DETAILED ACTION
Response to Amendment
Claims 1-20 are pending.
Response to Arguments
Applicant’s arguments filed 12/03/2025 have been fully considered.
Regarding the rejection of claim 1 under 35 U.S.C. 102(a)(2) as being anticipated by Weizman et al. (US20220321596A1), Applicant argues on page 9 that Weizman fails to teach "identify a reference to the resource name in an asset executing in a first computing environment associated with the first owner, the reference defining a connection between the asset executing in the first computing environment and a resource associated with the resource name," as recited by claim 1.
Applicant’s arguments are not persuasive. Weizman discloses an asset [web application] executing in the first computing environment by showing:
identify a reference [CNAME is “campaign.contoso.com”] to the resource name [“site1”] in an asset [web application] executing in a first computing environment [azurewebsites.net] associated with the first owner: para [0056] shows a particular CNAME record 602 or static IP address 506 goes with the first tenant; para [0094] shows a CNAME record is mapped to a resource (such as a web application) provided by a cloud provider; para [0096] shows service resource name is “site1”. Azure® resource management will automatically assign this customer a subdomain under azurewebsites.net, namely, “site1.azurewebsites.net”. Assume the company wants this website to be accessible using the company's own primary domain (“contoso.com”), at the URL “campaign.contoso.com”. Accordingly, the company creates a CNAME record on their DNS server that maps “campaign.contoso.com” to “site1.azurewebsites.net”;
the reference [CNAME is “campaign.contoso.com”] defining a connection between the asset [web application] executing in the first computing environment [azurewebsites.net] and a resource [“site1.azurewebsites.net”] associated with the resource name [“site1”]: para [0096] shows service resource name is “site1”. Azure® resource management will automatically assign this customer a subdomain under azurewebsites.net, namely, “site1.azurewebsites.net”. Assume the company wants this website to be accessible using the company's own primary domain (“contoso.com”), at the URL “campaign.contoso.com”. Accordingly, the company creates a CNAME record on their DNS server that maps “campaign.contoso.com” to “site1.azurewebsites.net”; para [0100] shows Azure® environment.
The asset (in claim 1) is mapped to a web application (in Weizman) executing in the first computing environment. Weizman discloses the language of the claim.
Regarding the rejection of dependent claim 9 under 35 U.S.C. 102(a)(2) as being anticipated by Weizman, Applicant argues on page 10 Weizman does not relate to identifying instances in which a first computing environment comprises an identification of a file (e.g. a filename) that is accessed via the resource name, which matches an identification of a file in a second computing environment associated with a different.
Applicant’s arguments are not persuasive. Weizman discloses:
determine that the reference to the resource name in the first computing environment [benign website W1] comprises a first identification [“campaign.contoso.com”] of a first file [original contents or files] accessed via the resource name [“site1”]: para [0025, 0031] shows an original tenant X has a benign website W1 that is targeted by (identified by or accessed using) a subdomain D. Having done what it wanted with W1, or having decided to take a different approach that does not require W1, tenant X then deletes W1. However, through an error or an oversight, X does not disable subdomain D; para [0095] shows service resource name is “site1”; assume the company wants this website to be accessible using the company's own primary domain (“contoso.com”), at the URL “campaign.contoso.com”. Accordingly, the company creates a CNAME record on their DNS server that maps “campaign.contoso.com” to “site1.azurewebsites.net”; para [0146] shows the URL (“campaign.contoso.com”) identifies the (original) contents of the web sites or the (original) files;
determine that a second computing environment [fraudulent website W2] associated with the second owner [malicious actor] comprises a second identification [“campaign.contoso.com”] of a second file [malicious contents or files] accessed via the resource name [“site 1”], the second identification matching the first identification: para [0025] shows a tenant Y discovers the continued viability of subdomain D, and (as a bad act) creates a website W2 that is also targeted by subdomain D. W2 could be a fraudulent website; para [0097] shows when the campaign is over, the company deletes the Azure® App Service resource. However, the company does not remove the CNAME record from their DNS server; para [0098] shows a malicious actor can create a new Azure® App Service resource which is also named “site1” but need not have the same content as the original site1 website. This will work because the resource is available. Because the CNAME record still exists, customers that browse to campaign.contoso.com will reach the malicious substitute website; para [0098] shows a malicious actor can create a new resource which is also named "site1" but need not have the same content as the original site1 website; para [0146] shows the URL (“campaign.contoso.com”) now identifies the (malicious) contents of the web sites or the (malicious) files.
