DETAILED ACTION
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This Office Action is in response to the communication filed on 6/21/2024.
Claims 1-20 are pending for consideration.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Information Disclosure Statement
An applicant’s duty of disclosure of material information is not satisfied by presenting a patent examiner with “a mountain of largely irrelevant data from which he is presumed to have been able, with his expertise and with adequate time, to have found the critical data. It ignores the real world conditions under which examiners work.” Rohm & Haas Co. v. Crystal Chemical Co., 722 F.2d 1556, 1573, 220 U.S.P.Q. 289 (Fed. Cir. 1983), cert. denied, 469 U.S. 851 (1984). An applicant has a duty to not just disclose pertinent prior art references but to make a disclosure in such way as not to “bury” it within other disclosures of less relevant prior art. See Golden Valley Microwave Foods Inc. v. Weaver Popcorn Co. Inc., 24 U.S.P.Q.2d 1801 (N.D. Ind. 1992); Molins PLC v. Textron Inc., 26 U.S.P.Q.2d 1889, 1899 (D. Del. 1992); Penn Yan Boats, Inc. v. Sea Lark Boats, Inc. et al., 175 U.S.P.Q. 260, 272 (S.D. Fl. 1972). It is unreasonable for Examiner to review all of the cited references thoroughly. By signing the accompanying 1449 forms, Examiner is merely acknowledging the submission of the cited references and indicating that only a cursory review has been made.
Examiner notes that Therasense, Inc. v. Becton, Dickinson and Co., 649 F.3d 1276 (Ct. App. 2011) (en banc) has significantly restricted the infringement defense of inequitable conduct. A defendant must show that the patent in question would not have been issued but for undisclosed information, and that the patentee had the intent to deceive. Examiner suggests that future Information Disclosure Statements cite only the most relevant/inclusive references or portions thereof.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 2 and 13 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 2 and 13 recite computer-implemented functions including, among other limitations, “determine a file type of the file; and selectively apply the content inspection profile based at least in part on the file type”.
Applicant is respectfully reminded, for computer-implemented features, “examiners should determine whether the specification discloses the computer and the algorithm (e.g., the necessary steps and/or flowcharts) that perform the claimed function in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter.” MPEP § 2161.01(I).
Applicant’s specification does not describe an algorithm that performs the function “determine a file type of the file and selectively apply the content inspection profile based at least in part on the file type ” in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter. For example, Applicant’s specification discloses “file type…inspect file types i.e. docx, PDF, music/video files, etc.” Spec. [00156].
However, such disclosure is not an algorithm (e.g., the necessary steps and/or flowcharts) that performs the claimed function in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter.
Applicant is also reminded, “[i]f the specification does not provide a disclosure of the computer and algorithm in sufficient detail to demonstrate to one of ordinary skill in the art that the inventor possessed the invention including how to program the disclosed computer to perform the claimed function, a rejection under 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph, for lack of written description must be made.” MPEP § 2161.01(I).
Therefore, because an algorithm for the function “determine a file type of the file and selectively apply the content inspection profile based at least in part on the file type” is not disclosed in sufficient detail such that one of ordinary skill in the art can reasonably conclude that the inventor invented the claimed subject matter, and in accordance with MPEP § 2161.01, claims 2 and 13 are rejected for lack of written description.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 2 and 13 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Regarding independent claims 2 and 13, the claims are rejected for lack of sufficient written description. According to MPEP 2161.01 (I), a rejection under 35 U.S.C. 112(b) or the second paragraph of pre-AIA 35 U.S.C. 112 must be made in addition to the written description rejection. According to MPEP 2173, 35 U.S.C. 112(b) or pre-AIA 35 U.S.C. 112, second paragraph requires that a patent application specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. A secondary purpose is to provide a clear measure of what the inventor or a joint inventor regards as the invention so that it can be determined whether the claimed invention meets all the criteria for patentability and whether the specification meets the criteria of 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph with respect to the claimed invention. Therefore, the claim must be rejected under 112(b) because it does not comply with written description requirement under 35 U.S.C 112(a).
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. 9928377. Although the claims at issue are not identical, they are not patentably distinct from each other because both applications disclose a common subject matter such as applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream (see Claims Comparison Table below).
