Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-20 are pending in this office action.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on October 25, 2024, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Specification
The disclosure is objected to because of the following informalities: the CROSS-REFERENCE TO RELATED APPLICATIONS section needs updated to reflect applications that have matured into patents. Appropriate correction is required.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,166,905. Although the claims at issue are not identical, they are not patentably distinct from each other because both application and patent claim monitoring traffic between the user device and the Internet where the monitoring is at a middle location, inline between the user device and an endpoint; responsive to the traffic being encrypted, performing one or more operations to enable accessing the encrypted traffic; analyzing the traffic based on the policy; and performing actions.
The patent claims one of allowing, blocking, or limiting the traffic based on the analyzing instead of performing actions and also claims a tunnel. It would have ben obvious to use a tunnel for communication since the tunnel keeps communications secure.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., an abstract idea) without significantly more. The claims are directed to the abstract idea of collecting and analyzing data to enforce a policy. Claim 1 recites monitoring users, obtaining a policy, inspecting encrypted traffic, and performing actions based on the inspection. These steps describe the general concept of filtering information, which is a longstanding human activity and a fundamental mental process of data manipulation. The abstract idea is not integrated into a practical application. The claims recite performing these functions in a "cloud-based security system." However, the specification indicates that the system is implemented using generic computer hardware such as a "processor," "memory," and "network interface." The application of an abstract idea using a generic computer environment does not constitute a practical application that improves the computer's functionality itself. The claims do not recite an "inventive concept" that is significantly more than the abstract idea. The additional elements—monitoring traffic, obtaining rules (policy), and performing an action—are well-understood, routine, and conventional in the network security industry. The requirement that the inspection be "inline" or "cloud-based" does not represent a technical improvement over existing security architectures, but rather a different location for performing the same conventional abstract steps.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Yadav et al. (U.S. Patent Pub. No. 2016/0080502) in view of Blair et al. (U.S. Patent Pub. No. 2017/0012870).
Regarding claims 1 and 11, Yadav et al. teaches a method of cloud-based inline encrypted traffic inspection, the method comprising steps of: monitoring a plurality of users having associated user devices communicating over the Internet and the plurality of users are each associated with a plurality of organizations (paragraph 0171); obtaining policy for the any user where the policy is determined by an associated organization of the any user and policy defines how the encrypted traffic is inspected (paragraph 0175); inspecting the encrypted traffic for the any user based on the obtained policy (paragraph 0194); and performing actions on the encrypted traffic based on the inspecting (paragraph 0422).
Yadav et al. does not teach responsive to traffic being encrypted by any user of the plurality of users, performing operations to enable inline access to the encrypted traffic for the any of the plurality of users.
Blair et al. teaches responsive to traffic being encrypted by any user of the plurality of users, performing operations to enable inline access to the encrypted traffic for the any of the plurality of users (paragraph 0050).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to combine enabling inline access to encrypted traffic, as taught by Blair et al., with the method of Yadav et al. It would have been obvious for such modifications to provide a more robust security solution where encrypted traffic from multiple organizations is not just securely transported, but is intelligently routed and inspected based on the specific application type.
Regarding claims 2 and 12, Yadav et al. as modified by Blair et al. teaches wherein the policy includes configuration or rules applied to the encrypted traffic related to one or more of access control, threat prevention, and data protection (see paragraph 0130 of Blair et al.).
Regarding claims 3 and 13, Yadav et al. teaches wherein the actions include one of allowing, blocking, or limiting the encrypted traffic (paragraph 0422).
Regarding claims 4 and 14, Yadav et al. as modified by Blair et al. teaches wherein the plurality of organizations include a plurality of policies with each policy defined by the associated organization (see paragraph 0080 of Blair et al.).
Regarding claims 5 and 15, Yadav et al. as modified by Blair et al. teaches wherein the operations include breaking the encrypted traffic where a node acts as an interception proxy (see paragraph 0013 of Blair et al.).
Regarding claims 6 and 16, Yadav et al. teaches wherein the encrypted traffic includes any of Secure Sockets Layer (SSL), Transport Layer Security (TLS), Hypertext Transfer Protocol Secure (HTTPS), and Datagram TLS (DTLS) (paragraph 0733).
Regarding claims 7 and 17, Yadav et al. teaches wherein the steps further include blocking the encrypted traffic responsive to being unable to perform the one or more operations (paragraph 0352).
Regarding claims 8 and 18, Yadav et al. teaches wherein the steps further include blocking the encrypted traffic responsive to the user device being in a specific location (paragraph 0185).
Regarding claims 9 and 19, Yadav et al. teaches wherein the encrypted traffic is associated with an application utilizing certificate pinning (paragraph 0739).
Regarding claims 10 and 20, Yadav et al. teaches wherein the inspecting includes analyzing a Uniform Resource Locator (URL) based on the policy (paragraph 0010).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON HOFFMAN whose telephone number is (571)272-3863. The examiner can normally be reached Monday-Friday 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433