions to guarantee the jurisdiction-specific legislation policies are enforced. For example, a jurisdiction at location A might have policies indicating that network traffic can traverse a jurisdiction at location C, but cannot traverse a jurisdiction at location F. Therefore, when device 110 is at location A, the digital product visa associated with device 110 indicates that network traffic associated with device 110 cannot go through devices at location F. Therefore, as illustrated in FIG. 1, network traffic associated with device 110 may be transmitted to location E through a device at location C and not through a device at location F.”); and
providing information associated with the route of one or more data packets associated with metadata records corresponding to the one or more tags (see Krig [0025]: “…In some embodiments, the user may be able to specify which characteristics of the one or more characteristics they wish to be presented with when queried as to whether a connection 130 should be blocked.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Krig-Walker and Roure to further clarify the information used when determining routes through a network. Including Roure’s teachings would ensure compliance with jurisdiction-specific legislation policies when regulating network traffic (see Roure [0021]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Angela Widhalm de Rodriguez whose telephone number is (571)272-1035. The examiner can normally be reached M-F: 6am-2:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nicholas Taylor can be reached at (571)272-3889. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ANGELA WIDHALM DE RODRIGUEZ/Examiner, Art Unit 2443
Prosecution Insights