SYSTEM AND METHODS FOR ESTABLISHING AND LEVERAGING SECURE ACCESS TO DATA ACROSS WI-FI NETWORKS

DETAILED ACTION This final office action has been issued in response to communications received on 11/07/2025. Claims 1-20 are presented for examination. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s remarks regarding the rejection of the claims under 103 have been considered, but are found unpersuasive. Applicant argues on page 6 of the Remarks, filed 11/07/2025, that Weingarten does not teach the claim 1 limitation “executing a secure data processing application to perform modification of user data” because “Weingarten does not disclose any application that performs modification of user data as recited in the claimed subject matter”, however the Examiner respectfully disagrees. Weingarten teaches executing agents (i.e. secure data processing application) to collect, parse and analyze behavioral characteristics of endpoints to modify files (i.e. modifying user data) to generate classifications and identifications of malicious behavior (paras. [0067]-[0068], [0146], [0153]-[0154], [0174]). Weingarten teaches that the endpoint devices and target endpoint devices are operated by users (para. [0032], [0077]), therefore the behavioral data collected by the agents on the endpoints broadly constitutes user data (paras. [0067]-[0068]), which is then analyzed by the agents and modified by parsing and indexing (i.e. modifying) the collected data set (paras. [0154], [0174]). The claims do not specify how the user data is modified, therefore parsing and indexing the collected data is sufficient to disclose the claim limitation. Accordingly, Weingarten teaches the limitations as cited. Applicant further argues on page 6 of the Remarks that Weingarten does not teach the claim limitation “enabling secure storage and management of modified user data through an access management application” because “Weingarten does not disclose storing or managing modified user data” and the “access management functionality in Weingarten pertains to controlling network communications and endpoint access rights, not to managing modified user data as recited in the claimed subject matter”, however the Examiner respectfully disagrees. Weingarten teaches storing and managing data from endpoint devices collected and generated by agents thru endpoint device systems (paras. [0077], [0128], [0131], [0174], [0179]). Specifically, Weingarten explicitly discloses that the collected data can be “parsed and indexed in a database” (para. [0174]), therefore the modified (i.e. parsed and indexed) collected endpoint data is stored in a database. Accordingly, Weingarten discloses the limitation as cited. Applicant further argues on page 6 of the Remarks that Weingarten does not teach the claim 1 limitation “an access management application to allow transfer of user data to data requesters upon preconditions as being met” because the “access management functionality described in Weingarten operates at the network communication level, controlling whether endpoints can establish connections to other endpoints, cloud services, or network resources” and “Weingarten’s agents monitor endpoint behavior, identify anomalies, and enforce network access policies by allowing or blocking network connections based on behavioral patterns and security threat assessments”, however the Examiner respectfully disagrees. Nothing in the claims specifies the level at which the access management application functions or precludes an endpoint from being a data requester. Data requesters are not defined in the claims nor is the type of user data or the type of preconditions. Applicant is free to further clarify these terms. In addition, the Examiner notes that the claims refer to the user data, but do not specify the modified user data. Weingarten teaches agents and endpoint device systems enable network access requests to be granted by the endpoints upon rules and network management polices being met (i.e. preconditions to granting or requests) (paras. [0068], [0074], [0077], [0086], [0088], [0179]). The network access requests come from endpoints of users (see for example [0074]) and therefore constitute a request to transfer user data. As the claims do not specify what this user data constitutes, Weingarten teaches the limitations of the claims as disclosed. Applicant further argues on page 7 of the Remarks that Weingarten does not teach the limitations of the claims because Weingarten does not teach “an access management application that is configured to manage transfers of user data; (2) one or more data requesters as recipients of the user data; and (3) one or more preconditions that must be satisfied by the transfer is allowed to occur”, however the Examiner respectfully disagrees. The issue is whether Weingarten teaches the limitations of the claims and the claims do not specify data requesters as recipients of the user data. Applicant is free to amend the claims to disclose these limitations. Furthermore, as the examiner has already explained supra, Weingarten teaches agents apply rules and policies (i.e. preconditions that must be satisfied) “to continuously validate the identity and permissions of a user of the device” ([00774]) and apply policies/rules before granting a network access path request from an endpoint (i.e. [0074]), therefore the agents and endpoint device systems restrict access (i.e. manage transfers) to the transfer of user data between endpoints of users. The data requesters are therefore other endpoints requesting access to user data of the endpoint. As already mentioned, Applicant is free to clarify what is meant by user data, modified user data, managing transfers and preconditions. Accordingly, Weingarten teaches the limitations as cited. The remaining arguments fail to comply with 37 C.F.R. § 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. Accordingly, the rejection of the claims under 35 USC 103 is sustained. