DETAILED ACTION
This is a final Office action in response to communications received on 12/10/2025. Claims 1, 3, 6, 10-11, 13, 16, and 20 are amended. Claims 2, and 12 are canceled. Claims 1, 3-11, and 13-20 are examined and are pending. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments filed 12/10/2025, to claim 1 have been fully considered.
Applicant’s Remarks regarding 103 have been considered, but have not been found persuasive.
Consequently, the rejection of the claims under 35 U.S.C. § 103 is sustained.
Applicant argues on page 2 on the Remarks that Roth does not disclose or suggest the newly amended features of independent claim 1 that recites: “accessing, by the inline security platform, the transmitted data in the external platform through an application programming interface (API) of the external platform”. The argument is moot because newly added claim limitations, require new grounds of rejection necessitated by the amendments.
Applicant argues on pages 2-3 on the Remarks that Ditchburn does not disclose or suggest the newly amended features that recites: “executing, by the inline security platform, one or more API functions of the type of operation on the transmitted data within the external platform to remedy the violation of the one or more security policies”. The argument is moot because newly added claim limitations, require new grounds of rejection necessitated by the amendments.
Applicant argues on page 3 on the Remarks that Roth does not disclose or suggest “determining, by the inline security platform, a type of operation to perform on the transmitted data within the external platform according to a severity of the one or more security policies the transmitted data violates” as newly claimed. The argument is moot because newly added claim limitations, require new grounds of rejection necessitated by the amendments. [please see the rejections below]
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
In addition, Applicant’s remaining arguments filed 12/10/2025, with respect to the rejection of claims 1-20 under 35 USC § 103 have been fully considered but are moot because newly added claim limitations requiring “accessing, by the inline security platform, the transmitted data in the external platform through an application programming interface (API) of the external platform;”, “in response to accessing the transmitted data in the external platform, determining, by the inline security platform, a type of operation to perform on the transmitted data within the external platform according to a severity of the one or more security policies the transmitted data violates;”, “executing, by the inline security platform, one or more API functions of the type of operation on the transmitted data within the external platform to remedy the violation of the one or more security policies”, require new grounds of rejection necessitated by amendments.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 4, 7, 9, 11, 14, 16-17 and 19-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Independent claims, 1, 11 and 20 have been amended to remove the claim limitation “performing . . . an operation” and added instead “determining . . . a type of operation” followed by “executing . . . one or more functions of the type of operation”. As a result, all references in claims 1, 4, 7, 9, 11, 14, 16-17 and 19-20 to “the operation being performed” lack antecedent basis because no operations are disclosed as being performed in the claims anymore. The Examiner suggests replacing “the operation being performed” with “the type of operation executed”.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3, 5, 7-9, 11, 13, 15, and 17-20 are rejected under 35 U.S.C. 103 over Barel (US 12,495,061) in view of Shaon (US 2021/0157906).
Regarding claim 1, Barel teaches the limitations of claim 1 as follows:
A method comprising: obtaining, by an inline security platform, data transmitted between a client platform and an external platform through the inline security platform
(Barel, Col. 3, ll. 35-45, Col. 5, ll. 26-31, Col. 7, ll. 21-27, col. 9, ll. 26-30, col. 12, ll. 39-51, Fig. 1A-B, 7, the cloud-based system 100 (i.e. inline platform) (including enforcement nodes 150, Central authority 152, and log router 154) provides inline monitoring inspecting live network traffic between users (i.e. client platform), the Internet and cloud services 106 (i.e. external platform) to remote file shares and applications. Traffic is routed through the cloud-based system. Enforcement nodes receive, terminate, and process the traffic internally (i.e., obtaining traffic/data transmitted));
determining, by the inline security platform, whether one or more actions performed by the external platform on the transmitted data violates one or more security policies (Barel, Col. 3, ll. 35-45 & 57-63, col. 8, ll. 12-35; col. 12, ll. 39-51, col. 13, ll. 41-51, col. 23, ll. 59-64 and Figs. 1A, 11, 13-14, each of the enforcement nodes 150 of the cloud-based system generate a decision vector for a content item, classify the content/actions as violating, non-violating, neural, unknown based on the security policies to determine whether those actions of non-human/external entities/cloud services (i.e. action performed by external platform) violates the policies and/or exceeds their permissions);
