Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 remain for examination. Claims 1 and 11 have been amended. Applicant's arguments filed on 10/29/2025 have been fully considered but they are moot in view of the new ground(s) of rejection necessitated by the amendments. Accordingly, this action has been made final.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of pre-AIA 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.
Claims 1, 3-6, 11, 13-16 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Martinez US 20230097662 A1 in view of Kossey US 20210367980 A1.
As to claim 1, Martinez teaches a method, comprising: in connection with an existing cloud site (Martinez Abstract) [methods for deploying a cloud environment to a “cloud hyperscaler infrastructure” (read existing cloud site)] [0029] [The deployment code may include a series of commands that can be provided to a cloud hyperscaler infrastructure 148, 150, 152 to cause the cloud hyperscaler infrastructure 148, 150, 152 to implement a cloud environment and/or update an existing cloud environment to conform with the security concept document.], receiving, from a client, generic security requirements concerning a cloud system that is to be deployed to the existing cloud site (Martinez Pa. [0054]) [the deployment sub-tool receives an indication of a “security concept document” (read security requirements) that will be the basis of the cloud environment to be deployed]; generating a generic security policy based on the generic security requirements (Martinez Pa. [0026]) [The security concept sub-tool may apply one or more security guidelines to the cloud environment element description and, if the security guidelines are met, generate and/or update a security concept document for the cloud environment], and the generic security policy is not specific to the existing cloud site (Martinez Pa. [0054]) [security concept documents that can be used to deploy cloud environments. Note: Here “security concept documents” (read security policy) is related to the deployed cloud, not the existing cloud ]; enabling the client to deploy the cloud system at the existing cloud site (Martinez Pa. [0025]) [The user 101, for example, may be an administrative user or other user of a client enterprise with responsibility for generating, verifying, deploying, or otherwise administering a cloud environment at one or more of the cloud hyperscaler infrastructure]; and using the cloud-specific deployment security architecture to enforce the generic security policy during deployment of after the cloud system has been deployed at the existing cloud site(Martinez Pa. [0022]) [may also receive an instruction to deploy a cloud environment to a cloud hyperscaler. In response to the instruction, the cloud environment tool utilizes the security concept document and/or cloud environment description data to generate deployment code for the cloud environment. The deployment code includes instructions that can be used by a cloud hyperscaler to implement the cloud environment. The cloud environment tool may submit the deployment code to the cloud hyperscaler, which may utilize the code to implement the described cloud environment]
It is noted that Martinez does not appear explicitly disclose mapping the generic security policy to cloud-specific constructs of the existing cloud site to define a cloud-specific deployment security architecture that is compliant with established security requirements of the existing cloud site; implementing the cloud-specific deployment security architecture at the existing cloud site.
However, Kossey discloses mapping the generic security policy (Kossey Pa. [0036]) [4 maps to first party security policy requirements for the data and interfaces architecture layers, any the contract-specific security policy requirements for other architecture layers] to cloud-specific constructs of the existing cloud site to define a cloud-specific deployment security architecture (Kossey Pa. [0053]) [The cloud environment can be a first party enterprise cloud environment, and the input information can map to cloud owner selected architecture layers, or map to cloud tenant code deployment-based selected architecture layers [0055] Obtaining the security policy requirement data based on the selected architecture layers can include determining at least two of: a data layer, an interfaces layer, an application layer, a solution stack layer, an operating systems layer] that is compliant with established security requirements of the existing cloud site (Kossey Pa. [0002]) [Securing systems such as cloud-based systems is increasingly important. There is thus security policy data describing various security