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claims 1-7, 9, 11-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Weingarten (US 2023/0148446). Regarding claim 1, Weingarten discloses the limitations of claim 1 substantially as follows: A method comprising: configuring a plurality of Wi-Fi networks to support data collection and to work in a connected manner (paras. [0064]-[0065], [0078], [0083], [0118], [0142]: configuring a safe environment with elastic network of different networks and subnetworks, systems and end devices by collecting behavioral characteristics and controlling access to network connections, where communications over the networks may be wired or wireless); executing a cloud-based server for centralized control over the plurality of Wi-Fi networks (paras. [0033], [0065], [0067], [0102], [0111]: central server of a cloud-based system for centralized control over subnetworks, endpoints and other elements within the safe environment in order to collect behavioral characteristics); executing a secure data processing application to perform modification of user data (paras. [0067]-[0068], [0146], [0153]-[0154], [0174]: executing agents (i.e. secure data processing application) to collect, parse and analyze behavioral characteristics of endpoints to modify files (i.e. modifying user data) to generate classifications and identifications of malicious behavior); enabling secure storage and management of the modified user data through an access management application (paras. [0077], [0128], [0131], [0174], [0179]: storing and managing data from endpoint devices collected and generated by agents thru endpoint device systems); and configuring the access management application to allow a transfer of the user data to one or more data requesters upon one or more preconditions being met (paras. [0068], [0074], [0077], [0086], [0088], [0179]: agents and endpoint device systems enable network access requests to be granted by the endpoints upon rules and network management polices being met (i.e. preconditions to granting or requests)). Although Weingarten does not explicitly disclose modifying user data, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that Weingarten discloses modifying collected endpoint user data in order to enable the endpoint modeling and grouping management system to index and analyze the collected data to identify indicators of compromise, malware and threats (para. [0174]). Regarding claims 2 and 12, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten teaches the limitations of claims 2 and 12 as follows: utilizing one or more of access points, mesh nodes, repeaters, and devices within the plurality of Wi-Fi networks as data transmission terminals (paras. [0093], [0114]: using access points, repeaters and endpoints (i.e. devices within the plurality of networks) with agents to transmit collected data about the endpoints (i.e. as data transmission terminals)). Regarding claims 3 and 13, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten teaches the limitations of claims 3 and 13 as follows: generating an access management interface on a client device, the access management interface configured to enable a user to set the one or more preconditions for the one or more data requesters (paras. [0074], [0077], [0180], Fig. 13: user interface on endpoint configured to enable a user to manually set access restrictions for the endpoints requesting access). Regarding claims 4 and 14, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten teaches the limitations of claims 4 and 14 as follows: implementing a consent management module configured to enable users to manage consent settings for data usage transfer (paras. [0106]-[0108], [0180]: enabling users to manually adjust control settings for data access/transfer). Regarding claims 5 and 15, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten teaches the limitations of claims 5 and 15 as follows: executing a user profile creation module configured to create profiles for data requesters, wherein each profile includes access rights (paras. [0072], [0092], [0132], [0183]: determining historical browsing histories and patterns and baseline usage (i.e. profiles) for users and endpoint devices and set access rights for the users and endpoint devices)). Regarding claims 6 and 16, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten teaches the limitations of claims 6 and 16 as follows: configuring a data