in response to determining that at least one of the one or more actions performed by the external platform on the transmitted data violates the one or more security policies, accessing, by the inline security platform, the transmitted data in the external platform, (Barel, Col. 3, ll. 35-45, col. 8, ll. 12-35; col. 9, ll. 25-30, col. 12, ll. 39-51, col. 13, ll. 41-51, col. 19, ll. 13-32, Figs. 1A, 11 and 13-14: in response to detecting non-compliance of policies via tracking traffic and requested content items is a violation, continuously tracking and inspecting (i.e. accessing) by the cloud based system 100 (including enforcement nodes 150, Central authority 152, and log router 154) traffic between the user 102, the internet 104 and the cloud services 106 including remote file shares and applications);
in response to accessing the transmitted data in the external platform, determining, by the inline security platform, a type of operation to perform on the transmitted data according to a severity of the one or more security policies the transmitted data violates (Barel, Col. 3, ll. 35-45, col. 8, ll. 12-35; col. 12, ll. 39-51, col. 19, ll. 13-32, Col. 25, ll. 2-55, col. 26, ll. 25-47, Figs. 1A, 7 & 26-27, in response to continuously tracking and inspecting (i.e. accessing) by the cloud based system traffic between the user, Internet and cloud services including remote file shares and applications, determining by the cloud based system 100 (i.e. inline security platform) a remediation to perform on the traffic identified as violating/being non-compliant with a policy such as preventing distribution, allowing the traffic, modifying, or cleaning (i.e., operation to perform) with a prioritization given towards the remediation that solves the most threats as determined by severity and risk score for the policy being violated);
and providing, by the inline security platform, a notification representing the operation being performed to remedy the violation of the one or more security policies. (Barel, Col. 3, ll. 35-45, col. 8, ll. 12-35, Col. 25, ll. 2-54, col. 26, ll. 25-47, Figs. 1A, 2-4, 26-27, the cloud based system provides alert and activity logs on a per-user basis. Therefore, the cloud based system monitors, diagnoses, generate alerts, and performs remedial actions to address non-compliant policy detections).
Barel does not explicitly teach:
perform operations within the external platform,
accessing data through an application programming interface (API) of the external platform;
executing, by the inline security platform, one or more API functions of the type of operation on the transmitted data within the external platform to remedy the violation of the one or more security policies;
However, Shaon in the same field of endeavor teaches:
perform operations within the external platform, (Shaon, Paras. [0030]-[0035], [0040]-[0045], and Figs. 1-4, alter distributed file systems (e.g., HDFs), run in frameworks such as Hive or Pig (i.e. external platform), execute queries inside the platform).
accessing data through an application programming interface (API) of the external platform; (Shaon, Paras. [0020]-[0021], [0030]-[0035], [0040]-[0042], [0060], and Figs. 1-4, shows that the interaction with the external platform is API-based. Access occurs through software framework, services, daemons, and applications (i.e., API). “an executable code package 122 may be embodied in a data access framework, such as Apache Hive,……” (API/query-level access)).
executing, by the inline security platform, one or more API functions of the type of operation on the transmitted data within the external platform to remedy the violation of the one or more security policies; (Shaon, Paras. [0030]-[0035], [0040]-[0042], [0045], and Figs. 1-4, code packages that interface with underlying database are executed, so the operations occur in the database platform itself, using its interfaces (APIs). API functions (e.g., SQL queries, Hive/Spark operations, etc.) are executed inside Hive, which is the external platform).
Shaon is combinable with Barel, because both are from the same field of compliance of security policies on transmitted data. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to integrate an application programming interface of the external platform to perform operations, as taught by Shaon with Barel’s method in order to enforce security policies within the external platform as well.
As per claims 11 and 20, claims 11 and 20 encompass same or similar scope as claim 1. Therefore, claims 11 and 20 are rejected based on the reasons set forth above in rejecting claim 1.
Regarding claim 3, Barel and Shaon teaches the limitations of claims 1-2. Shaon teaches the limitations of claim 3 as follows:
The method of claim 1, wherein the one or more API functions are specific to the external platform. (Shaon, Paras. [0030]-[0035], [0040]-[0042], [0045], and Figs. 1-4, the executable code packages that are structured to interface with databases are formulated in form of APIs understood by the external platform).
The same motivation to combine utilized in claim 1 is equally applicable in the instant claim.
As per claim 13, claim 13 encompass same or similar scope as claim 3. Therefore, claim 13 is rejected based on the reasons set forth above in rejecting claim 3.
Regarding claim 5, Barel and Shaon teaches the limitations of claims 1-2. Barel teaches the limitations of claim 5 as follows:
The method of claim 1, wherein the external platform comprises at least one of an email application, a communication platform, a large language model (LLM) platform, or a generative artificial intelligence platform. (Barel, Col. 18, ll. 41-49, email applications are one of the external platforms (i.e., an email application, or ….)).