Instant application 18750923
Patent application 9928377
Claim 1:
A computer-implemented method of data loss prevention for data owned by an enterprise, the computer-implemented method comprising: intermediating, with a cloud-hosted network security system, traffic between an endpoint of the enterprise and a cloud computing service (CCS); detecting activity associated with content on the CCS from the traffic; selectively applying portions of a content inspection policy to the content, wherein: the content inspection policy comprises a plurality of content inspection profiles, each content inspection profile comprises one or more content inspection rules, the content inspection policy is selectively applied based on the CCS, a user of the endpoint, a type of the activity, or a combination thereof, and the one or more content inspection rules each comprise custom inspection rules that include custom regular expressions defined by the enterprise, predefined data identifiers, or a combination thereof; and based on identifying one or more matches in the content from application of the content inspection policy, triggering a security action to control the content.
Claim 1:
A computer-implemented method of monitoring and controlling enterprise information stored on a cloud computing service (CCS), the method including: using a cross-application monitor to detect: a cloud computing service (CCS) application programming interface (API) in use by a client; and a function or an activity being requested by the client via the CCS API; determining the function or the activity to be performed by parsing API data exchanged via the CCS API, the parsing based on the detected CCS API, and identifying content being transmitted between the client and the CCS; selectively applying a content inspection rule with a multi-part string search pattern, based on at least the determined function or activity, to the content being transmitted between the client and the CCS to find two or more non-contiguous strings that are within a proximity specified in the content inspection rule and that, based on the finding, are therefore subject to content control; and triggering a security action responsive to finding the two or more non-contiguous strings subject to content control.
Claim 12:
A system for data loss prevention of data owned by an enterprise, the system comprising: one or more processors; and one or more memories having stored thereon instructions that, upon execution by the one or more processors, cause the one or more processors to: intermediate traffic between an endpoint of the enterprise and a cloud computing service (CCS), detect activity associated with content on the CCS from the traffic, selectively apply portions of a content inspection policy to the content, wherein: the content inspection policy comprises a plurality of content inspection profiles; each content inspection profile comprises one or more content inspection rules; the content inspection policy is selectively applied based on the CCS, a user of the endpoint, a type of the activity, or a combination thereof; and the one or more content inspection rules each comprise custom inspection rules that include custom regular expressions defined by the enterprise, predefined data identifiers, or a combination thereof, and based on identifying one or more matches in the content from application of the content inspection policy, trigger a security action to control the content.
Claim 15:
A system of monitoring and controlling enterprise information stored on a cloud computing service (CCS), the system including: a processor and a computer readable storage medium storing computer instructions configured to cause the processor to: use a cross-application monitor to detect: a cloud computing service (CCS) application programming interface (API) in use by a client; and a function or an activity being requested by the client via the CCS API; determine the function or the activity to be performed by parsing API data exchanged via the CCS API, the parsing based on the detected CCS API, and identifying content being transmitted between the client and the CCS; selectively apply a content inspection rule with a multi-part string search pattern, based on at least the determined function or activity, to the content being transmitted between the client and the CCS to find two or more non-contiguous strings that are within a proximity specified in the content inspection rule and that, based on the finding, are therefore subject to content control; and trigger a security action responsive to finding the two or more non-contiguous strings subject to content control.
The dependent claims of the instant application recite language similar to the dependent claims of the patent application and are covered by the patent application.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-16 of U.S. Patent No. 12056235. Although the claims at issue are not identical, they are not patentably distinct from each other because both applications disclose a common subject matter such as applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream (see Claims Comparison Table below).
Instant application 18750923
Patent application 12056235
Claim 1:
A computer-implemented method of data loss prevention for data owned by an enterprise, the computer-implemented method comprising: intermediating, with a cloud-hosted network security system, traffic between an endpoint of the enterprise and a cloud computing service (CCS); detecting activity associated with content on the CCS from the traffic; selectively applying portions of a content inspection policy to the content, wherein: the content inspection policy comprises a plurality of content inspection profiles, each content inspection profile comprises one or more content inspection rules, the content inspection policy is selectively applied based on the CCS, a user of the endpoint, a type of the activity, or a combination thereof, and the one or more content inspection rules each comprise custom inspection rules that include custom regular expressions defined by the enterprise, predefined data identifiers, or a combination thereof; and based on identifying one or more matches in the content from application of the content inspection policy, triggering a security action to control the content.
