Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-28 are presented for examination.
Claim Objections
Claims objected to because of the following informalities:
In claim 1, in the second limitation “Controller..” should be changed to “configuring…” and all bullet points should be removed.
In claim 15, in the first limitation “Configuring..” should be changed to “controller…” and all bullet points should be removed.
In claims 10 and 23, in the first limitation “Wherein..” should be changed to “wherein …” .
In claim 10, the parentheses “(protective mobile device}” and “.” should be removed.
In claim 24, “wherein Device..” should be changed to “wherein device …” .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Regarding claims 11 and 24, the phrase in claims 11 and 24 “…determine whether… or not…” renders the claim indefinite because it is unclear whether the limitations following the phrase are part of the claimed invention. See MPEP § 2173.05(d). as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-8, 13-22 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Jayawardena et al., US Pub. No.20200162994 in view of Mason et al, US Pub. No. 20170374548.
As to claim 1, Jayawardena discloses a method for securing the data communication of cellular network subscribers using a security service, said method comprising:
associating subscribers listed to the security service with a group configuring the cellular network connectivity to the public PDN with at least one security GW, such that data flow of the subscribers listed to the security service is routed through the at least one security GW (providing different services, such as firewall and security monitoring and closed user groups and further facilitating both load balancing and access to different services offered in different PDNs, see abstract, fig.2A, [0038] to [0039]),
applying plurality of security rules comprising group related rules and individual related rules associated with by at least one the security GW, wherein the security rules are configured for inspecting the data communication and determining if to block or allow the data communication and wherein plurality of the security rules applied in the security GW are implemented in two layers: a first layer which is determined by the individual identity of the subscriber (262 and a second layer which is based on the group (232a or 232b of fig.2A) to which the subscriber is associated (security data can be accessed from both subscribes of the carrier that hosts the CBBN 234 and by subscribers of other carriers, see [0038] to [0040] and [0060]).
Jayawardena does not specifically disclose applying the plurality of security rules relevant for user ID profile and associated group by tracing the rules at each firewall nodes. However, Mason discloses applying the plurality of security rules relevant for user ID profile and associated group by tracing the rules at each firewall nodes (using the assignment system functions to divide wireless devices and/or users into different characteristic-based sections which can be associated with one or more group attributes, such as a VLAN ID, user profile ID (user role) and firewall policy, see [0052] to [0054]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention to implement Mason’s teachings into the computer system of Jayawardena to control user data because it would have authenticated wireless devices instead of synchronizing all network devices to receive all data for authenticating wireless devices for a network (see Mason’s [0053]).
As to claim 2, Jayawardena discloses the group association for subscriber is determined dynamically, based the communication pattern of the subscriber (see [0116]).
As to claim 3, Jayawardena discloses the group association per subscriber is determined a-priory based on the identity of the subscriber or device type specific or device owner specific, usage type (priority ranking, see [0116]).
As to claim 4, Jayawardena discloses the security rules are implemented on virtualized computing entities (containers) in a swarm deployment of firewalls nodes (firewall rules, see [0060]).
As to claim 5, Jayawardena discloses the mobile subscriber address is assigned by the system upon network connection, wherein a routing path through the container swarm (individual and group level) is established upon address assignment (enabling alternate routing capabilities, load balancing, increased load handling, concurrent bi-directional or synchronous communications, see [0054]).
As to claim 6, Jayawardena discloses the security profiles are defined for the subscriber and its group are applied to the firewall nodes along the routing path and applied to data traversing in either direction along that path )use of diversity paths with system can enable alternate routing capabilities and directions, see [0054]).
As to claim 7, Jayawardena discloses the security rules associated with group and/or individual rules for the data protection engines (subscriber/individual and group level) are generated dynamically based on abstract rules including at least one of destination IP geo-fence ,and/or static rules including at least one of list of specific addresses, protocols, time (using a closed-user group type of routing table to restrict access to an IoT server set and to service subscribers, see [0061]).
As to claim 8, Jayawardena discloses the security GW is connected to feeds of threat intelligence providers wherein the data retrieved from the feeds are validated and adapted to the system format, wherein the threat intelligence feed source can be selected on individual and as well as group level (routings and security features can prevent malicious use of the IoT devices as bots for DDoS and other malicious activity, see [0060]).
As to claim 13, Jayawardena discloses re-routing detection and protection is applied, by using a SIM applet functionality for verifying the data path between each protected individual device and the data protection system, wherein the functionality is achieved by establishing an independent network IP connectivity from the SIM applet to the security system (e.g. BIP connectivity), and verifying that this connectivity is handled through the designated security GW (see [0112] to [0114]).
As to claim 14, Jayawardena discloses re-routing detection and protection is applied by detecting absence of communication from the subscriber through the security GW for above a predefined time period (when a timely OCSP response is not receive, see [0064]).
