DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The disclosure is objected to because of the following informalities:
Paragraph 28 writes “,.” at the end when it should write “.”.
Paragraph 45 on two instances writes “the another” when it should write “another”.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1 - 20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "and in a case where it is determined that the privacy is not set for protection, allow the user to access the content." in the last 2 lines of the claim. There is insufficient antecedent basis for this limitation in the claim. This is because the claim recites “receive a user’s attempt to access content shared within the messaging platform” in the middle of the claim and “and display a notification of protection of the content to a user” in the third to last line in the claim. It is unclear what user “the user” refers to, since there are 2 users instantiated. The examiner from here on will consider “the user” as the entity who attempts to access shared content.
By virtue of dependence on claim 1, claims 2-10 are rejected under 35 U.S.C. 112(b).
Claim 4 recites the limitation "The computing apparatus according to claim 2, wherein the privacy of the content set by the user has a higher priority than the privacy set within the messaging platform." in the second line. There is insufficient antecedent basis for this limitation in the claim. The “user” referred to in claims 1 and 2 is defined as an entity attempting to access content shared on the platform, while claim 4’s “the user” refers to an entity that uploaded this shared content. The examiner from here on will consider “the user” as the entity who uploaded this shared content.
Claim 11 recites the limitation "and in a case where it is determined that the privacy is not set for protection, allow the user to access the content." in the last 2 lines of the claim. There is insufficient antecedent basis for this limitation in the claim. This is because the claim recites “receive a user’s attempt to access content shared within the messaging platform” in the middle of the claim and “and displaying a notification of protection of the content to a user” in the third to last line in the claim. It is unclear which user “the user” refers to, since there are 2 users instantiated. The examiner from here on will consider “the user” as the entity who attempts to access shared content.
By virtue of dependence on claim 11, claims 12-19 are rejected under 35 U.S.C. 112(b).
Claim 14 recites the limitation " The method according to claim 12, wherein the privacy of the content set by the user has a higher priority than the privacy set within the messaging platform." In line 1. There is insufficient antecedent basis for this limitation in the claim. The “user” referred to in claims 11 and 12 is defined as an entity attempting to access content shared on the platform, while claim 14’s “the user” refers to an entity that uploaded this shared content. The examiner from here on will consider “the user” as the entity who uploaded this shared content.
Claim 20 recites the limitation "and in a case where it is determined that the privacy is not set for protection, allow the user to access the content." in the last 2 lines of the claim. There is insufficient antecedent basis for this limitation in the claim. This is because the claim recites “receiving a user’s attempt to access content shared within the messaging platform” in the middle of the claim and “and displaying a notification of protection of the content to a user” in the third to last line in the claim. It is unclear which user “the user” refers to, since there are 2 users instantiated. The examiner from here on will consider “the user” as the entity who attempts to access shared content.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1-5, 8-15, 18-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US-20220414244-A1, a patent issued to IBM regarding sender-based consent for sharing images, the office action will from here on refer to this reference as IBM.
Regarding claim 1, IBM discloses a computing apparatus for protecting privacy and security within a messaging platform, comprising: (Abstract and paragraph 4; Abstract describes a system for a sender to control the privacy of files they send on the application and operating system level. Paragraph 4 describes a receiving device at the application level identifying the security level of received files).
one or more processors (Paragraph 25 and drawing symbol 300; Paragraph 25 describes one or more processors carrying out the execution of program 300, which is a program for managing privacy).
and one or more computer-readable media having stored thereon executable instructions that, when executed by the one or more processors, cause the computing apparatus to: (Paragraph 25 and drawings 300, 210; Paragraph 25 describes program 300 being stored in persistent storage 210, which is a computer readable medium).
receive a user’s attempt to access content shared within the messaging platform; (Paragraph 47 and 51; Paragraph 47 describes that a receiving application will verify the consent policy of a sender’s files. Paragraph 51 describes the process of a receiving user attempting to access certain files with specific consent policies, where the operating system may prevent screenshotting or forwarding access).