Claim 1:
A computer-implemented method of monitoring and controlling enterprise information stored on a cloud computing service (CCS), the method including: detecting, with a cross-application monitor, a data stream between a client of an enterprise and an application programming interface (API) of the CCS; parsing the data stream to identify an activity; analyzing the activity to determine the activity comprises content level activity based on the activity comprising manipulation of content; in response to determining that the activity comprises content level activity, applying a content inspection rule to the parsed data stream, wherein applying the content inspection rule comprises applying a multi-part string search pattern to the parsed data stream to match two or more non-contiguous strings that collectively identify content subject to content control associated with the activity; selecting a security action based on a type of the content subject to the content control; and triggering the security action to control the content.
Claim 12:
A system for data loss prevention of data owned by an enterprise, the system comprising: one or more processors; and one or more memories having stored thereon instructions that, upon execution by the one or more processors, cause the one or more processors to: intermediate traffic between an endpoint of the enterprise and a cloud computing service (CCS), detect activity associated with content on the CCS from the traffic, selectively apply portions of a content inspection policy to the content, wherein: the content inspection policy comprises a plurality of content inspection profiles; each content inspection profile comprises one or more content inspection rules; the content inspection policy is selectively applied based on the CCS, a user of the endpoint, a type of the activity, or a combination thereof; and the one or more content inspection rules each comprise custom inspection rules that include custom regular expressions defined by the enterprise, predefined data identifiers, or a combination thereof, and based on identifying one or more matches in the content from application of the content inspection policy, trigger a security action to control the content.
Claim 9:
A system for monitoring and controlling enterprise information stored on cloud computing services (CCSs), the system comprising: one or more processors; and one or more memories having stored thereon instructions that, upon execution by the one or more processors, cause the one or more processors to: detect, with a cross-application monitor of the system, a data stream between a client of an enterprise and an application programming interface (API) of a cloud computing service (CCS); parse the data stream to identify an activity; analyze the activity to determine the activity comprises content level activity based on the activity comprising manipulation of content; in response to determining that the activity comprises content level activity, applying a content inspection rule to the parsed data stream, wherein applying the content inspection rule comprises applying a multi-part string a search pattern to the parsed data stream to match two or more non-contiguous strings that collectively identify content subject to content control associated with the activity; selecting a security action based on a type of the content subject to the content control; and triggering the security action to control the content.
The dependent claims of the instant application recite language similar to the dependent claims of the patent application and are covered by the patent application.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-10 of U.S. Patent No. 11238153. Although the claims at issue are not identical, they are not patentably distinct from each other because both applications disclose a common subject matter such as applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control and triggering a security action responsive to finding the strings and interrelated strings subject to content control in the parsed stream (see Claims Comparison Table below).
Instant application 18750923
Patent application 11238153
Claim 1:
A computer-implemented method of data loss prevention for data owned by an enterprise, the computer-implemented method comprising: intermediating, with a cloud-hosted network security system, traffic between an endpoint of the enterprise and a cloud computing service (CCS); detecting activity associated with content on the CCS from the traffic; selectively applying portions of a content inspection policy to the content, wherein: the content inspection policy comprises a plurality of content inspection profiles, each content inspection profile comprises one or more content inspection rules, the content inspection policy is selectively applied based on the CCS, a user of the endpoint, a type of the activity, or a combination thereof, and the one or more content inspection rules each comprise custom inspection rules that include custom regular expressions defined by the enterprise, predefined data identifiers, or a combination thereof; and based on identifying one or more matches in the content from application of the content inspection policy, triggering a security action to control the content.
