DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/12/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings are objected to under 37 CFR 1.83(a) because they fail to show enumerated elements in the 500-series (e.g. Fig. 5A-5C do not identify with numbers elements that: “create/adjust realm(s) (550)”, “install endpoint agent(s) (552)”, “and or register the endpoint agent(s) (554)”) as described in page 15 and 16 of the specification. Any structural detail that is essential for a proper understanding of the disclosed invention should be shown in the drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
In addition to Replacement Sheets containing the corrected drawing figure(s), applicant is required to submit a marked-up copy of each Replacement Sheet including annotations indicating the changes made to the previous version. The marked-up copy must be clearly labeled as “Annotated Sheets” and must be presented in the amendment or remarks section that explains the change(s) to the drawings. See 37 CFR 1.121(d)(1). Failure to timely submit the proposed drawing and marked-up copy will result in the abandonment of the application.
Specification
The use of the term Proofpoint®, which is a trade name or a mark used in commerce, has been noted in this application. The term should be accompanied by the generic terminology; furthermore the term should be capitalized wherever it appears or, where appropriate, include a proper symbol indicating use in commerce such as ™, SM , or ® following the term.
Although the use of trade names and marks used in commerce (i.e., trademarks, service marks, certification marks, and collective marks) are permissible in patent applications, the proprietary nature of the marks should be respected and every effort made to prevent their use in any manner which might adversely affect their validity as commercial marks.
Claim Objections
Claims 6 and 9 are objected to because of the following informalities:
Claim 6 contains a typo on line 5, “all of the endpoint agent” should read “all of the endpoint agents”.
Claim 9 contains a typo on line 1, “wherein computer-based network comprises” should read “wherein the computer-based network comprises”.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation “for telemetry data transmitted by endpoint agents within the realm” on line 5. There is insufficient antecedent basis for this limitation in the claim.
Claim 6 recites the limitation "the computer network" in line 2. There is insufficient antecedent basis for this limitation in the claim. The term should read “the computer-based network”.
Claim 12 recites the limitation “the endpoint agent installed in the endpoint device” “user activity at the endpoint device”, and “privacy restrictions that apply to the endpoint agent's endpoint device”. It is currently unclear what endpoint device or agent is being referred to as claim 12 depends upon at least claim 9 which recites “a plurality of user endpoint devices”.
Claim 14 and 16 recite the claim term “and/or”. By using "and/or," the aforementioned claims recite broad limitations (designated with "or") together with narrower limitations (designated with "and"). The scope of the claims is unascertainable since the term raises a question or doubt as to whether the elements joined by "and/or" are required or optional.
A broad range or limitation together with a narrow range or limitation that falls within the broad range or limitation (in the same claim) is considered indefinite, since the resulting claim does not clearly set forth the metes and bounds of the patent protection desired. See MPEP § 2173.05(c). Note the explanation given by the Board of Patent Appeals and Interferences in Ex parte Wu, 10 USPQ2d 2031, 2033 (Bd. Pat. App. & Inter. 1989), as to where broad language is followed by "such as" and then narrow language. The Board stated that this can render a claim indefinite by raising a question or doubt as to whether the feature introduced by such language is (a) merely exemplary of the remainder of the claim, and therefore not required, or (b) a required feature of the claims. Note also, for example, the decisions of Ex parte Steigewald, 131 USPQ 74 (Bd. App. 1961); Ex parte Hall, 83 USPQ 38 (Bd. App. 1948); and Ex parte Hasche, 86 USPQ 481 (Bd. App. 1949).
Claim 15 depends upon claim 14, whereas claim 15 recites “the computer network of claim 14”, although claim 14 is a method claim. It is currently unclear whether claim 15 is drawn to a method claim or a system claim.
Claim 16 depends upon claim 15, which depends upon claim 14; whereas claim 16 recites “the computer network of claim 15”, although claim 14 is a method claim. It is currently unclear whether claim 16 is drawn to a method claim or a system claim.
Dependent claims fall together accordingly.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-4, 6-7, 9-15 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Meng et. al. US Publication No. US 2020/0184092 A1 hereinafter Meng.
