Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 18/567,386 is presented for examination by the examiner. Claims 12-14 are amended. Claims 1-20 are pending.
Response to Amendment
Claim Rejections - 35 USC § 112
Rejection under this statute have been overcome by amendment.
Response to Arguments
Applicant's arguments filed 10/6/25 have been fully considered but they are not persuasive. Applicant argues that Song does not explicitly teach generating deviation values using a RNG and adding the deviation values to the data values of the data stream. Examiner respectfully disagrees. Song clearly writes data to the image file by adding random cryptographic noise to the lower-order bits in the image. The addition of the noise is even checked before sending the file (col. 7, lines 23-27). Applicant characterizes this process as removing data. While the process does involve overwriting potentially harmful data, it is performed by adding data to the file. The claim does not require more than what is taught in the prior art.
In the argument on page 8, Applicant is quoting a process taught by Song that was not relied upon to teach the claimed features. Particularly the process of adding random noise to the lower-bits is cited to show the generating and adding of deviation values to the data stream. It is unclear why Applicant chose to cite passages pertaining to URLs to argue against the supplied citations.
On page 9, Applicant purports efficiencies of the invention but they appear to be generalization rather than direct comparisons to the recited portion of Song. Applicant does not ever address the Examiner’s citation and more importantly, the actual teaching by Song at column 7, lines 23-27. In view of the foregoing, respectfully, the rejection must be maintained.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by USP 9,391,832 to Song et al., hereinafter Song.
As per claims 1 and 11, Song teaches a method for protecting a computer structure [network] having at least one computer unit against malware or unauthorized data transmission (col. 9, lines 23-225), comprising:
connecting the computer structure [network] via a data link to an isolation structure [client 104] which has at least one processor and a main memory (col. 9, lines 23-27);
sending or receiving at least one data stream [web traffic to show the webpages] which contains a sequence of data values to or from the computer structure (col. 7, lines 7-15) ;
at least one data variation unit generating deviation values using a random generator (col. 7, lines 23-27); and
adding the deviation values to data values of the data stream, the data values representing at least one of the following content types: image data; digital audio signals; or position data for a pointer (col. 7, lines 27-35).
As per claim 15, it is rejected for the same reasons as claims 1 and 11.
As per claim 2, Song teaches wherein the data values additionally represent outbound data streams which are sent by malware present in the computer structure (col. 3, line 66-col. 4, line 3).
As per claim 3, Song teaches wherein the isolation structure communicates via an interface with a potentially insecure data source [Internet; col. 9, lines 22-23].
As per claim 4, Song teaches the data stream is transmitted as a sequence of data packets which have a header and a payload [web traffic inherently has packets comprising a header and a payload; see for example the IP packet header], the header being used to determine ones of the data values for which addition of the deviation values is admissible [the header of webpage traffic indicates the source IP address. Song uses the whitelist of the sites to determine if to transcoding of the website is needed or not; col. 3, lines 40-45].
As per claims 5 and 12, Song teaches the addition of the deviation values to the payload is inadmissible if the content is distorted [payload where the actual webpage is contained is not modified if it appears on the whitelist; col. 3, lines 40-45] or a desired function is not triggered in response to any variations in the payload
As per claim 6, Song teaches wherein addition of the deviation values is deactivated for certain data streams [not used on whitelisted sites; col. 3, lines 40-50]
As per claims 7 and 13, Song teaches wherein the data stream is transcoded before transmission to the computer structure via the data link [before data is sent from 106 to 102 (or 406 and 402 as shown in Fig. 4), the data is transcoded; col. 7, 14-19]
As per claim 8, Song teaches wherein the computer structure is a network which interconnects one or more of the following computer units for data exchange: physical servers; virtual servers; cloud interfaces; PCs; laptops; vtablet computer; smartphones; and/or processors of smart objects (Fig. 1 and col. 2, lines 21-27).
As per claim 9, Song teaches the isolation structure is at least one of the following: a computer, any other data processing device having a powerful CPU and necessary interfaces, a virtualized computer, a virtualized server (Fig. 1 and col. 2, lines 21-27).
As per claim 10, Song teaches wherein a protocol filter checks the admissibility of the communication protocol for transmission of the data stream between the isolation structure and the computer structure (col. 7, line 41-67).
As per claim 14, Song teaches the executable code is executed on at least one of the following processors: a processor of the insulation structure; a processor of a data variation unit, which is provided as a separate hardware component for generating and imprinting the deviation values; and/or a processor of the computer (col. 2, line 62-col. 3, line 7).
As per claim 16, Song teaches the data variation unit is a separate hardware component (col. 2, line 62-col. 3, line 7).
As per claim 17, Song teaches the data variation unit is a software component which is executed on a processor of the isolation structure [transcoder 410 is a process executed on a processor; col. 1, lines 56-59].
As per claim 18, Song teaches the data variation unit is a software component which is executed on a processor of at least one computer unit or a server within the computer structure [transcoder 410 is a process executed on a processor; col. 1, lines 56-59].
As per claim 19, Song teaches the potentially insecure data source is the Internet (col. 9, lines 22-23).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Song.
As per claim 20, Song is silent in explicitly teaching the certain data streams include data files or programs or encrypted data. Song does however teach two elements which when paired together lead to the obvious outcome as described in the claim. First, Song teaches that the user may whitelist any trusted site such that the transcoding does not occur (cited above). Second, Song explicitly teaches data files such as Word and PDF document can be transcoded if they are linked by the website (col. 11, lines 45-57). Knowing that the system can transcode data files from websites and that the user can whitelist sites not needing transcoding, logically, if a website that contains a data file is on the whitelist it would not be transcoded. Thus, that certain data on those certain data stream would be deactivated. This conclusion is precisely what is claimed. There would be no reason to apply the data file processing if the site that it appears on is whitelisted. That processing would be wasted overhead. One of ordinary skill in the art would be motivated to not waste overhead processing for trusted sites. The claim is obvious because one of ordinary skill in the art before the effective filing date would have been motivated to combine these two elements to achieve the claimed invention and there would have been a reasonable expectation of success.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431