Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1 – 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1 - 20 of U.S. Patent No. US-12120132-B2. Although the claims at issue are not identical, they are not patentably distinct from each other because each element of the above noted pending claims are anticipated by a corresponding element of a patented claim, as illustrated below.
Pending claim 1
A system for a dynamic quarantine engine integration with a validated network resource component library for network security, wherein the system is structured for real time deconstruction of incoming data and dynamic analysis of deconstructed components, the system comprising:
at least one memory device with computer-readable program code stored thereon;
at least one communication device;
at least one processing device operatively coupled to the at least one memory device and the at least one communication device, wherein executing the computer-readable code is configured to cause the at least one processing device to:
download a first network program resource component from an external source location to a dynamic quarantine validation library engine associated with a first distributed network;
initiate, via the dynamic quarantine validation library engine, a first dynamic deconstructed validation of the first network program resource component comprising:
splitting the first network program resource component into a plurality of program resource component portions; and
validating each of the plurality of program resource component portions based on at least one or more categorical network program resource component records associated with the dynamic validated network resource library;
in response to a successful first dynamic deconstructed validation of the first network program resource component, construct a first categorical network program resource component record associated with the first network component at network resource structure database;
transmit the first categorical network program resource component record associated with the first network component to the dynamic quarantine validation library engine;
initiate, via the dynamic quarantine validation library engine, a second dynamic deconstructed validation of the first categorical network program resource component record associated with the first network component; and
in response to successful validation of a second dynamic deconstructed validation of the first categorical network program resource component, insert the first categorical network program resource component record associated with the first network program resource component at a dynamic validated network resource library.
Patented claim 1
A system for a dynamic quarantine engine integration with a validated network resource component library for network security, wherein the system is structured for real time deconstruction of incoming data and dynamic analysis of deconstructed components . . . the system comprising:
at least one memory device with computer-readable program code stored thereon;
at least one communication device;
at least one processing device operatively coupled to the at least one memory device and the at least one communication device, wherein executing the computer-readable code is configured to cause the at least one processing device to:
download . . . a first network program resource component from an external source location to a dynamic quarantine validation library engine associated with the first distributed network;
initiate, via the dynamic quarantine validation library engine, a first dynamic deconstructed validation of the first network program resource component comprising:
splitting the first network program resource component into a plurality of program resource component portions; and
validating each of the plurality of program resource component portions based on at least one or more categorical network program resource component records associated with the dynamic validated network resource library;
in response to a successful first dynamic deconstructed validation of the first network program resource component, construct a first categorical network program resource component record associated with the first network component at network resource structure database;
transmit the first categorical network program resource component record associated with the first network component to the dynamic quarantine validation library engine;
initiate, via the dynamic quarantine validation library engine, a second dynamic deconstructed validation of the first categorical network program resource component record associated with the first network component;
in response to successful validation of a second dynamic deconstructed validation of the first categorical network program resource component, insert the first categorical network program resource component record associated with the first network program resource component at a dynamic validated network resource library . . .
Pending claim 2
The system of claim 1, wherein executing the computer-readable code is configured to cause the at least one processing device to: detect, via a network proxy component, an incoming file transfer associated with a first network program resource component at a first distributed network initiated by a first user at first network device of the first distributed network; and in response to determining, via the network proxy component, that a file attribute data element associated with the first network program resource component is associated with a predetermined file type, (i) block the incoming file transfer associated with the first network program resource component at the first distributed network, and (ii) automatically redirect a current interface displayed at the first network device to a dynamic validated network resource library interface associated with a dynamic validated network resource library; determine whether the first network program resource component matches the dynamic validated network resource library; and wherein, the download of the first network program resource component from the external source location to the dynamic quarantine validation library engine is in response to determining that the first network program resource component does not match the dynamic validated network resource library.
Patented claim 2
The system of claim 1, wherein executing the computer-readable code is configured to cause the at least one processing device to: detect, via a network proxy component, an incoming file transfer associated with a first network program resource component at a first distributed network initiated by a first user at first network device of the first distributed network; and in response to determining, via the network proxy component, that a file attribute data element associated with the first network program resource component is associated with a predetermined file type, (i) block the incoming file transfer associated with the first network program resource component at the first distributed network, and (ii) automatically redirect a current interface displayed at the first network device to a dynamic validated network resource library interface associated with a dynamic validated network resource library; determine whether the first network program resource component matches the dynamic validated network resource library; and wherein, the download of the first network program resource component from the external source location to the dynamic quarantine validation library engine is in response to determining that the first network program resource component does not match the dynamic validated network resource library.