As per claim 15, claim 15 encompass same or similar scope as claim 5. Therefore, claim 15 is rejected based on the reasons set forth above in rejecting claim 5.
Regarding claim 7, Barel and Shaon teaches the limitations of claims 1-2. Barel teaches the limitations of claim 7 as follows:
The method of claim 1, comprising: in response to determining that at least one of the one or more actions performed by the external platform on the transmitted data violates the one or more security policies, performing, by the inline security platform, a second operation within the inline security platform, wherein the operation is different from the second operation. (Barel, Col. 6, ll. 33-39, Col. 25, ll. 2-54, col. 26, ll. 25-47: cloud based system performs a remedial action (i.e., a second operation) when a violation is detected, including terminating the connection, or blocking the file. And it’s different from the operation).
As per claim 17, claim 17 encompass same or similar scope as claim 7. Therefore, claim 17 is rejected based on the reasons set forth above in rejecting claim 7.
Regarding claim 8, Barel and Shaon teaches the limitations of claims 1-2. Barel teaches the limitations of claim 8 as follows:
The method of claim 7, wherein performing the second operation comprises blocking transmission of the data. (Barel, Col. 6, ll. 16-22, Col. 25, ll. 2-54, col. 26, ll. 25-47: workloads are blocked from communicating until they are validated by a set of attributes (i.e., blocking transmission of the data)).
As per claim 18, claim 18 encompass same or similar scope as claim 8. Therefore, claim 18 is rejected based on the reasons set forth above in rejecting claim 8.
Regarding claim 9, Barel and Shaon teaches the limitations of claims 1-2. Barel and Shanon teach the limitations of claim 9 as follows:
The method of claim 1, wherein the operation comprises at least one of an email quarantine operation (Barel, Col. 8, ll. 1-34, the operation includes precluding distribution of all traffic, including email, upon classifying it into a category of violating (i.e., an email quarantine operation.) within the external platform (Shaon, Paras. [0030]-[0035], [0040]-[0042], [0045], and Figs. 1-4, functions are executed inside Hive, which is the external platform), a reconfiguration of a user status within the external platform, blocking outside user access to the data within the external platform, or transmission of a message using the external platform.
The same motivation to combine utilized in claim 1 is equally applicable in the instant claim.
As per claim 19, claim 19 encompass same or similar scope as claim 9. Therefore, claim 19 is rejected based on the reasons set forth above in rejecting claim 9.
Claims 4, 6, 14 and 16 are rejected under 35 U.S.C. 103 over Barel (US 12,495,061) in view of Shaon (US 2021/0157906), and further in view of Roth (US 2016/0205110).
Regarding claim 4, Barel and Shaon teaches the limitations of claims 1-2. Neither Barel or Shaon teaches the limitations of claim 4, however Roth in the same field of endeavor teaches the limitations of claim 4 as follows:
The method of claim 1, further comprising: identifying, by the inline security platform, a rule of the inline security platform that indicates that the inline security platform is to perform the operation within the external platform based on the one or more actions performed by the external platform on the transmitted data violating the one or more security policies and based on the data being associated with the external platform, and wherein the rule of the inline security platform further indicates that the inline security platform is to perform a second operation within a second external platform based on the one or more actions performed by the external platform on the transmitted data not 2 violating the one or more security policies and based on the data being associated with the second external platform, wherein the operation is different from the second operation. (Roth, Paras. [0016]-[0022], [0026]-[0027], [0030]-[0035], and Fig. 1, describe an entity/component of a multi-tenant environment identifying policies controlling operations that can be performed within an region by an instance outside the region (i.e. an external platform) that is authorized, trusted, or properly tagged, to receive or process the operation in accordance with the policy, and the instance, not trusted, not tagged, or outside of the security boundary, cannot receive or transmit the data (violates the security policy)).
Roth is combinable with Barel-Shaon, because all are from the same field of compliance of security policies on transmitted data. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to utilize rules of the inline security platform, as taught by Roth with Barel-Shaon’s method in order to limit access for unauthorized external platforms.
As per claim 14, claim 14 encompass same or similar scope as claim 4. Therefore, claim 14 is rejected based on the reasons set forth above in rejecting claim 4.