determine whether or not privacy is set for protection within the messaging platform; (Paragraph 48 drawing symbols 275 and 375; Paragraph 48 describes a share module determining whether or not sharing of consent controlled digital content is allowed).
in a case where it is determined that the privacy is set for protection:
disallow an access to the content; (Paragraph 51, Figure 2; Paragraph 51 describes that after the consent verification process illustrated in figure 2, the receiver will not be allowed full access to the content, being barred from screenshotting and other sharing actions).
and display a notification of protection of the content to a user; (Paragraph 51 and paragraph 57; Paragraph 51 describes how the operating system may prevent potential sharing of a screenshot image or disabling share functionality, notifying the user of the consent policy of the content. Paragraph 57 explains that some watermarks are visible to the receiver, an additional way of notifying a receiver about consent policy).
and in a case where it is determined that the privacy is not set for protection, allow the user to access the content. (Paragraph 50, Figure 2; Paragraph 50 describes that after the consent verification process illustrated in figure 2, the receiver will be given access through being updated as a consent owner, meaning they have full content sharing access, with them being able to set consent policy if they decide to share this content).
Regarding claim 2, IBM discloses the computing apparatus according to claim 1, wherein the content is a text, audio, video, document, image, audio call, or video call. (Paragraph 36 and 81; Paragraph 36 explains that some of the invention’s embodiments are directed toward a method that will implement consent-based content sharing with images and other multimedia files, with paragraph 81 explicitly stating video, audio, and image files are compatible with consent-based content sharing).
Regarding claim 3, IBM discloses the computing apparatus according to claim 1, wherein privacy of the content is individually set by a user who uploads. (Abstract and Paragraph 36; The abstract and paragraph 36 explain that the sender has authority over consent policy for content they desire to share).
Regarding claim 4, IBM discloses the computing apparatus according to claim 2, wherein the privacy of the content set by the user has a higher priority than the privacy set within the messaging platform. (Paragraph 45; Paragraph 45 describes that the device that handles consent-based policy will modify any digital content with privacy settings the sender chooses, with application behavior regarding the content being overwritten to suit the sender’s needs).
Regarding claim 5, IBM discloses the computing apparatus according to claim 1, wherein the user’s attempt is a hotkey handled by an operating system of the messaging platform. (Paragraph 51 and 84; Paragraph 51 describes that the apparatus may disable screenshot capability to prevent potential sharing of screenshot image. Paragraph 84 describes that the apparatus may also disable message copying, show that the system can handle user attempts defined by hotkeys).
Regarding claim 8, IBM discloses the computing apparatus according to claim 1, wherein determination of whether or not the privacy is set for protection is based on a privacy protection setting within the messaging platform. (Paragraph 45; Paragraph 45 describes that the system has consent controls that will modify content in a manner that is recognizable by a receiver that respects the content’s privacy settings issues by the system).
Regarding claim 9, IBM discloses the computing apparatus according to claim 8, wherein the privacy protection setting is set for a partial group of users in a group chat within the messaging platform. (Paragraph 54 and 68; Paragraph 54 describes privacy settings a user can choose when sending content to other receivers, with paragraph 68 describing how consent can be set for certain groups of receiving users).
Regarding claim 10, IBM discloses the computing apparatus according to claim 8, wherein the privacy protection setting includes a setting for blocking a capture of a screen and a setting for blocking a copy, forward, or share of the content. (Paragraph 64 and 84; Paragraph 64 describes a disabling of sharing and screenshot functionality, with paragraph 84 describing the disabling of message copying).
