Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the application filed on or reply to the remarks of 9/26/2025. The instant application has claims 1-9 pending. The system, method and medium for authenticating the recipient metadata before decrypting the payload. There a total of 9 claims.
Response to Arguments
Applicant’s arguments with respect to claim(s) 1-9 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under pre-AIA 35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Techniques and Tools for Forensic Investigation of Email to Banday in view of US Patent 2008/0162931 to Lord and further in view of US Patent 2017/0270283 to Shiraishi.
Regarding claim 1, 7, Banday discloses A method comprising, by an authentication server: receiving, from a recipient computer system, recipient metadata comprising recipient information from the recipient computing system and a recipient network address(5.1 Header Analysis & 4. Email Identities and Data & 5.5 Software Embedded Identifiers, the recipient address is encoded into header of the mail); authenticating access, by the recipient computer system, to the encrypted payload, wherein authenticating access uses the recipient metadata(Page 232 SMTP & SMTP*, the authenticated user is provided access to email& Table 5 item IMAPS & POP3S SPOP, encrypted connection with packets being encrypted).
Banday does not disclose sending, to the recipient computer system, a response after authenticating the recipient computer system, wherein the recipient computer system decrypts the encrypted payload to access the payload in response to receiving the response.
In the same field of endeavor as the claimed invention, Lord discloses sending, to the recipient computer system, a response after authenticating the recipient computer system, wherein the recipient computer system decrypts the encrypted payload to access the payload in response to receiving the response(Abstract & Fig. 14 item ID, File metadata & Par. 0028 & Par. 0039 & Fig. 3 Authentication & Par. 006 & Par. 0049, the user is authenticated and decrypting of file).
It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify Banday invention to incorporate sending, to the recipient computer system, a response after authenticating the recipient computer system, wherein the recipient computer system decrypts the encrypted payload to access the payload in response to receiving the response for the advantage of authentic users being provided access to files or emails as taught in Lord see Par. 0049.
Lor nor Banday discloses generating, by the authentication server, an access package that includes one or more access keys and executable code that is used to decrypt the file.
Shirashi discloses generating, by the authentication server, an access package that includes one or more access keys and executable code that is used to decrypt the file
(Fig. 1 item 24 & Fig. 5 item S51-S57 & Fig. 6 item S64-S65 & Par. 0012-0013 & Par. 0068-0070, the access permissions and key for user is determined).
It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify Banday invention to incorporate generating, by the authentication server, an access package that includes one or more access keys and executable code that is used to decrypt the file for the advantage of authentic users being provided access to files or emails as taught in Shirashi see Par. 0067.
Regarding claim 2, 5, 8, the combined method/system/medium of Banday, Lord and Shirashi , mutatis mutandis, Banday discloses The method of claim 1, further comprising: receiving, from a sender computer system, sender metadata comprising sender information from the sender computing system, wherein the sender information comprises a sender hardware fingerprint of the sender computer system(5.6 Sender Mailer Fingerprints & 6. Email Forsenic Tools, sender data is captured including the ISP and MAC addresses).
Regarding claim 3, 6, 9, the combined method/system/medium of Banday, Lord and Shirashi , mutatis mutandis, Banday discloses the method of claim 1, wherein the recipient information comprises a recipient hardware fingerprint of the recipient computer system(5.6 Sender Mailer Fingerprints & 6. Email Forsenic Tools, sender data is captured including the ISP and MAC addresses) .
Regarding claim 4. Banday discloses A system comprising: a recipient computing system(Fig. 2 item Receiver); an authentication server communicatively coupled to the recipient computing system(Fig. 2 Sending Server STMP &SMTP*); and a sender computing system communicatively coupled to the authentication server and comprising a sender application configured for: encrypting, by the sender computer system, a payload with a symmetric key to generate an encrypted payload(Page 235 DKIM Signature, the key is used for signing and encrypting & Table 5 item IMAPS & POP3S SPOP, encrypted connection with packets being encrypted); sending, from the sender computer system to a recipient computer system, the encrypted payload(Fig. 2 item Author to Receiver); and sending, from the recipient computer system to the authentication server, recipient metadata comprising recipient information from the recipient computing system and a recipient network address, wherein the authentication server comprises a server application configured for: authenticating access, by the recipient computer system, to the encrypted payload, wherein authenticating access uses the recipient metadata(5.1 Header Analysis & 4. Email Identities and Data & 5.5 Software Embedded Identifiers, the recipient address is encoded into header of the mail); and sending, from the authentication server to the recipient computer system, a response after authenticating the recipient computer system(Page 232 SMTP & SMTP*, the authenticated user is provided access to email& Table 5 item IMAPS & POP3S SPOP, encrypted connection with packets being encrypted).
Banday does not disclose wherein the recipient computing system comprises a recipient application configured for: decrypting, by the recipient computer system, the encrypted payload to access the payload in response to receiving the response.
In the same field of endeavor as the claimed invention, Lord discloses wherein the recipient computing system comprises a recipient application configured for: decrypting, by the recipient computer system, the encrypted payload to access the payload in response to receiving the response (Abstract & Fig. 14 item ID, File metadata & Par. 0028 & Par. 0039 & Fig. 3 Authentication & Par. 006 & Par. 0049, the user is authenticated and decrypting of file).
It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify Banday invention to incorporate wherein the recipient computing system comprises a recipient application configured for: decrypting, by the recipient computer system, the encrypted payload to access the payload in response to receiving the response for the advantage of authentic users being provided access to files or emails as taught in Lord see Par. 0049
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213. The examiner can normally be reached 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492 Email: venkatanarayan.perungavoor@uspto.gov