DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the communication filed on 12/10/2025.
Claims 1-20 are pending.
Response to Arguments
Applicant's arguments on the 35 U.S.C. 102 rejection have been fully considered but they are not persuasive. Applicant argues that Narayanaswamy does not disclose determining whether a response includes a URL that indicates a remote server and then determining that the remote server is suspicious. The examiner respectfully disagrees.
Narayanaswamy discloses determining whether a response includes a URL that indicates a remote server (col. 19, par. 2, determining whether a response is from a GenAI application server based on a URL of the issuing server in the response; col. 7, last par., GenAI application response’s URL is added to a list of known or suspected GenAI services at a detection engine. Once added to the list, future traffic to and from the hosted service will be classified by the appropriate GenAI response classifier).
Narayanaswamy discloses determining that the remote server is suspicious. Narayanaswamy teaches GenAI response classifying whether a response from a hosted service is normal or leaking data, or being “suspicious” (col. 19, par. 2). In claim 1, how to determine the remote server is suspicious is not disclosed. Thus, Narayanaswamy’s determining of server traffic as normal or leaking data can be read as determining whether the server is suspicious.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1, 3, 5, 8, 10, 12, 15, 17, 19 is/are rejected under AIA 35 U.S.C. 102(a)(2) as being anticipated by Narayanaswamy et al. (US 12,282,545 B1, herein “Narayanaswamy”).
As to claim 1, Narayanaswamy discloses a method comprising:
monitoring network traffic for responses from a language model; based on detection of a response from the language model, inspecting the response to determine whether the response includes a uniform resource locator (URL) that indicates a remote server (col. 19, par. 2, determining whether a response is from a GenAI application server based on a URL of the issuing server in the response; col. 7, last par., a detection engine may include another machine learning classifier trained to classify responses as suspected GenAI responses or unsuspected... the detection engine may identify the corresponding hosted service as a GenAI application. In some embodiments, the network security system may maintain a list of GenAI applications and use the list to identify traffic flowing to or from a hosted service in the list of GenAI applications as a GenAI request or GenAI response. In such embodiments, once the detection engine identifies a hosted service as a GenAI application, the network security system may add the URL to the list);
based on a determination that the response includes a URL that indicates a remote server, determining whether the remote server is suspicious (col. 11, l. 44-57, col. 19, par. 2, GenAI traffic inspection 155 further includes functionality of analyzing GenAI responses with a machine learning GenAI response classifier that classifies the GenAI response as normal (i.e., benign), leaked system prompt, leaked training data, or leaked user-uploaded files; col. 17, par. 1, the URL of the specific GenAI service 130 may be added to a blacklist used to block requests from endpoints 110 to the specific GenAI services 130 listed on the blacklist); and
based on a determination that the remote server is suspicious, performing a security action corresponding to the response (col. 15, par. 3, GenAI response classifier 220 of GenAI traffic inspection 155 provide classifications with the responses to policy application engine 240 in security policy enforcement engine 235. Security policy enforcement engine 235 includes functionality for enforcing security policies… and approving traffic for transmission to its intended destination or blocking unapproved traffic based on the security policies).
As to claim 3, Narayanaswamy discloses performing the security action comprises updating a block list to indicate the remote server (col. 17, par. 1).
As to claim 5, Narayanaswamy discloses allowing transmission of the response based on a determination that the remote server is not suspicious or a determination that the response does not include a URL that indicates a remote server (fig. 2A, col. 6, last par., approved (benign) service traffic is forwarded to endpoints).
As to claims 8, 10, 12, Narayanaswamy discloses a non-transitory machine-readable medium having program code stored thereon (fig. 11), the program code comprising instructions as steps in claims 1, 3, 5.
As to claims 15, 17, 19, Narayanaswamy discloses an apparatus comprising: a processor; and a machine-readable medium having instructions stored thereon (fig. 11), the instructions executable by the processor to cause the apparatus to execute steps in claims 1, 3, 5.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 2, 9, 16 is/are rejected under AIA 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Grewal et al. (US 2022/0210188, “Grewal”).
As to claims 2, 9, 16, Narayanaswamy does not disclose determining whether the remote server is suspicious comprises determining whether the remote server was registered with the domain name system (DNS) outside of a specified time window, wherein the remote server is determined as suspicious if registered with DNS outside of the specified time window.
Grewal discloses determining whether the remote server is suspicious comprises determining whether the remote server was registered with the domain name system (DNS) outside of a specified time window, wherein the remote server is determined as suspicious if registered with DNS outside of the specified time window (table 2, [0075], domain (DNS) registration less than a year is indicative of phishing).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Grewal’s identifying malicious URL/domain by registration length or age in order to implement a specific method for identifying malicious domain among many as known in the art (Grewal, table 2).
Claim(s) 4, 11, 18 is/are rejected under AIA 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Fandli et al. (US 2021/0243158, “Fandli”).
As to claims 4, 11, 18, Narayanaswamy discloses performing the security action further comprises determining whether the remote server is indicated in an allow list (col. 8, par. 1),
Narayanaswamy does not disclose updating the block list to indicate the remote server is after determining that the remote server is not indicated on the allow list.
Fandli discloses updating the block list to indicate the remote server is after determining that the remote server is not indicated on the allow list ([0002], traffic outside a whitelist is blocked, or added to a block list).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Fandli’s teachings of only allowing whitelist traffic to Narayanaswamy’s teachings in order to implement a simple and well-known network policy of Fandli.
Claim(s) 6, 14, 20 is/are rejected under AIA 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Invernizzi et al. (US 8,959,643, “Invernizzi”).
As to claims 6, 14, 20, Narayanaswamy does not disclose inspecting the response to also determine whether the URL indicates a malicious payload.
Invernizzi discloses determining whether the URL indicates a malicious payload (col. 2, last par., fig. 3.1, URL with malicious payload).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Invernizzi’s teachings of identifying malicious payload in URL to Narayanaswamy’s URL inspection in responses in order to provide protection of Narayanaswamy for a scenario where a link or URL contains malware or malicious materials.
Claim(s) 7, 14 is/are rejected under AIA 35 U.S.C. 103 as being unpatentable over Narayanaswamy in view of Cappel et al. (US 2025/0245322, “Cappel”).
As to claims 7, 14, Narayanaswamy does not disclose monitoring requests being transmitted to the language model; based on detection of a request, inspecting the request to determine whether the request includes a suspicious task or sub-task instruction; and based on a determination that the request includes a suspicious task instruction, indicating the conversation of the request for security inspection, wherein the response is inspected based, at least in part, on indication of the conversation for security inspection.
Cappel discloses disclose monitoring requests being transmitted to the language model; based on detection of a request, inspecting the request to determine whether the request includes a suspicious task or sub-task instruction; and based on a determination that the request includes a suspicious task instruction, indicating the conversation of the request for security inspection, wherein the response is inspected based, at least in part, on indication of the conversation for security inspection ([0046], analyzing outputs of a GenAI model using a blocklist derived from a corpus of outputs responsive to prompts that are known to be malicious. Prompts and outputs are implicitly part of a conversation).
It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Cappel’s analysis of both malicious input and outputs applied to a GenAI model to Narayanaswamy’s teachings in order to enforce remediation to both malicious inputs and outputs of the model (Cappel, [0052])
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is included in form PTO 892.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HIEU T HOANG whose telephone number is (571) 270-1253. The examiner can normally be reached Mon-Fri 9 AM -5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HIEU T HOANG/Primary Examiner, Art Unit 2449
Prosecution Insights