DETAILED ACTION
Response to Amendment
Claims 1-3, 7-12, 15-17 and 20 are pending.
Response to Arguments
Applicant’s arguments filed 01/21/2026 have been fully considered.
Regarding the rejection of claim 1 under 35 U.S.C. 102(a)(2) as being anticipated by Zimmermann et al. (US20200137097A1), Applicant's amendments have necessitated new grounds of rejection, rendering at least some of the arguments moot. Claim 1 is now rejected under 35 U.S.C. 102(a)(2) as being unpatentable over Zimmermann in view of Jones-McFadden et al. (US20170195366A1). Although some or all of these new grounds of rejection rely on previously-cited references, the references have been applied in new and different combinations. To the extent that the arguments remain relevant to the new grounds of rejection, they have been considered but are not persuasive. The Examiner will address those arguments that remain relevant to the new grounds of rejection below.
Applicant argues on page 8 that Zimmerman fails to teach or suggest:
(1) tracking device data over a time period;
(2) determining application context based on analysis of tracked device data including network identifiers; and
(3) automatically modifying network accessibility and device operation in response to an application access request.
Applicant’s arguments are not persuasive. Zimmermann and Jones-McFadden discloses:
(1) “tracking device data over a time period”: Zimmermann shows in para [0620] behavioral analysis, such as based on user activities over a given time period.
(2) “the tracked device data including a device identifier (ID) and a service set identifier (SSID) for a network”: Zimmermann shows in para [0159] information about device identifiers. Jones-McFadden shows in para [0050] monitoring an electronic activity associated with the user typically includes identifying the local network to which the computing device of the user performing a particular activity is connected such as the service set identifier (SSID) of a wireless local area network (WLAN); and
(3) “automatically providing modified controls to how the application and application features can operate on the network”: Zimmermann shows in para [0045] a cloud security fabric interacting with applications on enterprise networks, as well as reporting on activities via APIs; para [0262] shows user management activities such as create, modify, delete, suspend user or group, add/remove user from group and change user role. Application authorization may include authorize, revoke. and other activity data by app; para [0267] shows if suspect activity is not verified as legitimate, the response may be escalated by requiring step up authentication, session termination, suspending offending user accounts and possibly suspending accounts of that user; para [0379] shows policies are managed (added, modified and deleted) through the API of the policy endpoint 1704.
Therefore, Zimmermann in view Jones-McFadden discloses the features above of claim 1.
As to any argument not specifically addressed, they are the same as those discussed above.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 102(a)(2) as being unpatentable over Zimmermann et al. (US20200137097A1) in view of Jones-McFadden et al. (US20170195366A1).
Regarding claim 1, Zimmermann discloses a method comprising (para [0492] shows the information collected about application usage can be used to identify anomalies in the context of a single application):
monitoring, by a device, real-world [ongoing/real-time] and digital activities [access requests] by tracking device data for a time period (para [0145] shows user activities during defined time periods; para [0283] shows an unusual activity use case may include a baseline time window of at least three months of data and a detection timeline that may be an ongoing/ real-time activity trace; para [0515] shows the number of access requests involved in usage of each application; para [0620] behavioral analysis, such as based on user activities over a given time period; para [0630] shows the anomaly detection engine 6550 may digest and analyze large amounts of data in near real time);
analyzing, by the device, the tracked device data, the tracked device data including a device identifier (ID) (para [0159] shows device identifiers);
determining, by the device, based on the analysis of the tracked device data, a context [activity at night from distant locations] of the request, the context corresponding to a time and location of application usage and a type of the application [downloading of documents] (para [0012] shows threat management including contextual analysis; user behavior analysis (e.g., for identifying suspicious logins from geographies); para [0115] shows a particular type of application; para [0132] shows behavioral indicators of potential account compromise may include activity at night and on weekends from distant locations; para [0133] shows behavioral indicators of data exfiltration may include excessive downloads in a session; para [0145] shows a whitelist policy to allow user activities during defined time periods or at defined locations; para [0225] shows behavioral patterns may include the frequent downloading of documents; para [0620] shows anomaly thresholds may be detected as indicated by locations of access over a given time period);
analyzing, by the device, the context [activity at night from distant locations] based on a pattern of activity for the user, the pattern of activity comprising information related to learned usage of the application (para [0012] shows user behavior analysis for identifying access patterns; para [0132] shows behavioral indicators of potential account compromise may include activity at night and on weekends from distant locations; para [0194] shows behavioral patterns that may be a user accessing an abnormally large number of files in a short time when the user is logging in at night; para [0623] shows the machine learning engine 6510 may provide advanced analysis that adaptively learns patterns in user behavior);
determining, by the device, based on the analysis of the context [activity at night from distant locations], a mechanism for managing the application [step up authentication, session termination, etc.] in response to the request (para [0132] shows behavioral indicators of potential account compromise may include activity at night and on weekends from distant locations; para [0267] shows if suspect activity is not verified as legitimate, the response may be escalated by requiring step up authentication, session termination, suspending offending user accounts and possibly suspending accounts of that user; para [0520] shows the access risk (i.e., the level of access the application requests, such as “full data access” versus access to limited data or no data)); and
causing the device to respond to the access request by executing the mechanism, the mechanism automatically providing modified controls to how the application and application features can operate on the network (para [0045] shows a cloud security fabric interacting with applications on enterprise networks, as well as reporting on activities via APIs; para [0262] shows user management activities such as create, modify, delete, suspend user or group, add/remove user from group and change user role. Application authorization may include authorize, revoke. and other activity data by app; para [0267] shows if suspect activity is not verified as legitimate, the response may be escalated by requiring step up authentication, session termination, suspending offending user accounts and possibly suspending accounts of that user; para [0379] shows policies are managed (added, modified and deleted) through the API of the policy endpoint 1704),
the modified controls corresponding to how the network is accessible by the device and application and how the device function in response to application instructions (para [0141] shows response actions may include reset password and disable user; para [0264] shows a blacklist or a whitelist; para [0475] shows platform criteria may be used to apply a platform-based restriction to a policy; para [0520] shows the various types of information that may be available from the application index 2912, such as the access risk (i.e., the level of access the application requests, such as “full data access” versus access to limited data or no data).)
