Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 18/593,216 is presented for examination by the examiner. Claims 1-20 have been examined. This Action is made FINAL.
Response to Arguments
Applicant’s arguments filed on 12/29/2025 have been fully considered but they are not persuasive.
Regarding applicants argument that Reed does not disclose “an agentless scanning system configured to scan a cloud server” because Reed only performs data collection, snapshot capture, and data access, the examiner disagrees. Reed teaches accessing runtime block storage of compute assets, capturing snapshots of compute assets data, and retrieving data via cloud provider APIs without the use of an agent (Reed ¶659-660). Reed further teaches analyzing the compute asset data to determine conditions associated with the compute assets (Reed ¶670-672). Under BRI, “scanning” includes examining or analyzing data associated with a resource to identify characteristic or conditions, and the claim does not require any particular type of scanning. Accordingly, Reed’s agentless access to disk data and subsequent analysis constitutes scanning, and applicant’s argument is therefore not persuasive.
Applicant further states that Reed fails to disclose “scanning using the agentless scanning system, the disks of the new workload” asserting that snapshot capture and data access do not constitute scanning and Reed only discloses scanning the context of an agent. The examiner disagrees, Reed teaches accessing runtime block storage (disks) of computes assets, capturing snapshots, and analyzing such data to determine conditions associated with the compute assets (Reed ¶659-660, 670-672). Reed further teaches that such operations are performed in response to detecting deployment of compute assets in a cloud environment, thereby correspondingly to newly deployed workloads. Accessing disk storage and analyzing that data would involve examining the contents of the disks of the workloads. The claim does not require any specific form of scanning. While Reed does disclose that certain operation such as scanning may be performed by an agent, they also teach agentless techniques for accessing and analyzing compute data via API, snapshots, and runtime block storage. These agentless operations perform the same functional purposes of examining workload data. Accordingly, Reed teaches scanning the disks of the new workload using agentless system, and applicants argument is therefore not persuasive.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the
basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an
application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-20 are rejected under 35 U.S.C. 102 (a)(2) as being anticipated by Reed (US 2022/0360600 A1).
Regarding Claim 1
Reed discloses:
A non-transitory computer readable medium containing instructions that when executed by at least one processor cause the at least one processor to perform operations for dynamic cloud workload protection, the operations comprising:
installing an agentless scanning system, the agentless scanning system being configured to scan a cloud server, the cloud server including a network and a memory (Reed ¶628, 658–660: teaches installing and using an agentless scanning system for cloud workloads, where the system operates via serverless functions and cloud provider APIs (e.g., CloudTrail). The agentless scanner captures snapshots and reads block storage (memory/disks) and configuration metadata (network), consistent with scanning a cloud server including a network and a memory.);
detecting, using a cloud provider application program interface (API), an installation of a new workload in the cloud server, the new workload including disks (Reed ¶628, 659–660, 670: teaches detecting, via cloud provider APIs (e.g., CloudTrail), the installation/deployment of a new workload (compute asset) in a cloud server. Upon detection, the system triggers a snapshot of the workload’s disks (block storage) and related configuration/metadata.);
scanning, using the agentless scanning system, the disks of the new workload (Reed ¶659, 660, 670–672: teaches scanning, via an agentless system, the disks of a new workload by capturing snapshots and performing read-only access to runtime block storage of compute assets when the new workload is deployed. Under BRI, scanning includes examining or analyzing the disk data. Accordingly, Reed’s agentless access to disk data and subsequent analysis constitutes scanning of the disks. ).
installing an agent on the new workload (Reed ¶639–640, 664, 672: teaches installing an agent on a new workload by determining when a compute asset is deployed without an agent, and then performing an agent-based operation including deploying an agent to that workload.);
monitoring, using the agent, the disks, the network, and the memory of the new workload (Reed ¶573, 639–640, 664–665: teaches that once an agent is deployed on a workload, the agent monitors disk activity (file integrity, storage), network activity (via eBPF hooks, traffic attribution), and memory/processes (compliance and anomaly detection).);
generating, using the agent, a notification when an interesting event occurs (Reed ¶664–665: discloses that when the agent detects an interesting event (such as an anomaly), it triggers the generation of a notification/alert using alert generator 158/alert notifier 162);
scanning, using the agentless scanning system, the cloud server (Reed ¶658–660, 670–672: teach rescanning the cloud server via the agentless system,); and
generating at least one command to perform one or more of a remediation and a policy update (Reed ¶567, 665–666: discloses generating commands for remediation (fix vulnerabilities, redeploy agents, change configs) and policy updates (SaC).).
Regarding Claim 2
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the installation of the agent on the new workload is performed by an automation or an end user (Reed ¶639–640, 664–665: Teaches that installation of the agent on the workload may be performed directly by an end user, such as a system administrator acting on a notification to deploy the agent, or alternatively by automation tools within the data platform that automatically deploy the agent when a workload without one is detected.).
