Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claims 1-24 are presented for examination.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claim 1 recites the following limitations:
“creating a first environment that is at least partially isolated from a second environment, wherein both the first and second environments are hosted on an endpoint and wherein the first environment comprises a secure web browser that has been verified by a backend associated with an organization”;
“detecting, by the secure web browser, an event that has a corresponding trigger, wherein the event comprises any one of a user event, administrator event, or a server-initiated event”;
“firing a corresponding trigger to perform a set of one or more actions that manages activity in the first environment or activity by the secure web browser based on a context of the event”;
Each of these limitations would be practical to perform in the mind with the aid of pencil and paper, thus directed towards a mental process (see MPEP §2106.04(a)(2)(III)). Each of these limitations work together to work on to start to browsing data event and responding with initiate to perform access data which is specifically a focal point of searching data event. This is the type of browsing data event that goes into start the searching data can reasonably be done in the human mind. As result, the limitations listed recite an abstract idea.
This judicial exception is not integrated into a practical application. Claim 1 further recites “an endpoint” and “a backend associated with an organization”. The claimed “an endpoint” and “a backend associated with an organization” is a generic computer component that is being claimed as just a tool to perform the claimed mental steps. Performing an abstract idea on a computer tool does not transform the abstract idea into a practical application (see MPEP §2106.05(f)). The claimed initiate browser application to start data search event is insignificant extra solution activity and does not transform the claimed abstract idea into a practical application (see MPEP §2106.05(g)). The additional elements have been considered alone, and in combination with the claimed invention as a whole, but does not integrate the abstract idea into a practical application. As result, the invention is directed towards an abstract idea.
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of the “a first environment that is at least partially isolated from a second environment” amounts to no more than mere mentally separating environment to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The creation of two isolated denouements are an insignificant extra solution activity, which is additional well understood routine, and conventional. As result, the claim is not patent eligible.
Claims 2-13 are directed towards an abstract idea as well, therefore, the same rationale applies to claim 2-13 as provided in the rejection to claim 1. As result, claim 2-13 are not patent eligible. Similarly, 14-24 are also not patent eligible.
2. Claims 21-24 are rejected under 35 U.S.C. 101 because the claim invention is directed to non-statutory subject matter. These are “apparatus” claims without showing any tangible or hardware elements in the body of the claims. Therefore, it is evidentiary that these “apparatus” claims do not comprises any tangible components or hardware elements. For example, “a processor” and “a machine-readable medium” are just software module, not any hardware or tangible module. Hence, the “apparatus” is reasonably interpreted by one of ordinary skill as just software, it is a system of software, per se. The function of the system is just software not any hardware. Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760 (claim to a data structure per se held nonstatutory). Such claimed data structures do not define any structural and functional interrelationships between the data structure and other claimed aspects of the invention which permit the data structure’s functionality to be realized. Similarly, computer programs module claimed as computer instructions per se, i.e., the descriptions or expressions of the programs, are not physical “things.” They are neither computer components nor statutory processes, as they are not “acts” being performed. Such claimed computer programs modules do not define any structural and functional interrelationships between the computer program and other claimed elements of a computer which permit the computer program’s functionality to be realized. Accordingly, it is important to distinguish claims that define descriptive material per se from claims that define statutory inventions. So, it does not appear that a claim reciting software module with functional descriptive material falls within any of the categories of patentable subject matter set forth in § 101.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-24 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. In these claims applicants mention “a corresponding trigger”, which is generally narrative and indefinite with the invention. Applicants do not point out clearly which options include in the present invention by these vague terms. Any ordinary skill in the art could not understand what the intent meaning of the claim invention is by using these ambiguous terms of “a corresponding trigger”. This claim element mentions in second and third limitations. It is not clear both are the same claim element or different. Appropriate correction needs to overcome the rejection.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-24 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of patent no. 12,452,306. Although the claims at issue are not identical, they are not patentably distinct from each other because they recite substantially the same limitations and are anticipated by the parent application.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-24 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Chen et al hereafter Chen (US pat. App. Pub. 20230102116).
5. As per claims 1, 14, and 21, Chen teaches a method, a non-transitory machine-readable medium, and an apparatus comprising: creating a first environment that is at least partially isolated from a second environment, wherein both the first and second environments are hosted on an endpoint and wherein the first environment comprises a secure web browser that has been verified by a backend associated with an organization (paragraphs: 31, 39, and 62, wherein it emphasizes creating a secure web browser as a separate environment in a client device which is verified by a server); detecting, by the secure web browser, an event that has a corresponding trigger, wherein the event comprises any one of a user event, administrator event, or a server-initiated event; and firing a corresponding trigger to perform a set of one or more actions that manages activity in the first environment or activity by the secure web browser based on a context of the event (paragraphs: 29, 40, and 59, wherein it elaborates the web browser detects an event of request to access a remote server and the web browser starts to perform actions in response to access the resources from the remote server).
6. As per claim 2, Chen teaches the method, wherein firing the corresponding trigger is either in-line or in parallel with the event (paragraphs: 3, 7, 23).
