DETAILED ACTION
This Office Action is in response to the application 18/702,128 filed on April 17th, 2024.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1 & 24 are independent; and claims 6, 9 & 12-13 were canceled. Claims 1-5, 7-8, 10-11 & 14-24 are pending and herein considered.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 05/23/2024, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1 and 24 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Regarding claim 1; claim 1 recites the limitation “present the identity of the network to a user” in line 13. There is insufficient antecedent basis for this limitation in the claim. For the purpose of applying art, the examiner interprets the claimed identity to mean “present an identity of the network to a user.”
Regarding claim 24; claim 1 recites the limitation “presenting the identity of the network to a user” in line 12. There is insufficient antecedent basis for this limitation in the claim. For the purpose of applying art, the examiner interprets the claimed identity to mean “presenting an identity of the network to a user.”
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-5, 7-8, 10 and 14-24 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Agaian et al. (Agaian), U.S. Pub. Number 2016/0381054.
Regarding claim 1; Agaian discloses a receive-only network device (par. 0047; fig. 1; a generalized inter-networked system 100.) for securely identifying a network, comprising:
a network physical layer (PHY) circuit (par. 0047; fig. 1; a protected network enclave 105; the protected network enclave is established using two separate instances 105A-B referred to as the Realtime Security Unit (RSU).) configured to establish a physical layer connection to a network via at least one wired transmission medium (par. 0058; messages will arrive on interface 440B, typically presented as Ethernet frame data; the RSU will intercept each network frame, which are equally referred to as messages, and present these messages to the stream handler 420; the stream vector handler can use process queuing to effectively buffer messages which arrive asynchronously; once registered by the stream vector handler 420, the frame structure can be assigned a data structure pointer value which is used to reference the assigned data structure within memory during the lifetime of the frame; the stream state can be uniquely derived from the, non-sequential, unidirectional message flow that is asynchronously presented to the inbound interface 440B.);
a controller electrically coupled to a receive channel of the PHY via a unidirectional hardware buffer configured to transfer electronic signals received from the PHY and block electronic signals received from the controller (par. 0044; the system includes a unidirectional in-line communications data stream handler), the controller is configured to: receive from the PHY at least one link layer frame transmitted by at least one network controller of the network and intercepted by the PHY (par. 0058; messages will arrive on interface 440B, typically presented as Ethernet frame data; the RSU will intercept each network frame, which are equally referred to as messages, and present these messages to the stream handler 420.), extract at least one network attribute of the network from the at least one intercepted link layer frame (par. 0059; the frame pointer value is passed from the stream handler 420 to the stream data detector function 410 where the data structure is decomposed to expose the TCP header level.);
identify the network at least partially according to the at least one extracted network attribute (par. 0059; the identification of the session stream context vector value, comprised the initial datagram sequence number, acknowledgement number, source data port identifier, and the object identifier; the data structure of the message can even be further decomposed to exposed the application data level.); and
present the identity of the network to a user (par. 0057; a real-time network processing speeds, unidirectional network message traffic and upon the presentation of the message signal to the RSU interface 440B, intercept, handle, inspect, apply any selected algorithmic modifications on message data, reconstruct the messages and forward the intercepted message to the intended recipient via interface 440A.).
Regarding claim 2; Agaian discloses the receive-only network device of claim 1, wherein a transmit channel of the PHY is physically disconnected (par. 0048; the transmit data from the SDP to the outbound service provider is uninterrupted and the RSU has no effect on this transmitted data line.).
Regarding claim 3; Agaian discloses the receive-only network device of claim 1, further comprising a second hardware buffer connecting the receive channel of the PHY to the controller, the second hardware buffer is configured to transfer electronic signals received from the PHY and block electronic signals received from the controller (par. 0057; a real-time network processing speeds, unidirectional network message traffic and upon presentation of the message signal to the RSU interface 440B, intercept, handle, inspect, apply any selected algorithmic modifications on message data, reconstruct the messages and forward the intercepted message to the intended recipient via interface 440A.).
Regarding claim 4; Agaian discloses the receive-only network device of claim 3, wherein the second hardware buffer comprises a hardware programmable logic circuit configured to have an input only port connected to the PHY and an output only port connected to the controller (par. 0058; the stream vector handler can use process queueing to effectively buffer messages which arrive asynchronously.).
Regarding claim 5; Agaian discloses the receive-only network device of claim 4, further comprising another unidirectional hardware buffer configured to transfer electronic signals from the hardware programmable logic circuit to the controller and block signals received from the controller (par. 0058; the stream vector handler can use process queueing to effectively buffer messages which arrive asynchronously.).
Regarding claim 7; Agaian discloses the receive-only network device of claim 1, wherein the PHY is further configured to disable auto-negotiation sequence via the at least one wired transmission medium and apply half-duplex 10Base-T using normal link pulses (NLP) protocol to connect to the network (par. 0051; a pairing two separate RSU devices is capable of conducting a cooperative exchange of message traffic to implement the classical man-in-the-middle (MITM) cryptographic session key interception and renegotiation exchange functions.).