Claim 1:
A computer-implemented method of monitoring and controlling exfiltration of documents stored on a cloud computing service (CCS), the method including: using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use; and a function or an activity being performed via the CCS API on a document; determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content in the document being transmitted to the CCS; applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control; providing a triplet of an organization ID of an organization that uses the CCS, a CCS ID, and a region ID as input to a first key-manager, and in response to the input, the first key-manager generating a triplet-key; and encrypting the document, using a per-document key derived by applying a key derivation function (KDF) to the triplet-key, a document identifier (ID), and a salt, responsive to finding the strings and interrelated strings subject to content control in the parsed stream.
Claim 12:
A system for data loss prevention of data owned by an enterprise, the system comprising: one or more processors; and one or more memories having stored thereon instructions that, upon execution by the one or more processors, cause the one or more processors to: intermediate traffic between an endpoint of the enterprise and a cloud computing service (CCS), detect activity associated with content on the CCS from the traffic, selectively apply portions of a content inspection policy to the content, wherein: the content inspection policy comprises a plurality of content inspection profiles; each content inspection profile comprises one or more content inspection rules; the content inspection policy is selectively applied based on the CCS, a user of the endpoint, a type of the activity, or a combination thereof; and the one or more content inspection rules each comprise custom inspection rules that include custom regular expressions defined by the enterprise, predefined data identifiers, or a combination thereof, and based on identifying one or more matches in the content from application of the content inspection policy, trigger a security action to control the content.
Claim 6:
A computer-implemented system that monitors and controls exfiltration of documents stored on a cloud computing service (CCS), the system comprising: a processor and a non-transitory computer readable storage medium storing computer instructions configured to cause the processor to: use a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use; and a function or an activity being performed via the CCS API on a document; determine the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identify content in the document being transmitted to the CCS; apply a content inspection rule to find strings and interrelated strings in the content that are subject to content control; provide a triplet of an organization ID of an organization that uses the CCS, a CCS ID, and a region ID as input to a first key-manager, and in response to the input, the first key-manager generating a triplet-key; and encrypt the document, using a per-document key derived by applying a key derivation function (KDF) to the triplet-key, a document identifier (ID), and a salt, responsive to finding the strings and interrelated strings subject to content control in the parsed stream.
The dependent claims of the instant application recite language similar to the dependent claims of the patent application and are covered by the patent application.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1, 3-4, 9, 12, 14-15, and 17 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Lad et al. (US 9917817) (hereinafter Lad).
Regarding claim 1, Lad discloses a computer-implemented method of data loss prevention for data owned by an enterprise (Lad: paragraph (12), “In at least one embodiment of the invention, the definition of what constitutes sensitive data can be determined by relevant data loss prevention (DLP) policies in the form of content blades.”), the computer-implemented method comprising:
intermediating, with a cloud-hosted network security system, traffic between an endpoint of the enterprise and a cloud computing service (CCS) (Lad: paragraphs (11), (18-20) and (24-29), “the interception system 102 can be implemented within a communication device or analogous device or apparatus …system 102 monitors (via data monitoring component 104) data emitted from a user … to forwarding the entire data set, including the encrypted portion, to the intended destination (such as, …a cloud based storage service).”… “for intercepting system-level application programming interface (API) calls made by the application to monitor the applications for actions leading to data being leaked out.”); detecting activity associated with content on the CCS from the traffic (Lad: paragraphs (5), (11-13), (19-21) and (27), “monitoring a set of outgoing data from a first user, identifying one or more items of sensitive information from the set of outgoing data”… “a content blade encapsulates rules and logic dedicated to accurately detecting a specific piece of content, such as, for example, a Social Security number, a credit card number or a driver's license number”); selectively applying portions of a content inspection policy to the content (Lad: paragraphs (11), (15), (21) and (31-32), “the full content (that is, the larger set of data including the selectively encrypted portion), when imported back to the user's end-point, can require selective decryption (de-tokenization) of the sensitive data that was selectively encrypted”… “only the identified/intercepted sensitive portion of the