Therefore, Weizman discloses claim 9.
As to any argument not specifically addressed, they are the same as those discussed above.
Claim Rejections - 35 USC § 102
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-4 and 6-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Weizman et al. (US20220321596A1).
Regarding claim 1, Weizman discloses a system for mitigating a security risk, the system comprising (para [0006] shows a method for mitigating cybersecurity risk; para [0004] shows a cloud service provider to identify risks when a tenant X relinquishes a website that is identified by a custom domain name and a tenant Y substitutes different website content to be accessed at the same custom domain name; para [0095] shows as an example, suppose Company A (Contoso) creates a website in an Azure® App Service environment. This website is meant to be used for a limited time campaign; para [0096] shows Azure® resource management will automatically assign this customer a subdomain under "site1.azurewebsites.net". Assume the company wants this website "campaign.contoso.com" to be accessible using the company's own primary domain ("contoso.com"). Accordingly, the company creates a CNAME record on their DNS server that maps "campaign.contoso.com" to "site1.azurewebsites.net"; para [0097] when the campaign is over, the company deletes the Azure® App Service resource. However, the company does not remove the CNAME record from their DNS server; para [0098] shows a malicious actor can create a new resource which is also named "site1" but need not have the same content as the original site1 website. This will work because the resource is available. Because the CNAME record still exists, customers that browse to campaign.contoso.com will reach the malicious substitute website; para [0099] shows to mitigate the risks of dangling DNS scenarios like these):
a processor; and a memory device that stores program code structured to cause the processor to (para [0038]):
obtain a resource ownership mapping that maps a resource name to a history of ownerships [ownership change 722 from the first tenant to another tenant] of the resource name and an action [ownership change] associated with the resource name, the history of ownerships including a first owner [first tenant] (para [0094] shows a CNAME record is mapped to a resource (such as a web application) provided by a cloud provider; para [0056] shows a particular CNAME record 602 or static IP address 506 goes with the first tenant; para [0084] shows an ownership change 722 from the first tenant to another tenant);
determine, from the resource ownership mapping, a first ownership change of the resource name relating to the first owner (para [0084] shows an ownership change 722 from the first tenant to another tenant);
identify a reference [CNAME is “campaign.contoso.com”] to the resource name [“site1”] in an asset [web application] executing in a first computing environment [azurewebsites.net] associated with the first owner (para [0056] shows a particular CNAME record 602 or static IP address 506 goes with the first tenant; para [0094] shows a CNAME record is mapped to a resource (such as a web application) provided by a cloud provider; para [0096] shows service resource name is “site1”. Azure® resource management will automatically assign this customer a subdomain under azurewebsites.net, namely, “site1.azurewebsites.net”. Assume the company wants this website to be accessible using the company's own primary domain (“contoso.com”), at the URL “campaign.contoso.com”. Accordingly, the company creates a CNAME record on their DNS server that maps “campaign.contoso.com” to “site1.azurewebsites.net”);
the reference [CNAME is “campaign.contoso.com”] defining a connection between the asset [web application] executing in the first computing environment [azurewebsites.net] and a resource [“site1.azurewebsites.net”] associated with the resource name [“site1”] (para [0096] shows service resource name is “site1”. Azure® resource management will automatically assign this customer a subdomain under azurewebsites.net, namely, “site1.azurewebsites.net”. Assume the company wants this website to be accessible using the company's own primary domain (“contoso.com”), at the URL “campaign.contoso.com”. Accordingly, the company creates a CNAME record on their DNS server that maps “campaign.contoso.com” to “site1.azurewebsites.net”; para [0100] shows Azure® environment); and
perform a preventative action to reduce a risk of a security event occurring in the first computing environment based on a reuse of the resource name (para [0028] shows the mitigation of risks from dangling navigation data structures, e.g., custom domain names and static IP addresses, that can be misused, and by focusing on their navigation targets, e.g., websites, web applications, and so on; para [0048] shows the system 400 is configured by a navigation data structure 402 which has a target identifier 404 identifying a navigation target 406. The system 400 tracks navigation data structure relinquishment 410 activity and status, and also tracks suspect activity 412 by tenants 414 that involves or affects a navigation data structure 402; para [0055] shows the risk mitigation steps include (a) ascertaining 802 that a network navigation data structure 402 has been associated 804 with a first tenant 414 of the cloud architecture, the network navigation data structure having a target identifier 404 which identifies 1014 a network navigation target 406, (b) determining 806 that the network navigation target has been relinquished 808 by the first tenant or has been submitted 810 for relinquishment by the first tenant, and (c) establishing 812 that a second tenant 414 of the cloud architecture has performed 814 a suspect activity 412 which includes creating 1006, attempting 1008 to control 1010, controlling 1010, or otherwise using 1012 at least one of the following: the network navigation data structure 402, any data structure 706 which contains the target identifier 404, or a substitute target 502 which is identified 1014 by the target identifier; para [0074] shows alerting 1056 the first tenant, including identifying the suspect activity to the first tenant; para [0094] shows dangling domains pose a security threat in web security. This threat happens, for example, when a resource name that is bound to a DNS record can be re-used without the control or permission of the original resource owner. This may involve dangling CNAME records, e.g., when a CNAME record is mapped to a resource (such as a web application) in an environment provided by a cloud provider or other service provider. If the resource is deleted, but the CNAME record isn't removed, a malicious actor can create a new resource with the name of the original resource and impersonate the original resource.)
