Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This is a reply to the application filed on 10/30/2024, in which, claims 1-12 are pending. Claims 1 and 6 are independent.
When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.
Information Disclosure Statement
The information disclosure statement (IDS) submitted is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings filed on 10/30/2024 are accepted.
Specification
The disclosure filed on 10/30/2024 is accepted.
Claim Interpretations - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
Use of the word “means” (or “step for”) in a claim with functional language creates a rebuttable presumption that the claim element is to be treated in accordance with 35 U.S.C. § 112(f) (pre-AIA 35 U.S.C. 112, sixth paragraph). The presumption that § 112(f) (pre-AIA § 112, sixth paragraph) is invoked is rebutted when the function is recited with sufficient structure, material, or acts within the claim itself to entirely perform the recited function.
Absence of the word “means” (or “step for”) in a claim creates a rebuttable presumption that the claim element is not to be treated in accordance with 35 U.S.C. § 112(f) (pre-AIA 35 U.S.C. 112, sixth paragraph). The presumption that § 112(f) (pre-AIA § 112, sixth paragraph) is not invoked is rebutted when the claim element recites function but fails to recite sufficiently definite structure, material or acts to perform that function.
Claim elements in this application that use the word “means” (or “step for”) are presumed to invoke § 112(f) except as otherwise indicated in an Office action. Similarly, claim elements that do not use the word “means” (or “step for”) are presumed not to invoke § 112(f) except as otherwise indicated in an Office action.
Claim 1 limitations “…definition module…configured to…;…definition module…configured to…;…definition module…configured to…;…definition module…configured to…;…definition module…configured to…;” has/have been interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because it uses/they use a generic placeholder “module” coupled with functional language without reciting sufficient structure to achieve the function. Furthermore, the generic placeholder is not preceded by a structural modifier.
Since the claim(s) limitation(s) invokes 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, claim(s) 21-29 has/have been interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph limitation: Figs. 2-3.
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action.
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph.
For more information, see MPEP § 2173 et seq. and Supplementary Examination Guidelines for Determining Compliance With 35 U.S.C. 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim 1 and the intervening claims 2-5 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Claim(s) 1 recite limitations “…definition module…configured to…;…definition module…configured to…;…definition module…configured to…;…definition module…configured to…;…definition module…configured to…;” a means (or step) plus function limitations that invokes 35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for the claimed function. The specification does not adequately disclose the structure to perform the functions of the claim. The corresponding structure must be more than a mere reference to a general purpose computer, microprocessor, specialized computer, or an undefined component of a computer system, software, logic, code, or black box element.
Applicant is required to:
(a) Amend the claim so that the claim limitation will no longer be a means (or step) plus function limitation under 35 U.S.C. 112, sixth paragraph; or
(b) Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the claimed function without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant is required to clarify the record by either:
(a) Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or
(b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Please note that for computer-implemented "means" the corresponding structure to be disclosed is the algorithm(s) or software for performing the recited function.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-12 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 20120117644 A1 (hereinafter, “Soeder”) in view of US 20170272472 A1 (hereinafter, “Adhar”).