Pending claim 3
The system of claim 1, wherein executing the computer-readable code is configured to cause the at least one processing device to: receive, at the dynamic validated network resource library, a request for the first network program resource component from the first user via the first network device; and wherein, the download of the first network program resource component from the external source location to the dynamic quarantine validation library engine is in response to determining that the first network device is associated with an internal network layer of the first distributed network; and wherein, the download of the first network program resource component from the external source location to the dynamic quarantine validation library engine comprises authenticating the download based on successful validation of a predetermined device credential associated with the first network device.
Patented claim 3
The system of claim 1, wherein executing the computer-readable code is configured to cause the at least one processing device to: receive, at the dynamic validated network resource library, a request for the first network program resource component from the first user via the first network device; and wherein, the download of the first network program resource component from the external source location to the dynamic quarantine validation library engine is in response to determining that the first network device is associated with an internal network layer of the first distributed network; and wherein, the download of the first network program resource component from the external source location to the dynamic quarantine validation library engine comprises authenticating the download based on successful validation of a predetermined device credential associated with the first network device.
Pending claim 4
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a version associated with at least one of the plurality of program resource component portions of the first network program resource component is associated with a critical security vulnerability record; and determining an unsuccessful validation of the first network program resource component in response to determining that the version of the at least one of the plurality of program resource component portions of the first network program resource component is associated with the critical security vulnerability record.
Patented claim 4
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a version associated with at least one of the plurality of program resource component portions of the first network program resource component is associated with a critical security vulnerability record; and determining an unsuccessful validation of the first network program resource component in response to determining that the version of the at least one of the plurality of program resource component portions of the first network program resource component is associated with the critical security vulnerability record.
Pending claim 5
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a first version associated with a first program resource component portion of the plurality of program resource component portions of the first network program resource component is associated with one or more critical security vulnerability records; determining the successful first dynamic deconstructed validation of the first network program resource component at a first time interval, in response to determining that the first version is not associated with the one or more critical security vulnerability records; initiating an update of the one or more critical security vulnerability records; and determining, dynamically, an unsuccessful validation of the first network program resource component at a second time interval succeeding the first time interval, in response to determining that a second version associated with a second program resource component portion of the plurality of program resource component portions of the first network program resource component is associated with the updated one or more critical security vulnerability records.
Patented claim 5
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a first version associated with a first program resource component portion of the plurality of program resource component portions of the first network program resource component is associated with one or more critical security vulnerability records; determining the successful first dynamic deconstructed validation of the first network program resource component at a first time interval, in response to determining that the first version is not associated with the one or more critical security vulnerability records; initiating an update of the one or more critical security vulnerability records; and determining, dynamically, an unsuccessful validation of the first network program resource component at a second time interval succeeding the first time interval, in response to determining that a second version associated with a second program resource component portion of the plurality of program resource component portions of the first network program resource component is associated with the updated one or more critical security vulnerability records.
Pending claim 6
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a scan of a version associated with at least one of the plurality of program resource component portions of the first network program resource component is successful; and determining an unsuccessful validation of the first network program resource component in response to determining that the scan of the version of the at least one of the plurality of program resource component portions of the first network program resource component is unsuccessful.
Patented claim 6
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a scan of a version associated with at least one of the plurality of program resource component portions of the first network program resource component is successful; and determining an unsuccessful validation of the first network program resource component in response to determining that the scan of the version of the at least one of the plurality of program resource component portions of the first network program resource component is unsuccessful.
Pending claim 7
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a source entity associated with at least one of the plurality of program resource component portions of the first network program resource component is associated with the one or more categorical network program resource component records of the dynamic validated network resource library; and determining an unsuccessful validation of the first network program resource component in response to determining that the source entity of the at least one of the plurality of program resource component portions of the first network program resource component does not match the one or more categorical network program resource component records of the dynamic validated network resource library.
Patented claim 7
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a source entity associated with at least one of the plurality of program resource component portions of the first network program resource component is associated with the one or more categorical network program resource component records of the dynamic validated network resource library; and determining an unsuccessful validation of the first network program resource component in response to determining that the source entity of the at least one of the plurality of program resource component portions of the first network program resource component does not match the one or more categorical network program resource component records of the dynamic validated network resource library.
Pending claim 8
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a version of at least one of the plurality of program resource component portions of the first network program resource component is associated with a component file; and determining an unsuccessful validation of the first network program resource component in response to determining that the version of the at least one of the plurality of program resource component portions of the first network program resource component does not match the component file.