Regarding claim 2, Weizman as applied to claim 1 discloses the processor to perform the preventative action by at least one of: generating a notification to the first owner, or preventing the first computing environment from accessing a resource with the resource name (para [0074] shows alerting 1056 the first tenant, including identifying the suspect activity to the first tenant).
Regarding claim 3, Weizman as applied to claim 1 discloses the processor to:
identify a resource name operation from a network resource, the resource name operation comprising the resource name, the action, and an indication that the action was performed by the first owner (para [0056] shows a particular CNAME record 602 or static IP address 506 goes with the first tenant; para [0094] shows a CNAME record is mapped to a resource; para [0251] shows ownership of a digital resource, e.g., the tenant who created the resource typically owns it); and
store the resource name, the action, and an indication that action was performed by the first owner in the resource ownership mapping (para [0048] shows the system 400 memory 112 is configured by a navigation data structure 402 which has a target identifier 404 identifying a navigation target 406. The system 400 memory 112 is also configured by risk mitigation software 408 which tracks navigation data structure relinquishment 410 activity and status, and also tracks suspect activity 412 by tenants 414 that involves or affects a navigation data structure 402.)
Regarding claim 4, Weizman as applied to claim 1 discloses the action comprises one of: a creation of the resource name, a deletion of the resource name, or a name change of the resource name (para [0056] shows a particular CNAME record 602 or static IP address 506 goes with the first tenant; para [0094] shows a CNAME record is mapped to a resource; para [0251] shows ownership of a digital resource, e.g., the tenant who created the resource typically owns it; para [0073] shows a user wants to delete or move a website that is currently at a custom domain name or static IP.)
Regarding claim 6, Weizman as applied to claim 1 discloses the resource name corresponds to a resource that comprises one of: a cloud storage, an account, a registry service, or an application service (para [0095] shows as an example, suppose Company A (Contoso) creates a website in an Azure® App Service environment.)
Regarding claim 7, Weizman as applied to claim 1 discloses the processor to:
determine, from the resource ownership mapping, a second ownership change of the resource name relating to a second owner, the second ownership change indicating that the second owner is a subsequent owner of the resource name (para [0084] shows ownership 718 field 720 indicates an ownership change 722 from the first tenant to another tenant); and
in response to the determination of the second ownership change, perform the preventative action (para [0055] shows (c) establishing 812 that a second tenant 414 has performed 814 a suspect activity 412; para [0074] shows alerting 1056 the first tenant, including identifying the suspect activity to the first tenant.)
Regarding claim 8, Weizman as applied to claim 7 discloses the processor to perform the preventative action by: generating a notification to the first owner, the notification indicating that the resource name is owned by another entity (para [0073] shows the second tenant has created 1038 or accessed 1040 a copy of the first tenant's CNAME record; para [0084] shows ownership 718 field 720 indicates an ownership change 722 from the first tenant to another tenant; para [0055] shows (c) establishing 812 that a second tenant 414 has performed 814 a suspect activity 412; para [0074] shows alerting 1056 the first tenant, including identifying the suspect activity to the first tenant.)