outgoing set of data is encrypted or tokenized.”), wherein: the content inspection policy comprises a plurality of content inspection profiles (Lad: paragraphs (12-14) and (27-30), “the definition of what constitutes sensitive data can be determined by relevant data loss prevention (DLP) policies in the form of content blades”), each content inspection profile comprises one or more content inspection rules (Lad: paragraphs (14) and (27-30), “detection rules in a content blade are grouped into inclusion rules and exclusion rules”), the content inspection policy is selectively applied based on the CCS, a user of the endpoint, a type of the activity, or a combination thereof (Lad: paragraphs (10) and (27-30), “a mechanism by which sensitive (or potentially sensitive) data within larger data sets or files can be selectively encrypted”…“the policy of the DLP agent can be configured to flag or identify files containing certain content (as described in applicable content blades) as sensitive, to consider movement of such files to outside of the machine as a policy violation,”), and the one or more content inspection rules each comprise custom inspection rules that include custom regular expressions defined by the enterprise, predefined data identifiers, or a combination thereof (Lad: paragraphs (10), (13-14), (27) and (37), “sensitive data might include credit card numbers, social security numbers, account numbers, user-defined data, internal internet protocol (IP) addresses, log-in user-names, passwords, etc”… “a content blade encapsulates rules and logic dedicated to accurately detecting a specific piece of content, such as, for example, a Social Security number, a credit card number or a driver's license number. Additionally, a content blade uses techniques for describing content via linguistic evidence. As described herein, a content blade uses detection rules and contextual rules.”); and based on identifying one or more matches in the content from application of the content inspection policy, triggering a security action to control the content (Lad: paragraphs (14) and (30-31), “the policy of the DLP agent can be configured to flag or identify files containing certain content (as described in applicable content blades) as sensitive, to consider movement of such files to outside of the machine as a policy violation, and to trigger a customized action in response to a policy violation. The customized action can invoke the DPM agent with the file name and location of sensitive data as input. The DPM agent can also use the DPM server to tokenize/encrypt the data as applicable.”).
Regarding claim 12, the claim 12 discloses a system claim that is substantially equivalent to the method of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 12 and rejected for the same reasons.
Regarding claims 3 and 14, Lad discloses wherein each predefined data identifier of the predefined data identifiers detects a specific data type, and the specific data type comprises one of telephone numbers, social security numbers, vehicle identification numbers, credit card numbers, and driver license numbers (Lad: paragraphs (10), (13-14), (27) and (37), “sensitive data might include credit card numbers, social security numbers, account numbers, user-defined data, internal internet protocol (IP) addresses, log-in user-names, passwords, etc”… “a content blade encapsulates rules and logic dedicated to accurately detecting a specific piece of content, such as, for example, a Social Security number, a credit card number or a driver's license number. Additionally, a content blade uses techniques for describing content via linguistic evidence. As described herein, a content blade uses detection rules and contextual rules.”).
Regarding claims 4 and 15, Lad discloses wherein the type of the activity is one of: upload; download; share; view; and delete (Lad: paragraphs (15) and (23), “This can include, as noted herein, a user laptop, a desktop computer, a mobile device etc. By way of illustration, consider an example scenario wherein a customer or user wishes to upload log files”).
Regarding claims 9 and 17, Lad discloses wherein the security action comprises: a quarantine security action; a coaching security action; a justification security action; an encrypting security action; or a combination thereof (Lad: paragraphs (10), (14) and (27-31), “a mechanism by which sensitive (or potentially sensitive) data within larger data sets or files can be selectively encrypted”…“the policy of the DLP agent can be configured to flag or identify files containing certain content (as described in applicable content blades) as sensitive, to consider movement of such files to outside of the machine as a policy violation,”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Lad in view of Cooper et al. (US 8739272) (hereinafter Cooper).
Regarding claim 2 and 13, Lad does not explicitly disclose the following limitation which is disclosed by Cooper, wherein the content comprises a file, the method further comprising: determining a file type of the file (Cooper: paragraphs (21-23), “periodically scan and index files in a datacenter, apply a classification policy to identify appropriate content tags for each files”… “HDLP normally determines the type of file being transmitted out of the network (e.g., PDF, Word, etc.)”); and selectively applying the content inspection profile based at least in part on the file type (Cooper: paragraphs (21-23), “The gateway may have additional policies about certain file types being transmitted over particular protocols, which may not be visible directly to an HDLP program.”).
