DETAILED ACTION
Claims 1-20 remain for examination. The amendment filed 10/29/25 amended claims 1, 8, 15, 19, & 20.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
The rejection of claims 19 & 20 under 35 USC 112, 2nd paragraph is withdrawn as moot in view of Applicant’s amendment to those claims.
Applicant's arguments filed 10/29/25 regarding the rejection of the claims under 35 USC 103 have been fully considered but they are not persuasive. Applicant argues:
Applicant respectfully disagrees and submits that the cited ports of Amoudi do not teach or suggest the claim limitation at issue. For example, the cited paragraph [0002] of Amoudi describes "analyzing and filtering an email message destined to a computing resource in a computer network that has been security processed by a cloud-based email security system." According to paragraph [0002] of Amoudi, an email message is first "security processed by a cloud-based email security system" and a mail server in the computer network receives "only" email messages from the authorized node in the cloud-based email security system through the authorized port number 25. Contrastingly, the claim limitation at issue expressly recites "a message inspector operating on a server machine in an enterprise computer network" that receives "an email that has passed a filtering mechanism at ingress of the enterprise computer network." In this case, the recited email "has passed a filtering mechanism at ingress of the enterprise computer network." That is, regardless of whether or not the email was processed by a cloud-based email security system, according to the claim limitation, the email has to pass "a filtering mechanism at ingress of the enterprise computer network." However, the cited paragraph [0002] of Amoudi does not explicitly mention that the email message passes any "filtering mechanism at ingress of the enterprise computer network."
In response, while the Examiner acknowledges that the amended claim language of the independent claims was to make it clearer that the otherwise vague claim term “filtering mechanism” exists on an ingress server of the enterprise network – thus removing from the scope of the claims embodiments wherein the filtering mechanism is understood to be e.g. a cloud-based email server that performs filtering steps on the email prior to forwarding them to the on-premises email system, as disclosed by Amoudi – nevertheless Amoudi also discloses that all traffic, including email traffic from the CBES, makes its ingress to the enterprise network via a firewall (see element 12 of Figure 1) which is a part of Amoudi’s on-premises email security [OPES] system. A person of ordinary skill in the art would immediately recognize that a firewall is a “filtering mechanism” under the broadest reasonable interpretation of the term in view of the instant specification; but even so, Amoudi makes it explicit that the firewall does in fact filter emails [and other traffic] prior to forwarding them to the OPES, as per paragraph 0012:
[0012] The network security system can further comprise an Internet facing firewall that filters all email traffic to the computer network, wherein the firewall is configured to allow only incoming email traffic from the authorized node to pass through to the on-premises email security gateway.
See also Amoudi at paragraph 0038 (emphasis Examiner’s)
[0038] The firewall 12 can prevent unauthorized access to or from the computer network 1, while allowing email traffic to or from the CBES system 20 to pass through the firewall unimpeded. A firewall policy can be created and implemented for the firewall 12 that permits email traffic sent from the CBES system 20 to pass through the firewall 12 to the email security gateway(s) 14, and from the email security gateway(s) 14 to the CBES system 20. The OPES system 10 and CBES system 20 can use a communication protocol such as, for example, Simple Mail Transfer Protocol (SMTP) on Transmission Control Protocol (TCP), which can use a TCP port such as, for example, SMTP TCP 25, 465, 587, 2525. Thus, any email traffic that is received from a source other than the CBES system 20 can be blocked by the firewall 12 and prevented from reaching the email security gateway 14. The firewall 12 can permit all outgoing email traffic destined to the CBES system 20 to pass through unimpeded.
Applicant additionally argues:
Further, the cited paragraph [0030] of Amoudi describes an on-premises email security (OPES) system 10 that can include a boarder security patrol (BSP) system located at the perimeter of the computer network. FIG. 1 of Amoudi shows the OPES system 10 located between firewalls 12 and 18. According to the cited paragraph [0032] of Amoudi, the "analysis and filtering [of all email traffic is] carried out in the cloud by the CBES system 20" "before the resultant filtered email communications can reach the OPES system 10." According to the cited paragraphs [0040]- [0041] of Amoudi, an email security gateway 14 (which is part of the OPES system 10) "can analyze and filter the email traffic received from the firewall 12 to remove or remediate harmful or unwanted emails or email attachments" and "work together with the sandbox security system 16 to scan, analyze, filter or remediate the received email traffic (including all attachments) to remove spam, spoofed emails, phishing emails, advanced persistent threat (APT) events, or other malicious emails, as well as viruses, worms, trojans and other harmful malware or hyperlinks that might exist in the incoming email traffic." Then, the "cleared emails can be forwarded to the backend mail server(s) 112 in the computer network 10," according to the cited paragraph [0042] of Amoudi. As shown in FIG. 1 of Amoudi, the backend mail server(s) 112 are located "in the computer network 10" behind the firewall 18.