Regarding Claim 3
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the monitoring includes analyzing read/write actions (Reed ¶613–615, 617–619, 665: teaches that monitoring includes analyzing read/write actions, since it discloses monitoring log files, authentication system interactions, supply chain attack behaviors, and threats such as malware and cryptominers, all of which require analyzing file and disk read/write activity.).
Regarding Claim 4
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the interesting event is one or more of a malware written to the disk, a malicious process, and an entity that is trying to exfiltrate sensitive data (Reed ¶665, 683, 687: teaches that “interesting events” include malware detected on disk (via anti-malware/file integrity monitoring), malicious processes (via anomaly and code/process monitoring), and entities attempting to exfiltrate sensitive data (via impact analysis graphs and access privilege alerts).).
Regarding Claim 5
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the scanning of the cloud server is triggered by the generated notification (Reed ¶664–665, 659–660, 670–671: teaches that notifications (e.g., alerts of anomalies) may trigger a snapshot of compute assets which constitutes an agentless scan of the cloud server. Thus, it anticipates the limitation that scanning of the cloud server may be triggered by a generated notification.).
Regarding Claim 6
Reed discloses:
The non-transitory computer readable medium of claim 1, wherein the remediation includes a remediation of new security issues (Reed ¶620 and 623: teaches that remediation operations include remediating new security issues, such as providing remediation guidance after exploits, and managing the installation of security patches in response to newly discovered vulnerabilities.).
Regarding Claim 7
Reed discloses:
The non-transitory computer readable of claim 1, wherein the policy update includes a policy update that prevents future security issues (Reed ¶567–568, 571–572: teaches that policy updates may include updates intended to prevent future security issues, such as automatically enforcing encryption of sensitive data (PII/PHI) at storage time, rejecting code that violates defined security standards, and implementing zero trust enforcement policies to block potential vulnerabilities before they arise..).
Regarding Claim 8
Claim 8 is directed to a method corresponding to the computer readable instruction in claim 1. Claim 8 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 9
Claim 9 is directed to a method corresponding to the computer readable instruction in claim 2. Claim 9 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 10
Claim 10 is directed to a method corresponding to the computer readable instruction in claim 3. Claim 10 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 11
Claim 11 is directed to a method corresponding to the computer readable instruction in claim 4. Claim 11 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 12
Claim 12 is directed to a method corresponding to the computer readable instruction in claim 5. Claim 12 is similar in scope to claim 5 and is therefore rejected under similar rationale.
Regarding Claim 13
Claim 13 is directed to a method corresponding to the computer readable instruction in claim 6. Claim 13 is similar in scope to claim 6 and is therefore rejected under similar rationale.
Regarding Claim 14
Claim 14 is directed to a method corresponding to the computer readable instruction in claim 7. Claim 14 is similar in scope to claim 7 and is therefore rejected under similar rationale.
Regarding Claim 15
Claim 15 is directed to a system corresponding to the computer readable instruction in claim 1. Claim 15 is similar in scope to claim 1 and is therefore rejected under similar rationale.
Regarding Claim 16
Claim 16 is directed to a system corresponding to the computer readable instruction in claim 2. Claim 16 is similar in scope to claim 2 and is therefore rejected under similar rationale.
Regarding Claim 17
Claim 17 is directed to a system corresponding to the computer readable instruction in claim 3. Claim 17 is similar in scope to claim 3 and is therefore rejected under similar rationale.
Regarding Claim 18
Claim 18 is directed to a system corresponding to the computer readable instruction in claim 4. Claim 18 is similar in scope to claim 4 and is therefore rejected under similar rationale.
Regarding Claim 19
Claim 19 is directed to a system corresponding to the computer readable instruction in claim 5. Claim 19 is similar in scope to claim 5 and is therefore rejected under similar rationale.
Regarding Claim 20
Claim 20 is directed to a system corresponding to the computer readable instruction in claim 6. Claim 20 is similar in scope to claim 6 and is therefore rejected under similar rationale.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
HERZBERG (US 20230164164 A1) - teaches applying a unified security policy across multiple cloud environments by matching cloud object attributes to nodes in a security graph. Policies applied to one object propagate to connected objects across environments. Non-compliance triggers mitigation, such as alerts or automated code modifications.
Niv US 20220159025 A1 - describes a system that watches network activity for cloud-based entities, groups their connections, and learns what normal behavior looks like. If unusual activity is detected, such as malware spreading or data being stolen, it flags the incident, generates a report, and can take steps to mitigate the issue.
McConnell US 20210399939 A1 - about a management network that oversees an end-user network with contact center servers and agents. The processors in the management network collect data from the servers, check that data against logical directives (rules and conditions set by the end-user network), and then tell the servers what actions to take: such as changing an agent’s state, adjusting schedules, or reassigning queues. It also covers secure communication methods (like VPNs), third-party cloud servers, and even robotic process automation for logging in and executing operations.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Saad Abdullah whose telephone number is 571-272-1531. The examiner can normally be reached on Monday through Friday, 8:30 AM - 5:00 PM (EST).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAAD AHMAD ABDULLAH/Examiner, Art Unit 2431
/LYNN D FEILD/Supervisory Patent Examiner, Art Unit 2431