As to claim 15, Jayawardena discloses a system for securing the data communication of cellular network subscribers using a security service, said system comprised of:
controller configured for identifying client profile and associated groups Managing the address assigned to each of the UCD and determines personal/customized rules;
at least one security GW for Configuring the cellular network connectivity to the public PDN with, such that data flow of the subscribers listed to the security service is routed through the at least one security GW (providing different services, such as firewall and security monitoring and closed user groups and further facilitating both load balancing and access to different services offered in different PDNs, see abstract, fig.2A, [0038] to [0039]),
group and personal firewalls for applying plurality of security rules comprising group related rules and individual related rules associated with by at least one the security GW, wherein the security rules are configured for inspecting the data communication and determining if to block or allow the data communication (security data can be accessed from both subscribes of the carrier that hosts the CBBN 234 and by subscribers of other carriers, see [0038] to [0040] and [0060]).
Jayawardena does not specifically disclose plurality of the security rules applied in the security GW are implemented in two layers: a first layer which is determined by the individual identity of the subscriber and a second layer which is based on the group to which the subscriber is associated applying the plurality of security rules relevant for user ID profile and associated group by tracing the rules at each firewall nodes. However, Mason discloses plurality of the security rules applied in the security GW are implemented in two layers: a first layer which is determined by the individual identity of the subscriber and a second layer which is based on the group to which the subscriber is associated applying the plurality of security rules relevant for user ID profile and associated group by tracing the rules at each firewall nodes (using the assignment system functions to divide wireless devices and/or users into different characteristic-based sections which can be associated with one or more group attributes, such as a VLAN ID, user profile ID (user role) and firewall policy, see [0052] to [0054]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention to implement Mason’s teachings into the computer system of Jayawardena to control user data because it would have authenticated wireless devices instead of synchronizing all network devices to receive all data for authenticating wireless devices for a network (see Mason’s [0053]).
Claims 16-22 and 27 are rejected for the same reasons set forth in claims 2-8 and 14 respectively.
Claim(s) 9-12, 23-26 and 28 are rejected under 35 U.S.C. 103 as being unpatentable over Jayawardena et al., US Pub. No.20200162994 in view of Mason et al, US Pub. No. 20170374548 and further in view of Sanghavi et al., US Pub. No.20200007548.
As to claim 9, neither Jayawardena nor Mason discloses the security rules applied at the group layer are bypassed for specific individual rules. However, in a similar network environment, Sanghavi discloses the security rules applied at the group layer are bypassed for specific individual rules (traffic (e.g., HTTP traffic, HTTPS traffic, non-HTTP traffic etc.) that includes a network address and has bypassed the security platform, see [0027]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention to implement Sanghavi’s teachings into the computer system of Jayawardena to control user data because it would have detected malicious traffic in a network and thus prevented the malicious traffic from reaching backend devices (see Sanghavi’s [0015]).
As to claim 10, neither Jayawardena nor Mason discloses a DNS based protection is applied by supplying DNS services to the devices listed to the protection service ("protected mobile devices"), Wherein the usage of the designated DNS is enforced by a rule being part of the security profile defined for that subscriber, such that an attempt to bypass the designated DNS is notified and corrected if such rule exists on the subscriber security profile. However, in a similar network environment, Sanghavi discloses DNS based protection is applied by supplying DNS services to the devices listed to the protection service ("protected mobile devices"), wherein the usage of the designated DNS is enforced by a rule being part of the security profile defined for that subscriber, such that an attempt to bypass the designated DNS is notified and corrected if such rule exists on the subscriber security profile (configuring to detect threats and implement DNS sinkhole functionality, see [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention to implement Sanghavi’s teachings into the computer system of Jayawardena to control user data because it would have detected malicious traffic in a network and thus prevented the malicious traffic from reaching backend devices (see Sanghavi’s [0015]).
As to claim 11, neither Jayawardena nor Mason discloses the system rebuilds a DNS cache individually for the subscriber based on the individual DNS traffic analyzed by the system, wherein device communication is been analyzed passively to determine whether the peer address was resolved through a DNS query or not, wherein the system applies security rules including at least one of pass, alert/notify,
block. However, in a similar network environment, Sanghavi discloses the system rebuilds a DNS cache individually for the subscriber based on the individual DNS traffic analyzed by the system, wherein device communication is been analyzed passively to determine whether the peer address was resolved through a DNS query or not, wherein the system applies security rules including at least one of pass, alert/notify, block (configuring to detect threats and implement DNS sinkhole functionality, see [0018] to [0019]). It would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention to implement Sanghavi’s teachings into the computer system of Jayawardena to control user data because it would have detected malicious traffic in a network and thus prevented the malicious traffic from reaching backend devices (see Sanghavi’s [0015]).
As to claim 12, Jayawardena discloses the DNS queries are escalated to verified service providers by secure (encrypted) protocol and the DNS query response (end to end encryption, see [0034]).
is sanitized by the system.
Claims 23-26 and 28 are rejected for the same reasons set forth in claims 10-13 and 9 respectively.
Conclusion
7. Claims 1-28 are rejected.
8. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Khanh Dinh whose telephone number is (571) 272-3936. The examiner can normally be reached on Monday through Friday from 8:00 A.m. to 5:00 P.m.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Cheema Umar, can be reached on (571) 270-3037. The fax phone number for this group is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Any response to this action should be mailed to:
Commissioner for patents
P O Box 1450
Alexandria, VA 22313-1450
/KHANH Q DINH/Primary Examiner, Art Unit 2458