delivery module to securely transmit the modified data to authorized data requesters (paras. [0101], [0162], [0174]: securely transmitting data collected by the agents and encrypted by certificates for transmission to the management system and requesters of searches of the collected information). Regarding claim 7, Weingarten teaches the limitations of the method of claim 1. Weingarten teaches the limitations of claim 7 as follows: configuring a transaction module to maintain records of data access transactions, including one or more of a data requester identification, a time and/or date of request, and data requested (paras. [0153], [0169], [0178]-[0179], [0183], Fig. 9: maintaining records identifying the particular endpoint performing an action (i.e. data requester) and data and time actions are performed)). Regarding claim 17, Weingarten teaches the limitations of the system of claim 11. Weingarten teaches the limitations of claim 17 as follows: configuring a transaction module to maintain records of data access transactions, including one or more of a data requester identification, a time and/or date of request, and specific data requested (paras. [0153], [0169], [0178]-[0179], Fig. 9: maintaining records identifying the particular endpoint performing an action (i.e. data requester) and data and time actions are performed)). Regarding claim 8, Weingarten teaches the limitations of the method of claim 1. Weingarten teaches the limitations of claim 8 as follows: executing a key management module configured to manage encryption keys for data requesters, including their generation, distribution, and revocation (paras. [0101]: managing certificates for encrypting and decrypting user content). Regarding claim 18, Weingarten teaches the limitations of the system of claim 11. Weingarten teaches the limitations of claim 18 as follows: executing a key management module configured to manage modification keys for data requesters, including their generation, distribution, and revocation (paras. [0101]: managing certificates for encrypting and decrypting user content). Regarding claims 9 and 19, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten teaches the limitations of claims 9 and 19 as follows: enabling, via an access management interface, a user to select one or more requesters to add to a consent list (paras. paras. [0107]-[0108], [0179]-[0180], Fig. 13: user interface that enables manual designation of endpoints/requesters that have or have not violated access restrictions and manual modification of access restrictions). Regarding claims 10 and 20, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten teaches the limitations of claims 10 and 20 as follows: configuring the secure data processing application to enable users to select a degree of anonymization for their data via an access management interface (paras. [0080]-[0081]: enabling different levels of anonymization by using IoT devices/unmanaged devices without agents on them which are detected by agents as using the IP address of the user for their Internet Requests (i.e. users can use IoT w/o agents to obtain some anonymization)). Regarding claim 11, Weingarten teaches the limitations substantially as follows: A system comprising: one or more computers comprising one or more processors and one or more non-transitory computer readable media, the one or more non-transitory computer readable media including program instructions stored thereon that when executed cause the one or more computers to: configure a plurality of Wi-Fi networks to support data collection and to work in a connected manner (paras. [0064]-[0065], [0078], [0083], [0118], [0142]: configuring a safe environment with elastic network of different networks and subnetworks, systems and end devices by collecting behavioral characteristics and controlling access to network connections, where communications over the networks may be wired or wireless); configure a cloud-based server for centralized control over the plurality of Wi-Fi networks (paras. [0033], [0065], [0067], [0102], [0111]: central server of a cloud-based system for centralized control over subnetworks, endpoints and other elements within the safe environment in order to collect behavioral characteristics); execute a secure data processing application to perform modification of user data (paras. [0067]-[0068], [0146], [0153]-[0154], [0174]: executing agents (i.e. secure data processing application) to collect, parse and analyze behavioral characteristics of endpoints to modify files (i.e. modifying user data) to generate classifications and identifications of malicious behavior); and execute an access management application enabling secure storage and management of the modified data (paras. [0077], [0128], [0131], [0174], [0179]: storing and managing data from endpoint devices collected and generated by agents thru endpoint device systems); wherein the access management application is configured to allow a transfer of user controlled data to one or more data requesters upon one or more preconditions being met (paras. [0068], [0074], [0077], [0086], [0088], [0179]: agents and endpoint device systems enable network access requests to be granted by