Regarding claim 11, IBM discloses a method for protecting privacy within a messaging platform, comprising: (Abstract and paragraph 4; Abstract describes a control given to a sender of content regarding the privacy of files they send on the application and operating system level. Paragraph 4 describes a receiving done at the application level identifying the security level of received files).
receiving a user’s attempt to access content shared within the messaging platform; (Paragraph 47 and 51; Paragraph 47 describes that a receiving application will verify the consent policy of a sender’s files. Paragraph 51 describes the process of a receiving user attempting to access certain files with specific consent policies, where the operating system may prevent screenshotting or forwarding access).
determining whether or not privacy is set for protection within the messaging platform; (Paragraph 48 drawing symbols 275 and 375; Paragraph 48 describes a share module determining whether or not sharing of consent controlled digital content is allowed).
in a case where it is determined that the privacy is set for protection:
disallowing an access to the content; (Paragraph 51, Figure 2; Paragraph 51 describes that after the consent verification process illustrated in figure 2, the receiver will not be allowed full access to the content, being barred from screenshotting and other sharing actions).
and displaying a notification of protection of the content to a user; (Paragraph 51 and paragraph 57; Paragraph 51 describes how the operating system may prevent potential sharing of a screenshot image or disabling share functionality, notifying the user of the consent policy of the content. Paragraph 57 explains that some watermarks are visible to the receiver, an additional way of notifying a receiver about consent policy).
and in a case where it is determined that the privacy is not set for protection, allowing the user to access the content. (Paragraph 50, Figure 2; Paragraph 50 describes that after the consent verification process illustrated in figure 2, the receiver will be given access through being updated as a consent owner, meaning they have full content sharing access, with them being able to set consent policy if they decide to share this content).
Regarding claim 12, IBM discloses the method according to claim 11, wherein the content is a text, audio, video, document, image, audio call, or video call. (Paragraph 36 and 81; Paragraph 36 explains that some of the invention’s embodiments are directed toward a method that will implement consent-based content sharing with images and other multimedia files, with paragraph 81 explicitly stating video, audio, and image files are compatible with consent-based content sharing).
Regarding claim 13, IBM discloses the method according to claim 11, wherein privacy of the content is individually set by a user who uploads. (Abstract and Paragraph 36; The abstract and paragraph 36 explain that the sender has authority over consent policy for content they desire to share).
Regarding claim 14, IBM discloses the method according to claim 12, wherein the privacy of the content set by the user has a higher priority than the privacy set within the messaging platform. (Paragraph 45; Paragraph 45 describes that the device that handles consent-based policy will modify any digital content with privacy settings the sender chooses, with application behavior regarding the content being overwritten to suit the sender’s needs).
Regarding claim 15, IBM discloses the method according to claim 11, wherein the user’s attempt is a hotkey handled by an operating system of the messaging platform. (Paragraph 51 and 84; Paragraph 51 describes that the apparatus may disable screenshot capability to prevent potential sharing of screenshot image. Paragraph 84 describes that the apparatus may also disable message copying, show that the system can handle user attempts defined by hotkeys).
Regarding claim 18, IBM discloses the method according to claim 11, wherein determination of whether or not the privacy is set for protection is based on a privacy protection setting within the messaging platform. (Paragraph 45; Paragraph 45 describes that the system has consent controls that will modify content in a manner that is recognizable by a receiver that respects the content’s privacy settings issues by the system).
Regarding claim 19, IBM discloses the method according to claim 18, wherein the privacy protection setting is set for a partial group of users in a group chat within the messaging platform. (Paragraph 54 and 68; Paragraph 54 describes privacy settings a user can choose when sending content to other receivers, with paragraph 68 describing how consent can be set for certain groups of receiving users).
Regarding claim 20, IBM discloses a nontransitory computing readable content having stored thereon executable instructions that, when executed by a computing apparatus, cause the computing apparatus to perform a method for protecting privacy within a messaging platform, comprising: (Abstract, Paragraph 4 and 25 and drawings 300, 210; Abstract describes a system for a sender to control the privacy of files they send on the application and operating system level. Paragraph 4 describes a receiving device at the application level identifying the security level of received files. Paragraph 25 describes a program 300 being stored in persistent storage 210, which is a nontransitory computer readable medium, that is used to execute instructions for privacy).
receiving a user’s attempt to access content shared within the messaging platform; (Paragraph 47 and 51; Paragraph 47 describes that a receiving application will verify the consent policy of a sender’s files, the application described earlier as containing instructions stored in a nontransitory computer readable medium. Paragraph 51 describes the process of a receiving user attempting to access certain files with specific consent policies, where the operating system may prevent screenshotting or forwarding access).