Patented claim 8
The system of claim 1, wherein the first dynamic deconstructed validation of the first network program resource component further comprises: determining whether a version of at least one of the plurality of program resource component portions of the first network program resource component is associated with a component file; and determining an unsuccessful validation of the first network program resource component in response to determining that the version of the at least one of the plurality of program resource component portions of the first network program resource component does not match the component file.
Regarding pending claims 9 and 15, said claims correspond to patented claims 9 and 15 in the same manner pending claim 1 corresponds to patented claim 1.
Regarding pending claims 10 and 16, said claims correspond to patented claims 9 and 15 in the same manner pending claim 2 corresponds to patented claim 2.
Regarding pending claims 11 and 17, said claims correspond to patented claims 9 and 15 in the same manner pending claim 3 corresponds to patented claim 3.
Regarding pending claims 12 and 18, said claims correspond to patented claims 9 and 15 in the same manner pending claim 4 corresponds to patented claim 4.
Regarding pending claims 13 and 19, said claims correspond to patented claims 9 and 15 in the same manner pending claim 5 corresponds to patented claim 5.
Regarding pending claims 14 and 20, said claims correspond to patented claims 9 and 15 in the same manner pending claim 6 corresponds to patented claim 6.
Subject Matter Allowable over Prior Art
Claims 1 - 20 would be allowable, absent the pending Double Patenting rejections.
The following is an examiner’s statement of reasons for allowance: The prior art neither teaches nor suggests all the features recited in claims 1, 9, and 15.
While many of the individual elements of claims 1, 9, and 15 are suggested by the prior art, e.g., quarantine of downloaded executables, and analysis based on individual elements of a larger resource, and security evaluation based on a multi-layered analysis/validation approach (discussed further below), the combination of all of these features as claimed is lacking in the prior art. The pending claims share many details in common with allowed parent US-12120132-B2 (hence the pending Double Patenting rejections). Thus relevant prior art is shared between the patented parent and the pending application, including: Oberheide (US-8621610-B2), who discusses mechanisms for protecting networks from malicious files via analysis and subsequent quarantine (col. 2 lines 38 – 58). Files are inspected as the enter the monitored computer system (col. 3 lines 34-60), and in addition application behavior and networking activity is continuously evaluated (col. 4 lines 48 – 60). Multiple evaluation engines are supported to improve both the speed and adaptability of the analysis process (col. 6 lines 54-64 and col. 7 lines 26 – 58). Satpathy (US-11349865-B1), who utilizes an in-line proxy to monitor traffic and enforce security policies (col. 7 lines 40 – 60). Machine learning is leveraged, and with deconstruction of potentially malicious content combined with heuristic-based analysis, suspicious files can be quarantined and subject to further examination (col. 9 lines 8 – 15, col. 10 line 61 – col. 11 line 55).
Ezell (US-20180302373-A1), who utilizes an edge-based quarantine system (Abstract) similar to functionality presently claimed. Traffic is quarantined to enable a detailed analysis without impacting the performance of the network as a whole ([20]). The decision to quarantine the traffic can be based on a reputation database of traffic sources ([21,23]). The specialized network edge infrastructure can be implemented via a virtual network that is segregated from the rest of the network resources. Valois (US-20040260818-A1), which details a policy validation database and parser engine which leverages a test script database as part of a network security verification process ([50,55]). A sequential application of multiple tests/validations is suggested ([61,67]). Huffman (US-20210226981-A1), which suggests a signature-based approach to scan network traffic and enforce security protections as part of a vulnerability management system ([22-23, 25]). Software present in the monitored network is inventoried and tracked ([40-42]) and the signatures are leveraged to locate a potentially malicious software components ([47]). Mohler (US-8806639-B2), who protects a computer network by installing downloaded software on an isolated virtual machine, and then monitors the applications behavior to determine how risky it would be to release it from the virtualization-based quarantine (col. 7 lines 30 – 55, col. 8 lines 32 – 42, col. 9 lines 39-63). Weinstein (US-10554475-B2), which provides another approach at protecting networks via a quarantining process (col. 3 lines 38 – 48), implemented via a memory-isolated sandbox (col. 5 lines 15 – 22). A virtualization-based approach is discouraged as it is viewed as wasteful in comparison with the sandboxing mechanisms proposed (col. 8 lines 15 – 35).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN M MACILWINEN whose telephone number is (571)272-9686. The examiner can normally be reached Monday - Friday, 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton B Burgess can be reached at (571) 272 - 3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
JOHN MACILWINEN
Primary Examiner
Art Unit 2442
/JOHN M MACILWINEN/Primary Examiner, Art Unit 2454