requirements that need to be complied with for a given enterprise]; implementing the cloud-specific deployment security architecture at the existing cloud site (Kossey Pa. [0022]) [the user input-established cloud environment and associated service model 104, the architecture layers 106 (e.g., application layer, operating system layer, etc.) that are in-scope for that cloud environment and associated service model 104 are used to map to security requirements for those layers. This solution effectively maps user input to security policy requirements in a highly efficient manner]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Kossey to the service offer system of Martinez would have yield predictable results and resulted in an improved system, namely, a system that would provide determining security policy data based on a cloud environment and associated information determined via user interaction with program questions (Kossey pa. [0001)
As to claims 3-4, the combination of Martinez and Kossey teaches wherein the cloud system comprises a distributed software defined storage system; wherein the cloud system comprises a distributed cloud computing system (Kossey pa. [0098) [computer 1302 can access cloud storage systems or other network-based storage systems in addition to, or in place of, external storage devices 1316 as described above. Generally, a connection between the computer 1302 and a cloud storage system can be established over a LAN 1354 or WAN 1356 e.g., by the adapter 1358 or modem 1360, respectively. Upon connecting the computer 1302 to an associated cloud storage system]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Kossey to the service offer system of Martinez would have yield predictable results and resulted in an improved system, namely, a system that would provide determining security policy data based on a cloud environment and associated information determined via user interaction with program questions (Kossey pa. [0001)
As to claim 5, the combination of Martinez and Kossey teaches wherein the enforceable generic security policy is configured to be implemented and enforced at another cloud site that comprises other cloud-specific constructs that are different from the cloud-specific constructs of the cloud site (Martinez Pa. [0033]) [a cloud environment that was previously deployed to a cloud hyperscaler, which may be one of the cloud hyperscaler infrastructure 148, 150, 152 or a different cloud hyperscaler. Because of this, in some examples, different communications between the web application 102 and backend 104 may actually be handled by different servers at the cloud hyperscaler]
As to claim 6, the combination of Martinez and Kossey teaches wherein the generating, the mapping, and the implementing, are performed by a multi-cloud security service configured to communicate with one or more other cloud sites (Martinez Pa. [0112]) [A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.]
As to claims 11, 13-16, claims 11, 13-16 recite he claimed that contain respectively similar limitations as claims 1, 3-6; therefore, they are rejected under the same rationale.
Claims 2, 8, 12, 18 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Martinez US 20230097662 A1 in view of Kossey US 20210367980 A1, in further view of Lee US 20210144141 A1.
As to claim 2, the combination of Martinez and Kossey does not appear explicitly disclose wherein the generic security requirements comprise requirements concerning access key creation and usage.
However, Lee discloses disclose wherein the generic security requirements comprise requirements concerning access key creation and usage (Lee Pa. [0038]) [ key location, and maintain complete knowledge of usage of keys used to encrypt/decrypt the client's data and allows for thorough auditing of key access and usage]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Lee to the service offer system of Martinez and Kossey would have yield predictable results and resulted in an improved system, namely, a system that would integrate third-party encryption key managers with cloud services. (Lee pa. [0001)
As to claim 8, the combination of Martinez, Kossey and Lee teaches wherein mapping the generic security policy to cloud-specific constructs to define a cloud-specific deployment security architecture comprises generating and storing a key (Lee pa. [0024) [customers of the cloud service provider flexibility to store keys in their own infrastructure or in any trusted third party service separate and independent from the cloud service provider]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Lee to the service offer system of Martinez and Kossey would have yield predictable results and resulted in an improved system, namely, a system that would integrate third-party encryption key managers with cloud services. (Lee pa. [0001)
As to claim 12, claim 12 recites he claimed that contain similar limitations as claim 2; therefore, it is rejected under the same rationale.
As to claim 18, claim 18 recites he claimed that contain similar limitations as claim 8; therefore, it is rejected under the same rationale.
Claims 7, 17 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Martinez US 20230097662 A1 in view of Kossey US 20210367980 A1, in further view of Mihajlovic US 20240388606 A1.
As to claim 7, the combination of Martinez and Kossey does not appear explicitly disclose wherein the generic security requirements comprise zero trust requirements.