determining whether or not privacy is set for protection within the messaging platform; (Paragraph 48 drawing symbols 275 and 375; Paragraph 48 describes a share module determining whether or not sharing of consent controlled digital content is allowed).
in a case where it is determined that the privacy is set for protection:
disallowing an access to the content; (Paragraph 51, Figure 2; Paragraph 51 describes that after the consent verification process illustrated in figure 2, the receiver will not be allowed full access to the content, being barred from screenshotting and other sharing actions, executed by the instructions stored on a nontransitory computer readable medium).
and displaying a notification of protection of the content to a user; (Paragraph 51 and paragraph 57; Paragraph 51 describes how the operating system may prevent potential sharing of a screenshot image or disabling share functionality, notifying the user of the consent policy of the content. Paragraph 57 explains that some watermarks are visible to the receiver, an additional way of notifying a receiver about consent policy).
and in a case where it is determined that the privacy is not set for protection, allowing the user to access the content. (Paragraph 50, Figure 2; Paragraph 50 describes that after the consent verification process illustrated in figure 2, the receiver will be given access through being updated as a consent owner, meaning they have full content sharing access, with them being able to set consent policy if they decide to share this content).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 6, 7, 16, 17 are rejected under 35 U.S.C. 103 as being unpatentable over IBM and US-20210192062 A1, a patent issued to Citrix Systems regarding systems and methods for screenshot mediation based on policy, which the office action from here on will be referred to as Citrix.
Regarding claim 6, IBM acknowledges every limitation of the parent claim 5. However, IBM does not teach a system that can access a folder where an unauthorized copy of content is to be stored, removing or replacing the file). However, Citrix teaches a system that can access a predetermined folder where a copy of the content is to be stored (Paragraph 6 and 174; Paragraph 174 explains a system that detects the taking of a screen capture through keystroke detection. Paragraph 6 describes mediation actions including, but not limited to, applying certain restrictions on a device to prevent a user from transferring a screenshot to another device or location, being able to modify it, clearly emphasizing access to the destined folder). Citrix also teaches the system can remove or replace the copy of the content with a default file (Paragraph 83; The system is described to log security events in the application where it can destroy data in the user’s file system, or cause whatever is being displayed on the screen to be hidden, resulting in a blank screenshot). Modifying IBM’s apparatus with Citrix’s would require one to set IBM’s application to carry out Citrix’s protection system upon the registration of specific keystrokes or hotkeys. IBM and Citrix’s inventions are analogous to the claimed invention by preventing unauthorized content access, each element in this newly combined invention performing the same as they do separately. Therefore, it would have been obvious for someone of ordinary skull in the art before the effective filing date of the claimed invention to have combined the two inventions in order to cover possible security vulnerabilities, and stated in the applicant’s specification, paragraph 74 is, “it is possible that the messaging application may be unable to change the system variable for the screen-capture or screen-record” as the motivation for the application being able to access folder and modify or delete the files within them. It can be seen that one of ordinary skill in the cybersecurity art would want to have a method that prevents bypass techniques in unauthorized content access.
Regarding claim 7, all aspects about its parent claim 6 are described above, where IBM does not teach 6 nor 7. Citrix however teaches that the default file is a blank text, audio, video, document, or image. (Paragraph 83 and 153; Paragraph 83 describes a default action of blanking a screenshot. Paragraph 153 describes polices that manage and control access to local drives and resources for other attempts of access, such as copy and pasting, downloading of files, or other methods of sharing files and watermarking them through the client application, where depending on policy, would be blanking out the files). IBM and Citrix’s inventions are analogous to the claimed invention by preventing unauthorized content access, each element in this newly combined invention performing the same as they do separately. Therefore, it would have been obvious for someone of ordinary skull in the art before the effective filing date of the claimed invention to have combined the two inventions in order to cover possible security vulnerabilities, and stated in the applicant’s specification, paragraph 74 is, “it is possible that the messaging application may be unable to change the system variable for the screen-capture or screen-record” as the motivation for the application being able to access folder and modify or delete the files within them, where a default file is simply the alternative to deletion. It can be seen that one of ordinary skill in the cybersecurity art would want to have a method that prevents bypass techniques in unauthorized content access.