the endpoints upon rules and network management polices being met (i.e. preconditions to granting or requests)). Although Weingarten does not explicitly disclose modifying user data, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention that Weingarten discloses modifying collected endpoint user data in order to enable the endpoint modeling and grouping management system to index and analyze the collected data to identify indicators of compromise, malware and threats (para. [0174]). Claims 8, 18, 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Weingarten (US 2023/0148446), as applied to claims 1 and 11, further in view of O’Donnell (WO2020220119A1). Regarding claim 8, Weingarten teaches the limitations of the method of claim 1. Weingarten does not explicitly teach the limitations of claim 8, however in the same field of endeavor O’Donnell teaches the limitations of claim 8 as follows: executing a key management module configured to manage encryption keys for data requesters, including their generation, distribution, and revocation (paras. [0062], [0077]-[0078], [0115]-[0116]: managing encryption keys and authentication data (passcodes, seeds) for users including generating keys which are unique to the user’s account on the provider, assigning/distributing keys and updating of user keys (i.e. revoking and generating new keys)). O’Donnell and Weingarten are combinable because both are from the same field of endeavor of installing software applications on user devices to collect user data and protecting user data collected from user devices from access by unauthorized parties. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate O’Donnell’s method of managing encryption keys with the system of Weingarten in order to increase the security of the system by ensuring that each encryption key is unique to each user’s account without duplicate keys. Regarding claim 18, Weingarten teaches the limitations of the system of claim 11. Weingarten does not explicitly teach the limitations of claim 18, however in the same field of endeavor O’Donnell teaches the limitations of claim 18 as follows: executing a key management module configured to manage modification keys for data requesters, including their generation, distribution, and revocation (paras. [0062], [0077]-[0078], [0115]-[0116]: managing encryption keys and authentication data (passcodes, seeds) for users including generating keys which are unique to the user’s account on the provider, assigning/distributing keys and updating of user keys (i.e. revoking and generating new keys)). O’Donnell and Weingarten are combinable because both are from the same field of endeavor of installing software applications on user devices to collect user data and protecting user data collected from user devices from access by unauthorized parties. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate O’Donnell’s method of managing encryption keys with the system of Weingarten in order to increase the security of the system by ensuring that each encryption key is unique to each user’s account without duplicate keys. Regarding claims 10 and 20, Weingarten teaches the limitations of the method of claim 1 and the system of claim 11. Weingarten does not explicitly teach the limitations of claims 10 and 20, however in the same field of endeavor, O’Donnell teaches the limitations of claims 10 and 20 as follows: configuring the secure data processing application to enable users to select a degree of anonymization for their data via an access management interface (paras. [0058], [0060]. [0063], [0066], [0088]: using application and browser interface on user device to enable users to consent to share a subset of their user data in an anonymized or non-anonymized form and consent to share some of their user data for compensation). O’Donnell and Weingarten are combinable because both are from the same field of endeavor of installing software applications on user devices to collect user data and protecting user data collected from user devices from access by unauthorized parties. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to integrate O’Donnell’s method of enabling users to designate which user data the user is willing to share and whether the user data should be anonymized with the system of Weingarten in order to increase the security of the system by affording users greater protection of their privacy by providing the user with greater control over the process of sharing the user’s data and enabling them to specify which data is shared and that the user data is in an anonymized form. Prior art not relied upon but applied/considered includes: 1) Nicolas (US 2014/0215638) teaches a method for enabling a third party to search for user data that might be of value to them in an anonymous manner and then enables the user to grant permission to release their user data to the third party upon receiving financial compensation (paras. [0072]-[0082]). Conclusion For the above reasons, claims 1-20 are rejected. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583. The examiner can normally be reached on 10AM-6PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHARON S LYNCH/Primary Examiner, Art Unit 2438