Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The disclosure is objected to because of the following informalities: Throughout the specification, there are numerous instances (e.g., pages 13, 14 and 16) where the firewall is designated “102”, but the Figures show it as – 103 --. On pages 29 and 30, the browser extension is designated “220” and instances of the webpage are designated “701”, but Figures 7A and 7B label them as – 701 – and – 703 --, respectively. Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-12 and 15-23 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al (hereinafter “Yang”, U.S. Patent 12,273,392) in view of LaForge et al (hereinafter “LaForge”, U.S. Patent Publication 2023/0409352).
With regard to claim 1, Yang teaches a computer-implemented method of controlling disclosure of sensitive information to a remote network destination via a web browser by an endpoint device within an organization’s private network (See Figure 11 and columns 26-28, “[c]omputing device 1100 may be configured to implement processing operations of any component described herein including the user system components (e.g. endpoints 110 of Fig. 1)” and “Software 1140 may include one or more software components such as an endpoint routing client, security services 160 and its incorporated elements ….”), the method including comparing a uniform resource locator (URL) to configuration information stored in memory on the computer (Column 13, line 36+, “filter 205a may compare the traffic with lists of URLs to identify whether the traffic is associated with a GenAI service”) ; and determining whether to scan the data entry for sensitive information contingent on whether the comparison identifies a match between the URL and the configuration information (See column 16, line 51+, “benign requests may be scanned for confidential information”, “Uploaded files requests may be scanned” and “Prompt injection requests may be scanned”). While Yang teaches that hosted services may be websites (See column 10, line 33+), it does not specify the details of the webpage. LaForge teaches that it is commonly known to display a webpage on a graphical user interface of a computer with a web browser executing on the computer and receiving a data entry for a text box on the webpage displayed on the graphical user interface (See Figure 2A and paragraphs [0087]-[0089]). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the invention to provide a webpage as taught by LaForge in the hosted services of Yang. The rationale is as follows: One of ordinary skill in the art would have been motivated to use a webpage as taught by LaForge since a webpage can be a very intuitive and user friendly interface to interact with the AI services of the website.
With regard to claim 2, Yang teaches a custom handler (software) that routes the requests to scanning engine (See figure 2A, 230) in response to determining that the data entry is to be scanned for sensitive information (See figure 2A and column 16, lines 43-66).
With regard to claim 3, Yang teaches transferring the data entry to an endpoint agent (column 11, line 30, endpoint routing client) on the computer using the custom handler (software).
With regard to claim 4, Yang teaches scanning the data entry for sensitive data with a scanning engine (230) associated with the endpoint agent.
With regard to claim 5, Yang teaches preventing transmission of the data from the computer to a remote server hosting the webpage in response to the scanning engine identifying a presence of sensitive information in the data entry (See column 17, line 4, wherein the GenAI request may be blocked).
With regard to claim 6, Yang shows in Figure 2A that preventing the transmission of the data entry from the computer to the remote server hosting the webpage is done by security services (160a), and it does not include responding to the custom handler's data entry transfer to an endpoint agent on the computer.
With regard to claims 7-9, Yang teaches enabling transmission of the data entry from the computer to a remote server hosting the webpage in response to the scanning engine determining that the data entry lacks sensitive information (See column 17, lines 25-29), wherein enabling the transmission of the data to the remote server hosting the webpage includes returning an indication (See Figure 2A, Verdict) to the custom handler permitting transmission of the data to the remote server hosting the webpage, and transmitting the data entry from the computer to the remote server hosting the webpage in response to the indication permitting the transmission of the data entry.
With regard to claim 10, Yang teaches wherein the remote server (120) hosting the webpage includes a generative artificial intelligence tool (130) and wherein the data entry comprises a prompt for the generative artificial intelligence tool.