Lad and Cooper are analogous art because they are from the same field of endeavor, data protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Lad and Cooper before him or her, to modify the system of Lad to include the steps of determining a file type of a file and selectively applying a content inspection profile based at least in part on the file type of Cooper. The suggestion/motivation for doing so would have been to collectively and mutually achieve better security (Cooper: paragraph (20)).
Claim(s) 5-8, 16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lad in view of Grant (US 20100251369) (hereinafter Grant).
Regarding claim 5, Lad does not explicitly disclose the following limitation which is disclosed by Grant, wherein at least one of the one or more content inspection rules comprises a multi-part string search pattern (Grant: paragraphs 0066 and 0067, “regular expressions may provide for a concise and flexible way to identify strings of text of interest, such as particular characters, words, patterns of characters and the like, and …then may examine the data 203 by searching for regular expression matches 205 or exact matches from the index 206, where the indexed data may increase accuracy of the detection by detecting actual confidential information 214. In embodiments, the intercepted data 202 may be presented to the content examiner 204 as blocks of data, as a stream of data, examined in real-time, examined from buffer, stored and examined, and the like.”).
Lad and Grant are analogous art because they are from the same field of endeavor, data protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Lad and Grant before him or her, to modify the system of Lad to include at least one of a one or more content inspection rules comprises a multi-part string search pattern of Grant. The suggestion/motivation for doing so would have been improve the systems used to protect confidential information stored on client computer facilities (Grant: paragraph 0004).
Regarding claim 6, Lad as modified discloses the following limitation which is disclosed by Grant, wherein the multi-part string search pattern comprises a plurality of multi-part string search patterns and sub-string patterns (Grant: paragraphs 0066 and 0067, “regular expressions may provide for a concise and flexible way to identify strings of text of interest, such as particular characters, words, patterns of characters and the like, and may be interpreted by a regular expression processor. Creating an index 206 of the confidential information on the computing facility may include an indexer 207 that collects the confidential information 214, such as from an address book 212, a registry 211, files 208, and the like …then may examine the data 203 by searching for regular expression matches 205 or exact matches from the index 206, where the indexed data may increase accuracy of the detection by detecting actual confidential information 214. In embodiments, the intercepted data 202 may be presented to the content examiner 204 as blocks of data, as a stream of data, examined in real-time, examined from buffer, stored and examined, and the like.”). The same motivation to modify Lad in view of Grant, as applied in claim 5 above, applies here.
Regarding claim 7, Lad as modified discloses wherein the multi-part string search pattern is one of the custom regular expressions (Grant: paragraphs 0066 and 0067, “regular expressions may provide for a concise and flexible way to identify strings of text of interest, such as particular characters, words, patterns of characters and the like, and may be interpreted by a regular expression processor. Creating an index 206 of the confidential information on the computing facility may include an indexer 207 that collects the confidential information 214, such as from an address book 212, a registry 211, files 208, and the like”). The same motivation to modify Lad in view of Grant, as applied in claim 5 above, applies here.
Regarding claims 8, and 20 Lad does not explicitly disclose the following limitation which is disclosed by Grant, wherein the custom regular expressions support one of string match pattern operators, string match count operators, and metacharacter match pattern operators (Grant: paragraphs 0044 and 0066, “Rule evaluation may include regular expression rule evaluation, or other rule evaluation method for interpreting the network access request and comparing the interpretation to the established rules for network access”… “The content examiner 204 then may examine the data 203 by searching for regular expression matches 205 or exact matches from the index 206, where the indexed data may increase accuracy of the detection by detecting actual confidential information 214. In embodiments, the intercepted data 202 may be presented to the content examiner 204 as blocks of data, as a stream of data, examined in real-time, examined from buffer, stored and examined, and the like.”; // {Examiner notes, the regular expressions support the plurality of metacharacter match pattern operators (see https://en.wikipedia.org/wiki/Regular_expression).
Lad and Grant are analogous art because they are from the same field of endeavor, data protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Lad and Grant before him or her, to modify the system of Lad to include custom regular expressions support one of string match pattern operators, string match count operators, and metacharacter match pattern operators of Grant. The suggestion/motivation for doing so would have been improve the systems used to protect confidential information stored on client computer facilities (Grant: paragraph 0004).