As regards claim 1, Soeder (US 20120117644 A1) discloses: A monitoring and analysis system (Soeder: Fig. 1, security module 132), connected to an application server (Soeder: Fig. 1, web server 120), the application server being connected to a database server (Soeder: Fig. 1, database server 162), the application server receiving a dynamic request, converting the dynamic request into a dynamic resource syntax request and sending the dynamic resource syntax request to the database server, the database server responding to the application server with a dynamic web page content of the dynamic resource syntax request, the monitoring and analysis system comprising: (Soeder: Fig. 1, ¶27, i.e., the web server 12 0 may be a Java 2 Platform, Enterprise Edition (J2EE)compliant application server; ¶21, "…linking an end user's request for a web page (also defined as a "web request" or an "HTTP request") with database queries (also "SQL queries") issued by an associated web server ... "; ¶36, "…The database query results can be returned to the web service 129 for further processing by the web service, and further allowing the web service 129 to transmit or present the query results to one or more clients 102 in response to the original web request")
an information security definition module, configured to define a plurality of information security monitoring events; (Soder: Fig. 1, ¶45, "…Information on a set of predetermined locations into which software hooks are to be initially installed can be included within a set of hook information 141…"; ¶37, "…The code that handles the intercepted function calls, events, or messages is referred to a hook…")
an information security management module, connected to the information security definition module, and configured to enable or disable the plurality of information security monitoring events and set the information security monitoring events that are enabled as an enabled information security monitoring event respectively, all of the enabled information security monitoring events forming a monitoring list; (Soeder: ¶39, i.e., the security module 132 can access the operating system's means of dynamically loading and unloading dynamic linked libraries (DLLs), allowing the security module 132 to be notified whenever a DLL of interest loads or is removed from the memory associated with the web service 129; ¶45, i.e., the security module 132 can insert software hooks into these and other DLLs and locations within the web service 129)
a service connection module, configured to intrusively or non-intrusively hook an application connected to the application server; (Soeder: Fig. 1, ¶32 i.e., the security module 132 installs one or more software hooks at various locations within and associated with the web service 129)
an event listening module, connected to the service connection module, and configured to receive the monitoring list from the information security management module, listens to each activity event of the application in real time via the service connection module and transmit a data content of each activity event when each activity event belongs to one of the enabled information security monitoring events in the monitoring list, wherein the data content of the activity event is the dynamic resource syntax request; (Soeder: ¶48, i.e., the hook procedure of the security module 132 accesses a Command-type object's CommandText property to obtain the database query to be executed, retrieves the strings of the causative web or HTTP request, and passes the information to the analysis module 144 for analysis; ¶37, i.e., software hooks are inserted while software is already running/executing ... "; ¶27, i.e., database queries (also "SQL queries"))
However, Soeder does not but in analogous art, Adhar (US 20170272472 A1) teaches: a data tokenizing module, connected to the event monitoring module, and configured to receive the data content, wherein the data tokenizing module tokenizes the data content to form a tokenized data; (Adhar: Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶177, i.e., the data privacy manager (DPM), which includes a DPM token manager wherein the DPM token manager tokenizes sensitive data)
Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art to modify Soeder to include the DPM token manager to tokenize the sensitive data as taught by Adhar with the motivation to protect the sensitive data (Adhar: ¶19)
Soeder et al combination further teaches: a data processing module, connected to the data tokenizing module and the service connection module, and configured to edit and process the tokenized data to form a restructured data content and (¶46, i.e., the analysis module 144 can perform basic identification of tokens, including string literals, name strings, and SQL keywords such as FROM, INTO, LIKE, and WHERE, allowing the analysis module 144 to make assumptions and decisions regarding which characters should delimit any string that follows the identified token. At the beginning of each identified token, the analysis module 144 can compare the portion of the database query beginning there to each string captured from the original web request (or HTTP request) ... If the string matches a portion of the database query, and if it contains a character that would modify the syntax of the database query, then the database query can be rejected or sanitized (i.e., modified to remove any offending character and to place the database query into a state safe for use with the database. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶177, for tokenization of data)
send the restructured data content back to the application server via the service connection module so that the restructured data content is then transmitted to a database server via the application server. (Soeder: ¶48, i.e., if the database query is modified by the analysis module 144 and/or the security module 132, the hook procedure can temporarily replace the CommandText property with a modified database query, while the original method code executes if the database query can be sanitized)
Claim 6 recites substantially the same features as recited in claim above and is rejected based on the aforementioned rationale discussed in the rejection.