However, Mihajlovic discloses wherein the generic security requirements comprise zero trust requirements (Mihajlovic Pa. [0066]) [compliant with the present zero trust architecture and requirements]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Mihajlovic to the service offer system of Martinez and Kossey would have yield predictable results and resulted in an improved system, namely, a system that would provide policy based privileged remote access in zero trust private networks (Mihajlovic pa. [000)
As to claim 17, claim 17 recites he claimed that contain similar limitations as claim 7; therefore, it is rejected under the same rationale.
Claims 9-10, 19-20 are rejected under pre-AIA 35 U.S.C. 103(a) as being unpatentable over Martinez US 20230097662 A1 in view of Kossey US 20210367980 A1, in further view of Bednash US 20240045964 A1.
As to claim 9, the combination of Martinez and Kossey discloses wherein mapping the generic security policy to cloud-specific constructs to define a cloud-specific deployment security architecture comprises creating, and deploying to the cloud site (Martinez Pa. [0112]) [A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.]
However, Bednash discloses “a key rotation function” (Bednash Pa. [0055]) [manages encryption key material as well as maintenance functions, such as automatic
key rotation]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Bednash to the service offer system of Martinez and Kossey would have yield predictable results and resulted in an improved system, namely, a system that would provide cybersecurity active defense for unstructured files in a data storage system (Bednash pa. [0002)
As to claim 10, the combination of Martinez, Kossey and Bednash discloses wherein mapping the generic security policy to cloud-specific constructs to define a cloud-specific deployment security architecture comprises configuring the cloud site to perform threat detection (Bednash pa. [0041) [he BSP system 100 can be configured to detect and stop insider threats and ransomware attacks]
Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed invention, that applying the known technique taught by Bednash to the service offer system of Martinez and Kossey would have yield predictable results and resulted in an improved system, namely, a system that would provide cybersecurity active defense for unstructured files in a data storage system (Bednash pa. [0002)
As to claim 19, claim 19 recites he claimed that contain similar limitations as claim 9; therefore, it is rejected under the same rationale.
As to claim 20, claim 20 recites he claimed that contain similar limitations as claim 10; therefore, it is rejected under the same rationale.
Response to Arguments
Arguments
It is argued that Applicant respectfully disagrees and submits that the rejections should be withdrawn. By this paper, claims 1 and 11 are amended to recite in part: " in connection with an existing cloud site, receiving, from a client, generic security requirements concerning a cloud system that is to be deployed to the existing cloud site; generating a generic security policy based on the generic security requirements, and the generic security policy is not specific to the existing cloud site; mapping the generic security policy to cloud-specific constructs of the existing cloud site to define a cloud-specific deployment security architecture that is compliant with established security requirements of the existing cloud site..." Emphasis added. Support for these amendment can be found throughout the application including, for example, at Figure 1 (and corresponding discussion), and paragraph 0011. In contrast, as the references are presently understood, they collectively fail to disclose the aforementioned elements in combination with the other respective elements of the claims. The following examples are illustrative, but not exhaustive.
For example, Martinez makes clear that it is concerned with configuring and deploying a new cloud site. See, e.g., paragraphs 0013 ("implement computing infrastructure"), and 0020- 0022 ("build a cloud environment"). Martinez is not concerned with generation, based on user input, a generic security policy that is compliant with established security requirements of an existing cloud site where a cloud system is to be deployed. See, also, Martinez at paragraphs 0025, 0026, and 0054. For example, while paragraph 0026 refers to implementing a "revised configuration for a cloud environment element" (paragraph 0026), that is not what the claims are directed to. Rather, the claims are concerned with adapting a generic policy to established cloud site security requirements, not implementing modifications to cloud site security requirements.
As presently understood, the other references fail to remedy the clear and material defects of Martinez. Thus, even if the references were combined, they would still collectively fail to disclose all the claim elements. Applicant thus submits that the rejection should be withdrawn.