Regarding Claim 1:
Meng discloses a method comprising (Meng [0029] and [0033] method contemplated): creating a realm in a computer-based network, wherein the realm includes and is defined by a realm definition, stored in computer-based memory (Meng Figure 2, [0021] “As explained further below, user device 12 generates electronic data and securely seals the data along with geodeclaration metadata having boundary information representing one or more geographic areas. User device 12 desires to transmit the electronic data (sealed with the geodeclaration) to destination device 16 via network 14 in a geographically-controlled manner. In the example of FIG. 1, the geodeclaration metadata might define a geographic area as indicated by a boundary 19a. Boundary 19a designates one or more geographic areas in which the data is to be allowed to be transmitted or stored”; [0022-0024]), that at least identifies one or more data processing facilities in the network as permissible destinations, under applicable data protection or privacy restrictions (Meng Figure 1 permissible and impermissible destinations, [0016-0017] “A number of considerations directly affect geographic localization of electronic data, particularly legal reasons. For example, different jurisdictions may have different privacy laws that apply to information stored within the jurisdiction, even if the information did not originate there”, [0021-0024]), for telemetry data transmitted by endpoint agents within the realm (Meng [0020-0021] user data sources and sinks; [0040-0045]); installing an endpoint agent in an endpoint device (Meng [0040-0045] each of the network routers has at least a geo agent); and registering the endpoint agent with the realm (Meng [0043] “Once the geodeclaration is verified, the geo agent determines whether network router 18 is allowed to process the data according to the rules present in the geodeclaration. This determination includes deciphering the geographic boundaries according to the particular format of the geodeclaration, and comparing the boundaries to a known location of network router 18. The current location of network router 18 may be obtained from GPS device 72, or may be programmed into network router 18 (e.g., in flash memory 66), or may be hardwired in network router 18. If the current location is within the permissible boundaries (or outside of prohibited boundaries) indicated by the geodeclaration, then the data is passed to the routing program for transmission”).
Regarding Claim 2:
Meng further discloses the method of claim 1 (Meng [0029] and [0033] method contemplated), wherein the realm definition further identifies one or more permissible routes through the network, under applicable data protection or privacy restrictions (Meng Figure 1 permissible and impermissible destinations, [0043-0046] permissible paths within permissible bounds), for the telemetry data transmitted by endpoint agents in the realm (Meng [0020-0021] user data sources and sinks, [0040-0045]).
Regarding Claim 3:
Meng further discloses the method of claim 1 (Meng [0029] and [0033] method contemplated), wherein the endpoint agent in the endpoint device is configured to: collect telemetry data relating to user activity at its associated endpoint device (Meng [0037] collects original data “computer system 20 generates the original electronic data using whatever program or application is running on the system, and further checks with the user as to whether the data is to be geographically controlled”) and transmit the collected telemetry data to one of the permissible destination data processing facilities identified in the realm definition (Meng [0037-0039] add the geodeclaration representing restrictions; [0043-0045] route along permissible path).
Regarding Claim 4:
Meng further discloses the method of claim 3 (Meng [0029] and [0033] method contemplated), wherein the endpoint agent in the endpoint device is further configured to restrict its transmission of the collected telemetry data to a permissible route through the network (Meng [0037-0039] add the geodeclaration representing restrictions; [0043-0045] route along permissible path).
Regarding Claim 6:
Meng further discloses the method of claim 1 (Meng [0029] and [0033] method contemplated), further comprising: creating other realms in the computer network (Meng Fig. 3A-3B multiple geodeclarations disclosed; [0021-0024]); installing an endpoint agent in each respective one of a plurality of other endpoint devices (Meng [0040-0045] each of the network routers has at least a geo agent); and registering all of the endpoint agent in the other endpoint devices with a corresponding one of the realms (Meng [0043]).
Regarding Claim 7:
Meng further discloses the method of claim 6 (Meng [0029] and [0033] method contemplated), wherein each realm has a different realm definition than the other realms (Meng Fig. 3A-3B multiple geodeclarations disclosed, [0021-0024]).
Regarding Claim 9:
Meng further discloses the method of claim 1 (Meng [0029] and [0033] method contemplated), wherein computer-based network comprises a plurality of user endpoint devices geographically distributed relative to one another such that activities on at least one of the plurality of endpoint devices is subject to a different set of data protection or privacy restrictions than activities on another one of the plurality of endpoint devices (Meng Fig. 1 two boundaries disclosed; [0016-0017] “A number of considerations directly affect geographic localization of electronic data, particularly legal reasons. For example, different jurisdictions may have different privacy laws that apply to information stored within the jurisdiction, even if the information did not originate there”).
Regarding Claim 10:
Meng further discloses the method of claim 9 (Meng [0029] and [0033] method contemplated), wherein endpoint devices that have endpoint agents registered with the realm form a subset of the endpoint devices in the computer-based network (Meng Fig. 1 at least two boundaries disclosed that are subsets of the larger network 14).
Regarding Claim 11:
Meng further discloses the method of claim 10 (Meng [0029] and [0033] method contemplated) wherein the computer-based network comprises: a plurality of data processing facilities communicatively coupled to the user endpoint devices in the computer-based network (Meng Fig. 1 plurality of devices shown in the network), wherein the data processing facilities are in different geographical regions or sovereignties (Meng Fig. 1 at least two boundaries disclosed; [0016-0017] “A number of considerations directly affect geographic localization of electronic data, particularly legal reasons. For example, different jurisdictions may have different privacy laws that apply to information stored within the jurisdiction, even if the information did not originate there”).