Regarding claim 6, Barel and Shaon teaches the limitations of claims 1-2. Roth in the same field of endeavor teaches the limitations of claim 6 as follows:
The method of claim 1, wherein executing one or more API functions of the type of operation on the transmitted data within the external platform to remedy the violation of the one or more security policies comprises: accessing a stored association between the operation and a function of the external platform; (Roth, Paras. [0016]-[0017], [0024]-[0028], [0031], [0035]-[0037], and Fig. 1, using one more APIs in conjunction with tags, security levels, compartments, or policies (i.e., stored association), that link an operation (read, write, transmit, store), to the function of the tagged instances/regions).
and using the function on the external platform to perform the operation. (Roth, Paras. [0016]-[0017], [0024]-[0028], [0035]-[0037], and Fig. 1, show that the system uses the functions of the tagged instances/regions to perform the operation).
The same motivation to combine utilized in claim 4 is equally applicable in the instant claim.
As per claim 16, claim 16 encompass same or similar scope as claim 6. Therefore, claim 16 is rejected based on the reasons set forth above in rejecting claim 6.
Claim 10 is rejected under 35 U.S.C. 103 over Barel (US 12,495,061) in view of Shaon (US 2021/0157906), and further in view of Baffes (US 2004/0123145).
Regarding claim 10, Barel and Shaon teaches the limitations of claims 1-2. Barel and Baffes in the same field of endeavor teaches the limitations of claim 10 as follows:
The method of claim 1, wherein executing one or more API functions of the type of operation on the transmitted data within the external platform to remedy the violation of the one or more policies comprises: identifying, by the inline security platform, a label associated with the data at the external platform, wherein the label represents a security level for the data identified and assigned by the external platform; (Barel, Col. 6, ll. 65-67, Col. 7, ll. 1-20, Col. 7, ll. 64-67, Col. 8, ll. 1-34, the cloud computing system (i.e. inline security platform) identifies data/traffic as associated with labels or classifications such as, threat classifications, decision vectors, and inspection outputs (i.e., labels associated with data)).
Barel and Shaon do not explicitly disclose:
determining, by the inline security platform, whether the label associated with the data by the external platform violates the one or more security policies;
in response to determining the label associated with the data violates the one or more security policies, generating, by the inline security platform, another label to associate with the data that does satisfy the one or more security policies;
removing, by the inline security platform, the label associated with the data;
and storing, by the inline security platform, the data and the other label associated with the data in the external platform.
However, Baffes in the same field of endeavor teaches the limitations of claim 10 as follows:
determining, by the inline security platform, whether the label associated with the data by the external platform violates the one or more security policies; (Baffes, Paras. [0031]-[0033], after assigning a classification label, the administrator either accept the classification, re-labels the data, or refine the label determining what part of policy need to be modified (i.e., violates the one or more security policies). Therefore, the system determines whether the label associated with the data is compliant with, or violates the security policies).
in response to determining the label associated with the data violates the one or more security policies, generating, by the inline security platform, another label to associate with the data that does satisfy the one or more security policies; (Baffes, Paras. [0032]-[0033], re-label the data (i.e., generating another label)).
removing, by the inline security platform, the label associated with the data; (Baffes, Paras. [0032]-[0033], re-label or discarding/removing the label associated with the data).
and storing, by the inline security platform, the data and the other label associated with the data in the external platform. (Baffes, Paras. [0032]-[0033], [0036]-[0037] and claims 5, 15, 16-18, Fig. 3B: system event data comprising labels associated with the data are stored in the database of system event data (i.e. external platform)).
Baffes is combinable with Barel-Shaon, because all are from the same field of compliance of security policies on the transmitted data. It would have been obvious to a person having ordinary skill in the art before the effective filling date of the invention to generate another label for the data in compliance with the security policies, as taught by Baffes with Barel-Shaon’s method in order to allow the refinement and growth of the security policy over time. [See Baffes, Para. [0033]]
References Considered But Not Relied Upon
DiVincenzo (US 2023/0300149) discloses performing remediation actions based on the severity or score associated with the model contextual relationship.
Kare (US 2024/0362264) discloses a system and method for affixing labels to data transmitted between an external platform and a client platform.
Dambrot (US 2025/0267169) discloses a system and method for monitoring data for accuracy, performance, and security risks using AI models.
Conclusion
Accordingly, claims 1, 3-11, and 13-20 are rejected.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PEGAH BARZEGAR whose telephone number is (703)756-4755.
The examiner can normally be reached M-F, 9:00 - 5:30. Examiner interviews are available via telephone, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787. The fax phone number for the Application/Control Number: 17/470,067 Page 17 Art Unit: 2438 organization where this application or proceeding is assigned is 571-273- 8300. Application/Control Number: 17/386,076 Page 25 Art Unit: 2438 Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patentcenter for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272- 1000.
/P.B./Examiner, Art Unit 2438
/SHARON S LYNCH/Primary Examiner, Art Unit 2438