Regarding claim 9, Weizman as applied to claim 7 discloses the processor to:
determine that the reference to the resource name in the first computing environment [benign website W1] comprises a first identification [“campaign.contoso.com”] of a first file [original contents or files] accessed via the resource name [“site1”] (para [0025, 0031] shows an original tenant X has a benign website W1 that is targeted by (identified by or accessed using) a subdomain D. Having done what it wanted with W1, or having decided to take a different approach that does not require W1, tenant X then deletes W1. However, through an error or an oversight, X does not disable subdomain D; para [0095] shows service resource name is “site1”; assume the company wants this website to be accessible using the company's own primary domain (“contoso.com”), at the URL “campaign.contoso.com”. Accordingly, the company creates a CNAME record on their DNS server that maps “campaign.contoso.com” to “site1.azurewebsites.net”; para [0146] shows the URL (“campaign.contoso.com”) identifies the (original) contents of the web sites or the (original) files);
determine that a second computing environment [fraudulent website W2] associated with the second owner [malicious actor] comprises a second identification [“campaign.contoso.com”] of a second file [malicious contents or files] accessed via the resource name [“site 1”], the second identification matching the first identification (para [0025] shows a tenant Y discovers the continued viability of subdomain D, and (as a bad act) creates a website W2 that is also targeted by subdomain D. W2 could be a fraudulent website; para [0097] shows when the campaign is over, the company deletes the Azure® App Service resource. However, the company does not remove the CNAME record from their DNS server; para [0098] shows a malicious actor can create a new Azure® App Service resource which is also named “site1” but need not have the same content as the original site1 website. This will work because the resource is available. Because the CNAME record still exists, customers that browse to campaign.contoso.com will reach the malicious substitute website; para [0098] shows a malicious actor can create a new resource which is also named "site1" but need not have the same content as the original site1 website; para [0146] shows the URL (“campaign.contoso.com”) now identifies the (malicious) contents of the web sites or the (malicious) files); and
in response to the determination that the second computing environment comprises the second identification of the second file, perform the preventative action (para [0074] shows alerting 1056 the first tenant, including identifying the suspect activity to the first tenant; para [0308] shows substitute targets 502, such as fraudulent websites 504, may be installed without the knowledge of the original target's owner 414.)
Regarding claim 10, Weizman as applied to claim 7 discloses the first owner and the second owner are different tenants of a cloud provider (para [0004] shows a provider such as a cloud service provider or an internet service provider has visibility into activity by multiple customers, e.g., multiple cloud tenants), and
the resource name corresponds to a cloud resource of the cloud provider (para [0095] shows Company A (Contoso) creates a website in an Azure® App Service environment using the company's own primary domain ("contoso.com")).
Regarding claims 11-16, claims 11-16 are method claims. These method claims require limitations that are similar to those recited in the system claims 1-4, 7 and 9 to carry out the method steps. And since Weizman anticipates the system that carries out the method including limitations required to carry out the method steps, therefore method claims 11-16 would have also been anticipated by Weizman.
Regarding claims 17-20, claims 17-20 are directed to a computer-readable storage medium. Claims 17-20 require limitations that are similar to those recited in the system claims 1-2, 7 and 9 to carry out the method steps. And since Weizman anticipates the system that carries out the method including limitations required to carry out the method steps, therefore claims 17-20 would have also been anticipated by Weizman.
Furthermore, Weizman discloses a computer-readable storage medium having computer program code recorded thereon that when executed by at least one processor causes the at least one processor to perform a method (para [0038]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Weizman in view of Kulp et al. (US20190034982A1).
Regarding claim 5, Weizman as applied to claim 1 fails to teach the resource ownership mapping comprises a timestamp associated with the action.
However, Kulp discloses the resource ownership mapping comprises a timestamp associated with the action (para [0035] shows an event is created to capture interactions by a visitor with the website. The timestamp 227 is set to the creation time of the event 202.)
The creation 1006 or deletion 1024 of digital resources 528 in Weizman (para [0108]) is mapped to the interactions in Kulp (para [0035]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the teaching of Weizman with the teaching of Kulp in order to provide a meaningful and flexibility way to notify the visitor of such behavior (Kulp; para [0001]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TAN DOAN whose telephone number is (571)270-0162. The examiner can normally be reached Monday - Friday 8am - 5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar Louie, can be reached at (571) 270-1684. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TAN DOAN/Primary Examiner, Art Unit 2445