Thus, according to the cited portions of Amoudi, mail servers 112 in the computer network 10 receive "cleared emails." The cited portions of Amoudi do not describe any mail server or "message inspector" operating on a server machine "in an enterprise computer network" that performs "a plurality of checks on the email" because, by the time any email is received by mail servers 112 in the computer network 10, the email has to be "cleared" (see e.g., paragraph [0080] mail server 112 may "only receive emails that have been cleared through the OPES system 10") and no further checks are necessary.
Contrastingly, according to the claim limitation at issue, the claimed invention begins with "a message inspector operating on a server machine in an enterprise computer network" receiving "an email that has passed a filtering mechanism at ingress of the enterprise computer network." The recited message inspector then performs "a plurality of checks on the email," utilizing local database files and, "responsive to the email passing the plurality of checks, placing, by the message inspector, the email in an application processing queue." These features are not taught or suggested by the cited portions of Amoudi.
Examiner disagrees, noting that Applicant has erroneously conflated the mail server (element 112 of Figure 1) with the on-premises email security [OPES] system (element 10 of Figure 1). The mail server is not and has never been mapped to the “message inspector” of the claims; rather, the OPES – and in particular, the email security gateway component thereof (element 14 of Figure 1) where cited is a message inspector that receives email from a filtering mechanism at an ingress server of the enterprise network (i.e. the aforementioned firewall discussed supra) and performs a plurality of checks on the received emails, wherein when an email fails any of the checks it is rerouted to a security sandbox for further examination, and wherein when an email passes all the checks, it is forwarded to the internal mail server for final delivery to the intended recipient(s).
Applicant’s remaining arguments pertaining to the secondary references have been considered but are moot in view of the fact that they are not required to address any alleged deficiencies of the Amoudi reference identified by Applicant above. However, the Examiner does wish to make clear that the only reason that the independent claims were not rejected under 35 USC 102 in view of Amoudi is the fact that the independent claims specifically stipulate that any email which fails one or more of the message inspector’s checks is placed in a “suspect message queue”. While message queues have been part and parcel of email servers for as long as email has existed on the Internet (see the RFC 1985 and 2821 references cited as pertinent prior art in the Non-Final Rejection of 7/29/25 for evidence thereof), it is not inherently true of SMTP email that emails identified as suspicious by some security mechanism will be placed in a message queue explicitly designated for that purpose. As was previously noted, the Cardinal reference where cited teaches an equivalent email security invention that explicitly discloses this feature, and thus a person of ordinary skill in the art would have good reason to ensure that their email security gateway, upon identifying a suspicious email, can redirect it via the use of a “suspect message queue” as per the claims.
Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-3, 8-10, & 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Amoudi (U.S. Patent Publication 2021/0014198) in view of Cardinal (U.S. Patent Publication 2020/0021546).
Regarding claims 1, 8, and 15:
Amoudi discloses an anti-fraud message inspection method, system, and computer program product, comprising: receiving, by a message inspector operating on a server machine in an enterprise computer network, an email that has passed a filtering mechanism at ingress of the enterprise computer network (paragraph 0002: “According to a non-limiting embodiment of the disclosure, a method is provided for analyzing and filtering an email message destined to a computing resource in a computer network that has been security processed by a cloud-based email security system…”; paragraph 0012: “The network security system can further comprise an Internet facing firewall that filters all email traffic to the computer network, wherein the firewall is configured to allow only incoming email traffic from the authorized node to pass through to the on-premises email security gateway”; paragraph 0030, including: “The network security solution includes multilayer email analysis, filtering and security risk remediation, including an on-premises email security (OPES) system that can include a boarder security patrol (BSP) system located at the perimeter of the computer network. The OPES system can include an Internet email security gateway and a sandbox solution to analyze and filter email communications received from a cloud-based email security (CBES) system”; paragraph 0032: “The CBES system 20 can receive, analyze and filter email traffic from any external source that is destined to the computer network 1”, and paragraph 0038, including “Thus, any email traffic that is received from a source other than the CBES system 20 can be blocked by the firewall 12 and prevented from reaching the email security gateway 14. The firewall 12 can permit all outgoing email traffic destined to the CBES system 20 to pass through unimpeded”; i.e. the invention is for an on-premises email server that performs additional email scanning on emails received from a firewall that is by definition the ingress server to the enterprise network, wherein said firewall also performs its own filtering); performing, by the message inspector utilizing local database files, a plurality of checks on the email, the local database files stored in a database communicatively connected to the message inspector (paragraphs 0040-0041: “The email security gateway 14 can analyze and filter the email traffic received from the firewall 12 to remove or remediate harmful or unwanted emails or email attachments…The email security gateway 14 can include a reputation filter, message filter, anti-spam engine, anti-virus engine, content filter, or outbreak filter. The email security gateway 14 can work together with the sandbox security system 16 to scan, analyze, filter or remediate the received email traffic (including all attachments) to remove spam, spoofed emails, phishing emails, advanced persistent threat (APT) events, or other malicious emails, as well as viruses, worms, trojans and other harmful malware or hyperlinks that might exist in the incoming email traffic…”; although each of the disclosed filters installed on the OPES can be construed as “local database files” and/or “databases” under the broadest reasonable interpretation of the term(s), see also paragraph 0089 regarding the use of database 150 as part of the scanning process); and responsive to the email passing the plurality of checks, placing, by the message inspector, the email in an application processing queue (paragraph 0042: “After the sandbox analysis has been completed, cleared emails can be forwarded to the backend mail server(s) 112 in the computer network 10. For additional security, the firewall 18 can be provided between the email security gateway(s) 14 and sandbox security system 16 and the backend mail server(s) 112, as noted earlier. The mail server(s) 112 can include, for example, SMTP servers”, further noting that SMTP servers have long since been known to inherently comprise application processing queues for delivering email – see the pertinent NPL prior art below).