As regards claim 2, Soeder et al combination teaches the monitoring and analysis system according to claim 1, wherein the information security definition module defines the plurality of information security monitoring events, and each of the information security monitoring events has a tokenizing action and an editing action for different component segments of the data content; (Soeder, Figs 1, 5, ¶46, ¶76, ¶80, i.e., the analysis module 144 can perform basic identification of tokens, including string literals, name strings, and SQL keywords such as FROM, INTO, LIKE, and WHERE, allowing the analysis module 144 to make assumptions and decisions regarding which characters should delimit any string that follows the identified token. At the beginning of each identified token, the analysis module 144 can compare the portion of the database query beginning there to each string captured from the original web request (or HTTP request) ... If the string matches a portion of the database query, and if it contains a character that would modify the syntax of the database query, then the database query can be rejected or sanitized (i.e., modified to remove any offending character and to place the database query into a state safe for use with the database. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179, for tokenization of data) the data tokenizing module tokenizes the different component segments of the data content respectively according to the tokenizing action to form the tokenized data; (Soeder, Figs 1, 5, ¶46, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179) the data processing module edits and processes the different component segments of the tokenized data respectively according to the editing action to form the restructured data content. (Soeder, Figs 1, 5, ¶46, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179)
As regards claim 3, Soeder et al combination teaches the monitoring and analysis system according to claim 2, wherein the activity event is an event where the application server receives at least one user terminal to access the database server, the data content is an SQL instruction, and a syntax structure of the SQL instruction comprises commands, clauses, operators and functions. (Soeder, ¶46-¶48)
As regards claim 4, Soeder et al combination teaches the monitoring and analysis system according to claim 3, wherein the tokenizing action of the data processing module is to tokenize the SQL instruction, and a method for tokenizing is to add symbols before and after the operator to form the tokenized data. (Soeder, Figs 1, 5, ¶46-¶48, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179)
As regards claim 5, Soeder et al combination teaches the monitoring and analysis system according to claim 4, wherein the editing action defined by the data processing module is one or more of annotating, adding, removing, replacing, modifying, shielding and outputting a captured data for a tokenized part of the SQL instruction. (Soeder, Figs 1, 5, ¶46-¶48, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179)
As regards claim 7, Soeder et al combination teaches the monitoring and analysis method according to claim 6, wherein when the activity event does not belong to one of the plurality of enabled information security monitoring events, the application of the application server transmits the data content of the activity event to the database server. (Soeder, Fig. 5, ¶78, i.e., determination is made whether the query needs to be validated or not prior to being sent to the database)
As regards claim 8, Soeder et al combination teaches the monitoring and analysis method according to claim 7, wherein the monitoring and analysis system further comprises an information security definition module, and the information security definition module defines a plurality of information security monitoring events and a tokenizing action and an editing action for different component segments of the data content of each of the information security monitoring events. (Soeder, Figs 1, 5, ¶46, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179)
As regards claim 9, Soeder et al combination teaches the monitoring and analysis method according to claim 8, wherein the step of tokenizing, by the data tokenizing module, the data content to form a tokenized data further comprises tokenizing, by the data tokenizing module, the different component segments of the data content respectively according to the tokenizing action to form the tokenized data. (Soeder, Figs 1, 5, ¶46, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179)
As regards claim 10, Soeder et al combination teaches the monitoring and analysis method according to claim 9, wherein the step of editing and processing, by the data processing module, the tokenized data to form a restructured data content further comprises editing and processing, by the data processing module, the different component segments of the tokenized data respectively according to the editing action to form the restructured data content. (Soeder, Figs 1, 5, ¶46, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179)
As regards claim 11, Soeder et al combination teaches the monitoring and analysis method according to claim 6, wherein the information security management module sets a start command and a close command for each of the information security monitoring events, and before the step of connecting the service connection module to the application of the application server is performed, a process is performed according to a step of adding the information security monitoring event corresponding to the start command to the monitoring list when the information security management module receives the start command. (Soeder, Figs 1, 5, ¶40-¶46, ¶76, ¶80. See also, Adhar, Figs. 1, 8, ¶6, ¶18, ¶19, ¶175-¶179)
As regards claim 12, Soeder et al combination teaches the monitoring and analysis method according to claim 11, wherein when the information security management module receives the close command, the information security monitoring event corresponding to the close command is deleted from the monitoring list. (Soeder, Figs 1, 5, ¶40-¶49, ¶76, ¶80)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED A ZAIDI whose telephone number is (571)270-5995. The examiner can normally be reached Monday-Thursday: 5:30AM-5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SYED A ZAIDI/Primary Examiner, Art Unit 2432