7. As per claim 3, Chen teaches the method, wherein the set of one or more context-based actions comprise one or more of: allowing the event; blocking the event; generating an alert in the secure web browser or in the first environment; generating an alert to an administrator; prompting a user associated with the secure web browser to provide information corresponding to the event (paragraphs: 47-49); modifying the event to reduce risk of the event; communicating a logging event to a security information and event management (SIEM) system; communicating an approval request to a manager or an information technology department; requiring re-authentication; and initiating one or more preventive countermeasures to increase security and mitigate an attack (paragraphs: 44, 46, and 51).
8. As per claim 4, Chen teaches the method, wherein initiating one or more preventive countermeasures to increase security and mitigate an attack comprises at least one of: blocking access to one or more corporate resources; instructing the first environment to erase all or part of its applications or data; instructing the first environment to disable itself and/or other components running locally, either inside or outside of the first environment; instructing the first environment to reinstall the secure web browser (paragraphs: 5-6, and 12); disconnecting the endpoint from a corporate network and removing credentials from the first environment; and halting activity in the first environment for a predefined amount of time (paragraphs: 42-43, and 45).
9. As per claim 5, Chen teaches the method further comprising requiring user authentication to access the first environment (paragraphs: 8-10).
10. As per claim 6, Chen teaches the method, wherein the user authentication to access the first environment is with an identity service provider (paragraphs: 27-31).
11. As per claim 7, Chen teaches the method, wherein the user authentication to access the first environment is also used for authentication to access resources or services of an organization via the secure web browser (paragraphs: 25-26, and 39).
12. As per claim 8, Chen teaches the method comprising the secure web browser identifying a login flow with a single sign-on protocol and bypassing an authentication flow if a locally cached token is valid (paragraphs: 32-35).
13. As per claim 9, Chen teaches the method comprising locking access to the first environment or invalidating an authentication token for accessing the first environment based on detection of an event and requiring re-authentication (paragraphs: 61-63).
14. As per claim 10, Chen teaches the method, wherein the event comprises one of idle timeout for the first environment or the endpoint, locking of the endpoint, attempted access via the secure web browser or a highly secured resource, risky or malicious behavior on the endpoint, changing network connectivity of the endpoint (paragraphs: 39-41).
15. As per claim 11, Chen teaches the method, wherein requiring re-authentication comprises requiring re-authentication with a different authentication mechanism than used previously, wherein the different authentication mechanism comprises one of a single sign-on flow, a PIN, a biometric sensor, hardware security module authentication, password reset, and multi-factor authentication (paragraphs: 54-57).
16. As per claim 12, Chen teaches the method further comprising at least one of the first environment and the secure web browser monitoring user activity to detect at least one of anomalous user activity, malicious intention, and different user activity (paragraphs: 65-67).
17. As per claim 13, Chen teaches the method, wherein monitoring user activity comprises monitoring at least one of: mouse activity patterns; keyboard typing patterns; websites visited; applications being used; time worked; location; data usage; locally and remotely accessed services; remote resources accessed; running processes and services; hardware connected to the endpoint; and additional users running on the endpoint (paragraphs: 69-73).
18. As per claim 15, Chen teaches the non-transitory machine-readable medium, wherein web browser program code comprises the second instructions or a web browser extension comprises the second instructions (paragraphs: 82-84).
19. Claims 16-20, and 22-24 are listed all the same elements of claims 3-5, and 12-13. Therefore, the supporting rationales of the rejection to claims 3-5, and 12-13 apply equally as well to claims 16-20, and 22-24.
Citation of References
20. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Vazquez et al (US pat. app. Pub. 20170134428): discusses a user of a client device that is protected by a firewall may navigate to a website using a particular browser process (e.g., a window/tab of a browser) of the client device, sending a content request toward a web content server in the process. The firewall may intercept the content request, and may also receive information from the client device identifying which browser process initiated the content request. Before passing the content request to the appropriate web content server, the firewall may request and download a security policy from a security policy server. The security policy may notify the firewall which hosts are authorized/unauthorized for use with a particular domain, and which file types from each of these hosts are authorized/unauthorized for use with the particular domain. The firewall may then filter content related to the identified browser process based on the security policy.
Morikuni et al (US pat. App. Pub. 20150096001): elaborates that managing user credentials that enable access to secure websites. According to certain aspects, a browser device connects (230) to a website server that hosts a secure website. The browser device initiates (236) a credential request and enters (238) a discovery routine with a mobile device. After establishing (240) a secure channel with the mobile device, the browser device sends (248) an identification of the secure website to the mobile device, which identifies (250) corresponding user credentials and sends (252) the user credentials to the browser device. The browser device populates (254) a login page with the user credentials and accesses (256) the secure website.
Conclusion
21. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590. The examiner can normally be reached on Monday-Friday 8:30-5:30 ET.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached on 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/MOHAMMAD W REZA/Primary Examiner, Art Unit 2407