Although the Amoudi invention is capable of remediating any email that fails any of its scans and filters (e.g. paragraph 0041), Amoudi does not explicitly disclose responsive to the email failing any of the plurality of checks, placing, by the message inspector, the email in a suspect queue. However, Cardinal discloses in a related invention for processing emails and other electronic messages wherein when it is determined that an incoming message is suspicious, it should be placed in a queue explicitly designated for that purpose (paragraphs 0052-0055, including “Next, as represented by block 302, the system automatically places the flagged data transmission in the queue for suspicious transmissions. This may be done by forwarding the data transmission to another recipient, such as a security branch of the enterprise…”). It would have been obvious prior to the effective filing date of the instant application for Amoudi to store any email that fails any of the local checks in a suspect queue – including but not limited to using said queue to transmit the suspect emails to the sandbox security system for remediation (Amoudi, paragraph 0040) – as doing so allows one to isolate the potentially dangerous emails in a separate memory to minimize or prevent security risk (Cardinal, paragraph 0055).
Regarding claims 2, 9, and 16: The combination further discloses wherein the filtering mechanism comprises a fraud detection filter, a spam detection filter, or virus scanning software running on a networking device (Amoudi, paragraph 0032) and wherein the networking device comprises at least one of a firewall, router, gateway, access point, or switch (Amoudi, paragraph 0038).
Regarding claims 3, 10, and 17: The combination further discloses wherein the local database files comprise at least two of a Sender Policy Framework (SPF) rule, a blacklist, a whitelist, a destination file, a country code limit configuration file, a usage limit configuration file, or a job rate limit configuration file (blacklists and whitelists at Amoudi, paras. 0007, 0018, & 0073).
Claims 4, 6, 7, 11, 13, 14, 18, & 20 are rejected under 35 U.S.C. 103 as being unpatentable over Amoudi in view of Cardinal as applied to claims 1, 8, & 15 above, and further in view of Pickman (U.S. Patent Publication 2023/0403296).
Regarding claims 4, 11, and 18: The combination further discloses wherein the plurality of checks comprises at least an Internet Protocol (IP) check (Amoudi, paragraphs 0048-0049) but does not appear to explicitly disclose any of the remaining options. However, Pickman discloses a related invention for email security wherein the corresponding email security apparatus can perform various checks including but not limited to a Sender Policy Framework (SPF) failure check (Pickman, paragraphs 0011 & 0036-0039), a destination check (Pickman, paragraph 0036), a volume check (Pickman, paragraph 0080), a usage limit check (Pickman, paragraphs 0083-0084), or a job rate limit check (Pickman, paragraph 0080). It would have been obvious prior to the effective filing date of the instant application for Amoudi to incorporate any or all of the additional checks disclosed by Pickman into his invention, as these techniques were known in the art to reduce the likelihood of erred determinations (both false positive and false negative) in classifying emails (Pickman, paragraph 0008).
Regarding claims 6, 13, and 20: The combination further discloses wherein the usage limit check involves checking a usage limit for a sender address or originating domain of the email (Pickman, paragraphs 0083-0084).
Regarding claims 7 and 14: The combination further discloses wherein the job rate limit check involves checking a job rate limit that specifies a number of messages that can be submitted by a domain, a single user, or a single user in a domain in a timeframe (Pickman, paragraph 0080).
Claims 5, 12, & 19 are rejected under 35 U.S.C. 103 as being unpatentable over Amoudi in view of Cardinal in view of Pickman as applied to claims 4, 11, and 18 above, and further in view of Abbasi (U.S. Patent Publication 2024/0333761)
Regarding claims 5, 12, and 19: None of Amoudi, Cardinal, or Pickman disclose wherein the country code limit check involves checking a country code limit associated with the email. However, Abbasi discloses a related invention for email security in which this limitation is taught (paragraphs 0021 & 0049). It would have been obvious prior to the effective filing date of the instant application for Amoudi to use a country code check as part of his email scanning invention, as country codes were a known option within the grasp of a person of ordinary skill in the art to identify potentially suspicious emails.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached at 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
THOMAS A. GYORFI
Examiner
Art Unit 2435
/THOMAS A GYORFI/Examiner, Art Unit 2435 2/27/2026
/AMIR MEHRMANESH/Supervisory Patent Examiner, Art Unit 2491