Regarding Claim 12:
Meng further discloses the method of claim 11 (Meng [0029] and [0033] method contemplated), further comprising: collecting, with the endpoint agent installed in the endpoint device, telemetry data relating to user activity at the endpoint device (Meng [0037] collects original data “computer system 20 generates the original electronic data using whatever program or application is running on the system, and further checks with the user as to whether the data is to be geographically controlled”); and transmitting the collected telemetry data from the endpoint agent to a selected one of the data processing facilities in compliance with the data protection and privacy restrictions that apply to the endpoint agent's endpoint device (Meng [0037-0039] add the geodeclaration representing restrictions; [0043-0045] route along permissible path).
Regarding Claim 13:
Meng further discloses the method of claim 12 (Meng [0029] and [0033] method contemplated), further comprising: logically segmenting the computer-based network into a plurality of realms, wherein the plurality of realms includes the created realm (Meng Fig. 1 at least two boundaries disclosed that are subsets of the larger network 14); installing an endpoint agent into each respective one of the endpoint devices in the computer-based network (Meng [0040-0045] each of the network routers has at least a geo agent); and registering each respective endpoint agent to a particular one of the plurality of realms (Meng [0043]).
Regarding Claim 14:
Meng further discloses the method of claim 13 (Meng [0029] and [0033] method contemplated), further comprising: providing an agent data store at each respective one of the endpoint devices, wherein each of the agent data stores contains data that identifies: one or more of the data processing facilities as being permissible destinations, under applicable data protection or privacy restrictions, for the telemetry data transmitted by the endpoint agent (Meng Fig. 4, [0040-0045]); and/or one or more routes through the network as being permissible routes, under applicable data protection or privacy restrictions, for the telemetry data transmitted by the endpoint agent to one of the permissible destination data processing facilities (Meng Fig. 4, [0040-0045]).
Regarding Claim 15:
Meng further discloses the method of claim 14 (Meng [0029] and [0033] method contemplated), wherein the endpoint agent in each endpoint device is configured to transmit the telemetry data to one of the identified permissible destination data processing facilities via one of the identified permissible routes though the computer-based network (Meng [0040-0045]).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 5, 8, and 16 and are rejected under 35 U.S.C. 103 as being unpatentable over Meng in view of Mahaffey et. al. (US Publication No. US 2015/0188949 A1) hereinafter Mahaffey.
Regarding Claim 5:
Meng discloses the method of claim 3 (Meng [0029] and [0033] method contemplated).
Meng does not explicitly disclose wherein the data processing facility is configured to: analyze the telemetry data to identify potential insider threats posed by the user activity associated with the telemetry data; and create an alert if any such insider threat is identified.
Mahaffey teaches wherein the data processing facility is configured to: analyze the telemetry data to identify potential insider threats posed by the user activity associated with the telemetry data (Mahaffey Fig. 6, [0213-0216] “malware identifier 666 may be configured to identify attempts to exploit vulnerabilities of computing device 601 and applications 604 which may be installed and running on computing device 601. Malware identifier 666 may monitor traffic and identify malicious files and/or activities based on a predetermined list of filenames. Malware identifier 666 may also identify malicious files and/or activities based on detected behaviors”); and create an alert if any such insider threat is identified (Mahaffey [0377] in response an alert may be sent (“e.g., via email, to a security alerting console, to a SIEM system”) amongst other actions taken).
It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the method of controlling transmission of data based on at least geolocation and privacy jurisdictions disclosed by Meng with the malware detection and alert taught by Mahaffey.
The motivation for this combination would be to improve security by identifying attempts to exploit vulnerabilities as discussed by Mahaffey (Mahaffey [0213]).
Regarding Claim 8:
The combination of Meng and Mahaffey further teaches the method of claim 1 (Meng [0029] and [0033] method contemplated), further comprising updating realm definitions periodically (Mahaffey Fig. 6, [0399] routing actions and policies can change; [0203-0207] connection policies can be changed and updated; [0424] “changes may be applied to the routes, propagated or otherwise defined. And, as may be expected, routes may expire for a number of reasons, such as inactivity”).
Regarding Claim 16:
The combination of Meng and Mahaffey further teaches the method of claim 15 (Meng [0029] and [0033] method contemplated), wherein the endpoint agents are configured to periodically receive updates regarding the permissible destination data processing facilities and/or permissible routes through the computer-based network from a remote data store (Mahaffey Fig. 6, [0399] routing actions and policies can change; [0203-0207] connection policies can be changed and updated; [0424] “changes may be applied to the routes, propagated or otherwise defined. And, as may be expected, routes may expire for a number of reasons, such as inactivity”).
Conclusion
The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.L./ Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496