Regarding claim 16, the claim 16 discloses a system claim that is substantially equivalent to the methods of claims 5-7. Therefore, the arguments set forth above with respect to claim 16 are equally applicable to claims 5-7 and rejected for the same reasons.
Claim(s) 10-11 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Lad in view of Gouget (EP 2544117) (hereinafter Gouget).
Regarding claims 10 and 18, Lad does not explicitly disclose the following limitation which is disclosed by Gouget, wherein the content comprises a file, and the security action comprises an encrypting security action (Gouget: paragraphs 0061 and 0072), the encrypting security action comprising: receiving a triplet-key and triplet-key identifier from a key-manager (Gouget: paragraphs 0061-0062, 0071-0072, 0081, 0091 and 0090-0093, “The FDF derives those derived keys from the master key and the identity of the document to be protected named DOC-ID. DOC-ID randomly generated by the portable token or terminal. Doc-ID is generated according to a hash function" "(Owner-ID, the Doc-ID and the TSP-ID)", {the master key is linked to the Owner-ID, the Doc-ID and the TSP-ID which is mapped to the triplet-key}”); generating a document key based on an identifier of the file and the triplet-key (Gouget: paragraphs 0061-0062, 0081, 0091 and 0090-0093); encrypting the file with the document key (Gouget: paragraphs 0061-0062, 0081, 0091 and 0090-0093); and adding a crypto-header to the file, the crypto-header comprising the triplet-key identifier (Gouget: paragraphs 0071 and 0072, “a header comprising a document descriptor is generated. The header is a data structure containing a list of references on the encrypted document EncDoc, the owner and the trusted provider 24. This header can be entered by the owner on the terminal 21 or generated automatically by, preferably, the portable token 22. In an embodiment, the headers may include such information as, for example, Owner-ID, Doc-ID, and TSP-ID”).
Lad and Gouget are analogous art because they are from the same field of endeavor, data protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Lad and Gouget before him or her, to modify the system of Lad to include an encrypting security action comprising: receiving a triplet-key and triplet-key identifier from a key-manager, generating a document key, encrypting a file and adding a crypto-header to the file of Gouget. The suggestion/motivation for doing so would have been to secure that data is kept secure from unauthorized access (Gouget: paragraph 0012).
Regarding claims 11 and 19, Lad as modified discloses further comprising: decrypting the file, the decrypting comprising: extracting the identifier of the file and the triplet-key identifier from the crypto-header (Gouget: paragraph 0078, “SP 23 operates to parse the query received at the visitor terminal 27 and extract the header comprising the Owner-ID, the Doc-ID and the TSP-ID. At step 64, the SP 23 transmits the extracted header to the visitor terminal 27 in response to its query.”); obtaining the triplet-key from the key-manager based on the triplet-key identifier (Gouget: paragraphs 0078-0081, “SP 23 operates to parse the query received at the visitor terminal 27 and extract the header comprising the Owner-ID, the Doc-ID and the TSP-ID. At step 64, the SP 23 transmits the extracted header to the visitor terminal 27 in response to its query.”); generating the document key based on the identifier of the file and the triplet-key (Gouget: paragraphs 0105-0106, “the TSP has also the capability to compute the secret key KDocVisitor using Mkshared and Doc-ID. However, the knowledge of KDocVisitoris useless to decrypt the EncDoc. Indeed, the data token C1 does not contain the secret key KDocOwner. Only the Portable token has the capability to compute the secret key KDocOwner using Mkprivate and Doc-ID. Thus, only the portable token has the capability to decrypt EncDoc and to recover the plaintext m.”); and decrypting the file with the document key (Gouget: paragraphs 0105-0106, “the TSP has also the capability to compute the secret key KDocVisitor using Mkshared and Doc-ID. However, the knowledge of KDocVisitoris useless to decrypt the EncDoc. Indeed, the data token C1 does not contain the secret key KDocOwner. Only the Portable token has the capability to compute the secret key KDocOwner using Mkprivate and Doc-ID. Thus, only the portable token has the capability to decrypt EncDoc and to recover the plaintext m.”). The same motivation to modify Lad in view of Gouget, as applied in claim 10 above, applies here.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TRANG T DOAN/Primary Examiner, Art Unit 2431