Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The claims 1-20 are pending.
Examiner’s Notes
The Specification has been reviewed and no known errors were found. However, the lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-2, 5-6, 8-9, 12-13, 15-16 & 19 are rejected under 35 U.S.C. 102(b) as being anticipated by Shetty et al. (US Pub No 2024/0143779).
With respect to claim 1, Shetty further teaches a system, comprising:
a computing device comprising a processor and a memory; and machine-readable instructions stored in the memory (e.g., ¶ 0069-0071 & Fig. 1 #100) that, when executed by the processor, cause the computing device to at least:
identify a recipient device for a secure file transfer (e.g., identity managed devices for distribution @ Fig. 4 #401, 407, & 409 ¶ 0020-0021 & 0056);
verify an enrollment status of the recipient device with an enterprise (e.g., reading device data to verify enrollment status with the management service of an enterprise ¶ 0021-0023);
verify a compliance level of the recipient device (e.g., verifying compliance rules enforced on client devices that are enrolled as managed devices with the management service ¶ 0024 and determining security posture ¶ 0057-0058); and
based at least in part on a successful verification of the enrollment status and the compliance level, transfer one or more secure files to the recipient device (e.g., transferring the files to the intended recipient device based on both enrollment status and compliance level ¶ 0055 & 0065).
Shetty further teaches claim:
2. The system of claim 1, wherein the machine-readable instructions, when executed, further cause the computing device to at least establish a secure connection between the computing device and the recipient device (e.g., establishing a secure connection with only devices meeting a minimum threshold ¶ 0065).
Shetty further teaches claim:
5. The system of claim 1, wherein the machine-readable instructions which, when executed, cause the computing device to verify a compliance level of the recipient device, further cause the computing device to at least: obtain a security classification of the recipient device; and compare the security classification of the recipient device to a security classification of the one or more secure files (e.g., obtain recipient device security posture ¶ 0053 & 0058 ascertain the file risk designation ¶ 0046 & 0057 and comparing the recipient device security posture to ensure the device meeting a minimum security posture according to the file risk designation ¶ 0041-0042 & 0059).
Shetty further teaches claim:
6. The system of claim 5, wherein verification of the compliance level is successful when the security classification of the recipient device matches the security classification of the one or more secure files (e.g., ¶ 0041-0042, 0059 & 0065-0066).
The limitations of claim 8 are substantially similar to claim 1 above, and therefore the claim is likewise rejected.
The limitations of claim 9 are substantially similar to claim 2 above, and therefore the claim is likewise rejected.
The limitations of claim 12 are substantially similar to claim 5 above, and therefore the claim is likewise rejected.
The limitations of claim 13 are substantially similar to claim 6 above, and therefore the claim is likewise rejected.
The limitations of claim 15 are substantially similar to claim 1 above, and therefore the claim is likewise rejected.
The limitations of claim 16 are substantially similar to claim 2 above, and therefore the claim is likewise rejected.
The limitations of claim 19 are substantially similar to claims 5-6 above, and therefore the claim is likewise rejected.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 3-4, 7, 10-11, 14, 17-18 & 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shetty in view of Jun Li (US Pub No 2009/0259847).
With respect to claim 3, Shetty discloses the claimed subject matter as discussed above with respect to verifying device enrollment status (¶ 0021-0023), file hashing (¶ 0037) and implementing a zero trust framework (¶ 0039), but does not explicitly discloses using certificate and verify a signature. However, analogous art from the same field of endeavor, Li teaches obtain a certificate from the recipient device (e.g., “ In step 710, receiver 704 sends provider 702 a copy of the signed ticket authorizing the receiver to obtain data object O.” ¶ 0046); and verify a signature of the certificate based upon a root certificate corresponding to the certificate obtained from the recipient device (e.g., “The provider verifies the ticket in step 712 using the public key of the server. Assuming the ticket is verified, provider 702 sends receiver 704 a signed root hash value H(0,1) for the data object O.“ ¶ 0036 & 0046 & Figs. 7A-B). Therefore, based on Shetty in view of Li, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Li to the system of Shetty in order to “secure against attempts by individual peers to circumvent authenticity, confidentiality, data integrity, and proof-of-service” (¶ 0050-0051) . Hence, it would have been obvious to combine the references to obtain the invention as specified in the instant claim(s).
Li further teaches claim:
4. The system of claim 3, wherein verification of the enrollment status is successful when the root certificate corresponding to the certificate matches the root certificate of the enterprise (e.g., verifying root hash digitally signed by a server of an enterprise ¶ 0013 & 0046). The motivation to combine Li to Shetty is the same as claim 3 above.
The limitations of claims 10 & 17 are substantially similar to claim 3 above, and therefore these claims are likewise rejected.
The limitations of claims 11 & 18 are substantially similar to claim 4 above, respectively, and therefore the claims are likewise rejected.
Li further teaches claim:
7. The system of claim 1, wherein the machine-readable instructions which, when executed, cause the computing device to transfer one or more secure files to the recipient device, further cause the computing device to at least: sign the one or more secure files using a private key of the computing device; encrypt the one or more secure files using a public key of the recipient device; and send the one or more secure files to the recipient device (e.g., prior to sending the secure files to the recipient, signing the file using the receiver’s private key ¶ 0030-0031 & 0051, encrypt using the receiver’s public key so that only the receiver can decrypt it ¶ 0043-0044 & 0046). The motivation to combine Li to Shetty is the same as claim 3 above.
The limitations of claims 14 & 20 are substantially similar to claim 7 above, and therefore these claims are likewise rejected.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Specifically, prior art Hoyos et al. (US Pub 2016/0065571) discloses relevant methods of secure file sharing between multiple devices.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAU LE whose telephone number is (571)270-7217. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LINGLAN EDWARDS can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/CHAU LE/Primary Examiner, Art Unit 2408