Zimmermann fails to teach the tracked device data including a service set identifier (SSID) for a network.
However, Jones-McFadden discloses the tracked device data including a service set identifier (SSID) for a network (para [0003] shows the system includes a security protocol module for monitoring electronic activities associated with a user; para [0050] shows monitoring an electronic activity associated with the user typically includes identifying the local network to which the computing device of the user performing a particular activity is connected such as the service set identifier (SSID) of a wireless local area network (WLAN).)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Zimmermann with the teaching of Jones-McFadden in order to monitor an electronic activity associated with the user typically by identifying the local network to which the computing device of the user performing a particular activity is connected such as the service set identifier (SSID) of a wireless local area network (WLAN) (Jones-McFadden; para [0050]).
Regarding claim 2, Zimmermann and Jones-McFadden as applied to claim 1 discloses the mechanism corresponds to at least one of a function preventing usage of the application, modifying application usage and allowing read/write access to the application (Zimmermann; para [0141] shows response actions may include reset password and disable user; para [0264] shows a blacklist or a whitelist; para [0293] shows an objective is to provide an application index 2912; para [0141] shows response actions may include reset password and disable user; para [0264] shows a blacklist or a whitelist; para [0520] shows the various types of information that may be available from the application index 2912, such as the access risk (i.e., the level of access the application requests, such as “full data access” versus access to limited data or no data)).
Regarding claim 3, Zimmermann and Jones-McFadden as applied to claim 1 discloses the mechanism corresponds to at least one of a time and location for which the context is permitted (Zimmermann; para [0132] shows behavioral indicators of potential account compromise may include activity at night and on weekends from distant locations; para [0145] shows a whitelist policy to allow user activities during defined time periods or at defined locations; para [0620] shows anomaly thresholds may be detected as indicated by locations of access over a given time period).
Regarding claim 7, Zimmermann and Jones-McFadden as applied to claim 1 discloses the context provides an indication of an intent of the user at the time and location for use of the application (Zimmermann; para [0007] shows malicious purposes such as stealing intellectual property (IP); para [0132] shows behavioral indicators of potential account compromise may include activity at night and on weekends from distant locations.)
Regarding claim 8, Zimmermann and Jones-McFadden as applied to claim 1 discloses:
identifying a set of applications associated with the user (Zimmermann; para [0492] shows to use of a particular application, a class of applications, or applications in general);
collecting data from each of the set of applications (Zimmermann; para [0486] shows logs 2720 as it collects data);
analyzing, via an application, the collected data (Zimmermann; para [0623] shows the machine learning engine 6510 may provide advanced analysis that adaptively learns, such as learning patterns in user behavior);
determining, via the application, a set of patterns of activity for the user (Zimmermann; para [0194] shows behavioral patterns that may be abnormal related to a baseline. An example may be a user accessing an abnormally large number of files in a short time when the user is logging in at night); and
storing, in a database, the set of patterns of activity, wherein the pattern of activity is identified from the stored determined pattern of activity (Zimmermann; para [0488] shows log or tracking data may be stored.)
Regarding claim 9, Zimmermann and Jones-McFadden as applied to claim 8 discloses the set of applications corresponds to applications executing on the device of the user for which the user has account information associated therewith (Zimmermann; para [0058] shows accounts, data and applications of an enterprise.)
Regarding claim 10, Zimmermann and Jones-McFadden as applied to claim 1 discloses the device is a user device (Zimmermann; para [0487] shows a home computer, laptop or mobile device.)
Regarding claims 11-12 and 15, claims 11-12 and 15 are directed to a device. Claims 11-12 and 15 require limitations that are similar to those recited in the method claims 1-2 and 7 to carry out the method steps. And since Zimmermann view of Jones-McFadden discloses the method including limitations required to carry out the method steps, therefore claims 11-12 and 15 would have also been unpatentable Zimmermann in view of Jones-McFadden.
Furthermore, Zimmermann in view of Jones-McFadden discloses a device comprising a processor (Zimmermann; para [0663]).
Regarding claims 16-17 and 20, claims 16-17 and 20 are directed to a computer-readable storage. Claims 16-17 and 20 require limitations that are similar to those recited in the device claims 11-12 and 15 to carry out the method steps. And since Zimmermann view of Jones-McFadden discloses the method including limitations required to carry out the method steps, therefore claims 16-17 and 20 would have also been unpatentable Zimmermann and Jones-McFadden combined.
Furthermore, Zimmermann and Jones-McFadden as combined discloses a computer-readable storage (Zimmermann; para [0663]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAN DOAN whose telephone number is (571)270-0162. The examiner can normally be reached Monday - Friday 8am - 5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie, can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TAN DOAN/Primary Examiner, Art Unit 2445