With regard to claim 11, Yang teaches wherein the generative artificial intelligence tool is configured to receive the prompt (column 11, line 5+), create a response (GenAI responses) to the prompt based at least in part on the data entry, and transmit the response back to the computer, and wherein the web browser is configured to display the response within the webpage displayed on the graphical user interface on the computer (See the figures of LaForge which show the displaying of AI responses within the webpage displayed on the graphical user interface of the computer).
With regard to claim 12, Yang shows in Figures 1 and 11 wherein the computer (110) is an endpoint device within an organization's private network, wherein the remote server (120) is at a remote network destination outside of the organization's private network, and wherein the computer- implemented endpoint agent and the computer-implemented scanning engine are deployed within the organization's private network.
With regard to claim 15, Yang teaches exposing a fetch application programming interface (API) at the web browser in response to the data entry (see column 34, lines 21-24), wherein the comparing of the URL for the webpage to configuration information stored in memory on the computer is in response to exposing the fetch API at the web browser.
With regard to claim 16, it is the system claim that corresponds to method claim 1 above, and is therefore rejected for the same reasons as claim 1 (Also see the Summary in Yang which describes the method, system and computer readable medium devices storing instructions that enforce cybersecurity and privacy of network traffic between client devices and generative artificial intelligence (GenAI) applications).
With regard to claim 17, Yang teaches one or more servers (120) at the remote network destination, wherein the one or more servers are at the remote network destination outside of the organization's private network, and wherein the computer-implemented endpoint agent and the computer-implemented scanning engine are deployed within the organization's private network.
With regard to claim 18, Yang teaches wherein the one or more servers are hosting a generative artificial intelligence tool (130).
With regard to claim 19, Yang teaches network security protection measures demarcating a barrier between the organization's private network (110) and outside the organization's private network (120).
With regard to claim 20, it is the system claim that corresponds to method claims 2-5 above, and is therefore rejected for the same reasons as claims 2-5.
With regard to claims 21-23, they are the computer readable medium claims that correspond to method claims 1-5 and 12 above, and are therefore rejected for the same reasons as claims 1-5 and 12.
Claims 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Yang et al in view of LaForge as applied to claim 1 above, and further in view of Glynn-Udrow et al (hereinafter “Glynn-Udrow”, U.S. Patent 11,869,031).
With regard to claims 13 and 14, Yang in view of LaForge teach all the features as described above except for teaching that the comparing of the URL for the webpage to the configuration information stored in memory on the computer is performed using a browser extension that includes the configuration information. Glynn-Udrow is cited to show a browser extension that compares the URL for a webpage to configuration information (See claim 1 of Glynn-Udrow). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the invention to provide the web browser of Yang in view of LaForge with a browser extension for comparing the URLs as taught by Glynn-Udrow. The rationale is as follows: One of ordinary skill in the art would have been motivated to provide the web browser of Yang in view of LaForge with a browser extension for comparing the URLs as taught by Glynn-Udrow since browser extensions allow you to customize your web browser to include security enhancements by blocking suspicious URLs.
Response to Arguments
Applicant's arguments filed on April 4, 2026 have been fully considered but they are not persuasive.
Applicant asserts on page 8 that “[t]he reference numerals have been corrected as requested in the attached corrected specification”, but the Office has not received a corrected specification.
Applicant asserts on pages 9 and 10 that “Yang is directed to a cloud-based security system (see Abstract), and filter 205a of Yang is performed by security services 160 (see FIG 2A) of a network security system 125 accessed via public networks 115 external to endpoints 110, as shown by Yang FIG. 1” and “[i]n contrast, the method of claim 1 is performed at the endpoint device 102a, as shown by Applicant at FIG. 7A”.
It is the Examiner’s position that Yang teaches an embodiment in Figure 11 and columns 26-28 as set forth above that is the method of claim 1 performed at the endpoints 110.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM R KORZUCH whose telephone number is (571) 272-7589. The examiner can normally be reached Mon.-Fri. 8:00-4:00.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WILLIAM R KORZUCH/Supervisory Patent Examiner, Art Unit 2491
Prosecution Insights