Examiner’s response
In response to applicant's argument, Examiner respectfully submits that: that claimed limitation is to be given their broadest reasonable interpretation during prosecution, and the scope of a claim cannot be narrowed by reading disclosed limitations into the claim. See In re Morris, 127 F.3d 1048, 1054, 44 USPQ2D 1023, 1027 (Fed. Cir. 1997); In re Zletz, 893 F.2d 319, 321, 13 USPQ2D 1320, 1322 (Fed. Cir. 1989); In re Prater, 415 F.2d 1393, 1404, 162 USPQ 541,550 (CCPA 1969).
Furthermore, the combination the combination of Martinez and Kossey discloses the claimed amendments as fallow: a method, comprising: in connection with an existing cloud site (Martinez Abstract) [methods for deploying a cloud environment to a “cloud hyperscaler infrastructure” (read existing cloud site)] [0029] [The deployment code may include a series of commands that can be provided to a cloud hyperscaler infrastructure 148, 150, 152 to cause the cloud hyperscaler infrastructure 148, 150, 152 to implement a cloud environment and/or update an existing cloud environment to conform with the security concept document.], receiving, from a client, generic security requirements concerning a cloud system that is to be deployed to the existing cloud site (Martinez Pa. [0054]) [the deployment sub-tool receives an indication of a “security concept document” (read security requirements) that will be the basis of the cloud environment to be deployed]; generating a generic security policy based on the generic security requirements (Martinez Pa. [0026]) [The security concept sub-tool may apply one or more security guidelines to the cloud environment element description and, if the security guidelines are met, generate and/or update a security concept document for the cloud environment], and the generic security policy is not specific to the existing cloud site (Martinez Pa. [0054]) [security concept documents that can be used to deploy cloud environments. Note: Here “security concept documents” (read security policy) is related to the deployed cloud, not the existing cloud ]; enabling the client to deploy the cloud system at the existing cloud site (Martinez Pa. [0025]) [The user 101, for example, may be an administrative user or other user of a client enterprise with responsibility for generating, verifying, deploying, or otherwise administering a cloud environment at one or more of the cloud hyperscaler infrastructure]; and using the cloud-specific deployment security architecture to enforce the generic security policy during deployment of after the cloud system has been deployed at the existing cloud site(Martinez Pa. [0022]) [may also receive an instruction to deploy a cloud environment to a cloud hyperscaler. In response to the instruction, the cloud environment tool utilizes the security concept document and/or cloud environment description data to generate deployment code for the cloud environment. The deployment code includes instructions that can be used by a cloud hyperscaler to implement the cloud environment. The cloud environment tool may submit the deployment code to the cloud hyperscaler, which may utilize the code to implement the described cloud environment]
Further, Kossey discloses mapping the generic security policy (Kossey Pa. [0036]) [4 maps to first party security policy requirements for the data and interfaces architecture layers, any the contract-specific security policy requirements for other architecture layers] to cloud-specific constructs of the existing cloud site to define a cloud-specific deployment security architecture (Kossey Pa. [0053]) [The cloud environment can be a first party enterprise cloud environment, and the input information can map to cloud owner selected architecture layers, or map to cloud tenant code deployment-based selected architecture layers [0055] Obtaining the security policy requirement data based on the selected architecture layers can include determining at least two of: a data layer, an interfaces layer, an application layer, a solution stack layer, an operating systems layer] that is compliant with established security requirements of the existing cloud site (Kossey Pa. [0002]) [Securing systems such as cloud-based systems is increasingly important. There is thus security policy data describing various security
requirements that need to be complied with for a given enterprise]; implementing the cloud-specific deployment security architecture at the existing cloud site (Kossey Pa. [0022]) [the user input-established cloud environment and associated service model 104, the architecture layers 106 (e.g., application layer, operating system layer, etc.) that are in-scope for that cloud environment and associated service model 104 are used to map to security requirements for those layers. This solution effectively maps user input to security policy requirements in a highly efficient manner]
Therefore, the applicant’s arguments are moot.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438. The examiner can normally be reached Monday -Friday 8:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amir Mehrmanesh can be reached at (571)270-3351. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/EVANS DESROSIERS/Primary Examiner, Art Unit 2491