Regarding claim 16, IBM acknowledges every limitation of the parent claim 15. However, IBM does not teach a method that can access a folder where an unauthorized copy of content is to be stored, removing or replacing the file). However, Citrix teaches a method for accessing a predetermined folder where a copy of the content is to be stored (Paragraph 6 and 174; Paragraph 174 explains a system that detects the taking of a screen capture through keystroke detection. Paragraph 6 describes mediation actions including, but not limited to, applying certain restrictions on a device to prevent a user from transferring a screenshot to another device or location, being able to modify it, clearly emphasizing access to the destined folder). Citrix also teaches the system can remove or replace the copy of the content with a default file (Paragraph 83; The system is described to log security events in the application where it can destroy data in the user’s file system, or cause whatever is being displayed on the screen to be hidden, resulting in a blank screenshot). Modifying IBM’s apparatus with Citrix’s would require one to set IBM’s application to carry out Citrix’s protection system upon the registration of specific keystrokes or hotkeys. IBM and Citrix’s inventions are analogous to the claimed invention by preventing unauthorized content access, each element in this newly combined invention performing the same as they do separately. Therefore, it would have been obvious for someone of ordinary skull in the art before the effective filing date of the claimed invention to have combined the two inventions in order to cover possible security vulnerabilities, and stated in the applicant’s specification, paragraph 74 is, “it is possible that the messaging application may be unable to change the system variable for the screen-capture or screen-record” as the motivation for the application being able to access folder and modify or delete the files within them. It can be seen that one of ordinary skill in the cybersecurity art would want to have a method that prevents bypass techniques in unauthorized content access.
Regarding claim 17, all aspects about its parent claim 6 are described above, where IBM does not teach 16 nor 17. Citrix however teaches that the default file is a blank text, audio, video, document, or image. (Paragraph 83 and 153; Paragraph 83 describes a default action of blanking a screenshot. Paragraph 153 describes polices that manage and control access to local drives and resources for other attempts of access, such as copy and pasting, downloading of files, or other methods of sharing files and watermarking them through the client application, where depending on policy, would be blanking out the files). IBM and Citrix’s inventions are analogous to the claimed invention by preventing unauthorized content access, each element in this newly combined invention performing the same as they do separately. Therefore, it would have been obvious for someone of ordinary skull in the art before the effective filing date of the claimed invention to have combined the two inventions in order to cover possible security vulnerabilities, and stated in the applicant’s specification, paragraph 74 is, “it is possible that the messaging application may be unable to change the system variable for the screen-capture or screen-record” as the motivation for the application being able to access folder and modify or delete the files within them, where a default file is simply the alternative to deletion. It can be seen that one of ordinary skill in the cybersecurity art would want to have a method that prevents bypass techniques in unauthorized content access.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. These include:
US-8082451-B2 — Waris, Heikki
Discloses a data handling mechanism that uses binary tags on data such as messages and files for controlling access, such as copying, forwarding, and editing.
US-11270014-B1 — Chen, Joseph
Discloses a computer implemented method for utilizing metadata to protect against image sharing, where it can mask an image with encoded metadata and prevent sharing from a public folder.
US-20240203312-A1 — Nuckols, William David
Discloses a method for obscuring content from screen capture by modifying content for display.
CN-119442305-A — FANG, Xi-wen
Discloses data sharing method where the sender can provide system level encryption management and sharing control with an application.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUHAMMAD H RASUL whose telephone number is (571)272-4613. The examiner can normally be reached Monday - Friday 7:30 - 5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached at 571-272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MUHAMMAD HASHIR RASUL/Examiner, Art Unit 2492
/EVANS DESROSIERS/Primary Examiner, Art Unit 2491