Regarding claim 8; Agaian discloses the receive-only network device of claim 1, wherein the link layer frame is defined by at least one station and media access control connectivity discovery protocol (par. 0049; internally situated RSU can be inserted between the normal network interface transmit data line of the network switches link to the SDP router to establish in internal outbound protected network sub-enclave.).
Regarding claim 10; Agaian discloses the receive-only network device of claim 1, wherein the controller is further configured to compare between the at least one extracted network attribute and a corresponding at least one reference network attribute logged in at least one network information record stored in the receive-only network device (par. 0072; observing the first packet structure value, 0xAC 84 98 C4 and the comparing it to the last packet structure; it is clearly seen that the acknowledgement field value does not actually change over the streams lifetime.).
Regarding claim 14; Agaian discloses the receive-only network device of claim 10, wherein the controller is further configured to update the at least one network information record according to at least one network information update frame transmitted by a dedicated server and intercepted by the PHY from the network (par. 0064; information constructs that were discerned from the asynchronous, unidirectional message stream traffic for which the states are targeted and updated prior to entry into the DPI/DPP modification functions.).
Regarding claim 15; Agaian discloses the receive-only network device of claim 14, further comprising the at least one network information update frame is signed with a signature used by the controller to verify the at least one network information update frame (par. 0080; independently verified that modifications to this defined section of an executable file will nullify that file, rendering it non-executable.).
Regarding claim 16; Agaian discloses the receive-only network device of claim 1, wherein the identity of the network is presented to a user via a screen of the receive-only network device (par. 0088; with the fundamental data structure of a representative image established, the processes by which image pixel modifications, which will result in the obfuscation and subsequent loss of advantage for use for these structures for covert channel communications via digital multimedia.).
Regarding claim 17; Agaian discloses the receive-only network device of claim 16, wherein the controller is further configured to present the network identity via the screen according to at least one user interface (UI) rule defined by a at least one UI configuration record stored in the receive-only network device (par. 0045; using a prescribed set of rules the system algorithmically resolves to a predefined series of potential actions that could be applied toward a particular data segment within the stream which is being transferred though the system.).
Regarding claim 18; Agaian discloses the receive-only network device of claim 17, wherein the controller is further configured to update the at least one UI configuration record according to at least one UI update frame transmitted by a dedicated server and intercepted by the PHY from the network (par. 0062; registering or updating the stream state table 415 and passing the message pointer to the stream object processor 430 where the message can be modified based on a predefined set of algorithms, the operations of which are selected by defined object identifier value.).
Regarding claim 19; Agaian discloses the receive-only network device of claim 18, further comprising the at least one UI update frame is signed with a signature used by the controller to verify the at least one UI update frame (par. 0062; the first sequential case, the pointer is passed directly to the outbound interface transmission queue and the stream vector handler 420 releases the pointer from memory; this action to release the pointer can occur based on two internal state table conditions.).
Regarding claim 20; Agaian discloses the receive-only network device of claim 1, wherein the controller is further configured to discard the at least one network attribute and the network identity extracted from the at least one intercepted link layer frame (par. 0078; last actionable message intercepted by the RSU defined by end-of-stream markers, data structure format in the state table definitions.).
Regarding claim 21; Agaian discloses the receive-only network device of claim 1, wherein the controller is further configured to update code executed by the controller according to at least one code version update (CVU) frame transmitted by a dedicated server and intercepted by the PHY from the network (par. 0063; update state table.).
Regarding claim 22; Agaian discloses the receive-only network device of claim 21, further comprising the at least one CVU frame is signed with a signature used by the controller to verify the at least one CVU frame (par. 0083; detect feature sets of signatures descriptors of known bad files.).
Regarding claim 23; Agaian discloses the receive-only network device of claim 1, further comprising at least one hardware programmable logic circuit configured to electrically drive at least one input only control signal of the PHY in order to operate the PHY to conduct time-domain reflection (TDR) testing and/or optical time-domain reflection (OTDR) for testing integrity of a hardware infrastructure of the network according to reflections of signals transmitted by the PHY to the network (par. 0075; the executable object 920A may or may not contain malicious logic and each user may or may not be aware of the presence or situation, an actual double-blind conditional test of the file is in play; the inbound RSU 990 system will treat all active executable files that transfer across its interfaces as malicious and will perform a series of actions to nullify all inbound executable files before they are delivered to processing nodes, essentially rendering the file non-functional and non-executable.).
Regarding claim 24; Claim 24 is directed to a method which has similar scope as claim 1. Therefore, claim 24 remains un-patentable for the same reasons.
Allowable Subject Matter
Claim 11 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHOI V LE/Primary Examiner, Art Unit 2436