Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  1/12/2021. The instant application has claims 1-10 pending. The system for filtering and encrypting message having sensitive data in message.  There a total of 10 claims.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim limitation “an information analysis and filtering unit …configured to” “ an information encryption unit …configured to” , “a data diode circuit … configured to”, “ a 
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.


	The Diebold Nixdorf v. ITC case illustrates the black box implementation of the structure is not sufficient to overcome the 35 USC §112(f). The case involved an cheque standby unit being understood to be not sufficiently described to have structure in the disclosure and a black box disclosure of this unit in the drawings was deemed insufficient.

	 And in the case of generic computer being the structure then an algorithm for the generic computer must be disclosed is specifications. See MPEP 2181, II, B[R-10.2019] see citation below with underline for emphasis.

II.    DESCRIPTION NECESSARY TO SUPPORT A CLAIM LIMITATION WHICH INVOKES 35 U.S.C. 112(f) or Pre-AIA  35 U.S.C. 112, SIXTH PARAGRAPH

B.    Computer-Implemented Means-Plus-Function Limitations
	
	The Federal Circuit case law regarding special purpose computer-implemented means-plus-function claims is divided into two distinct groups. The first group includes cases in which the specification discloses no algorithm, and the second group includes cases in which the specification does disclose an Noah, 675 F.3d at 1313, 102 USPQ2d at 1417.
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale


Mere reference to a general purpose computer with appropriate programming without providing an explanation of the appropriate programming, or simply reciting "software" without providing detail about the means to accomplish a specific software function, would not be an adequate disclosure of the corresponding structure to satisfy the requirements of 35 U.S.C. 112(b)  or pre-AIA  35 U.S.C. 112, second paragraph. Aristocrat, 521 F.3d at 1334, 86 USPQ2d at 1239; Finisar, 523 F.3d at 1340-41, 86 USPQ2d at 1623. In addition, merely referencing a specialized computer (e.g., a "bank computer"), some undefined component of a computer system (e.g., "access control manager"), "logic," "code," or elements that are essentially a black box designed to perform the recited function, will not be sufficient because there must be some explanation of how the computer or the computer component performs the claimed function. Blackboard, Inc. v. Desire2Learn, Inc., 574 F.3d 1371, 1383-85, 91 USPQ2d 1481, 1491-93 (Fed. Cir. 2009); Net MoneyIN, Inc. v. VeriSign, Inc., 545 F.3d 1359, 1366-67, 88 USPQ2d 1751, 1756-57 (Fed. Cir. 2008); Rodriguez, 92 USPQ2d at 1405-06. 
    PNG
    media_image1.png
    18
    19
    media_image1.png
    Greyscale

	

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-10  are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claimed system could be implemented exclusively in software see Spec.Par. 0040-0041. The Examiner recommends including a memory following comprising, i.e. the first limitation includes a memory followed by the rest of limitations.  See MPEP 2106 citation found below. And Fig. 1 item 300 shows an intermediary device, but it can done exclusively software residing in between secured network and unsecured network.

Non-limiting examples of claims that are not directed to one of the statutory categories:
v. a computer program per se, Gottschalk v. Benson, 409 U.S. at 72, 175 USPQ at 676-77;
vii. data per se, Digitech Image Tech., LLC v. Electronics for Imaging, Inc., 758 F.3d 1344, 1350, 111 USPQ2d 1717, 1720 (Fed. Cir. 2014).

The Examiner further notes that  “processor” used in the computer security arts, this term processor should often be interpreted as software.  When that is the case and we are making a 101 rejection in a machine or manufacture claim because the specification fails to provide a special definition that the processor must be hardware and the claim itself based on context fails to limit the processor to hardware.  The common definition found in http://lookup.computerlanguage.com for processor; and the Microsoft Computer Dictionary by Microsoft Press also supports this view.  Thus the Examiner recommends including memory, rather than processor alone to overcome the instant rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-10  is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent 1049227 to Sampson in view of Software Support for Common Criteria Security Development Process on the Example of a Data Diode to Rogowski.


Regarding Claim  1, Sampson discloses  A communication system, the communication system  comprising: a system input  connectable to the first network and intended for receiving configured to receive the at least one message, where the at least one message comprises at least one first metadata related to the operation of the first information system(Col 2 LN 31-47, the storage device transfer data to destination device); a system output   connectable to the second network(Col 2 Ln 13-30, the destination device); an information analysis and filtering unit   coupled to the system input and configured to generate intended for generating a filtered message by filtering the a least one message depending on a filtering signal such that at least one sensitive information related to the at least one first metadata is masked(Col 2 LN 14-30, mask indicator on the sensitive data); an information encryption unit   coupled with the information analysis and filtering unit, and configured to generate an encrypted message by encrypting the filtered message depending on an encryption signal(Col 15 Ln 10-45, the encrypting of block of data); a data diode circuit   coupled to the information encryption unit  , and comprising a circuit input   and a circuit output  , where the data diode circuit   is intended configured to unidirectionally transfer the encrypted message between the circuit input   and the circuit output  , and where the data diode circuit further comprises a command input   and activation unit configured to block or 

But Samspon does not disclose the higher level network to lower security network data transfer. However, Rogowski discloses least one message from a first network  of a first information system towards a second network  of a second information system, where the first network  has a higher security classification than the second network(Page 367 “The security problem…”).

It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to modify  Sampson  invention of storage device providing sensitive data to destination device  to include higher level security classification to an lower level security classification in order to provide secure data transfer without loss to data breaches as taught in Rogowski see Page 366-367 “ The IT security…”


	


Regarding Claim  2. Sampson discloses the system according to claim 1 wherein, the data diode circuit further comprises a data diode element  having a transmission unit intended configured to send the encrypted message unidirectionally, where the activation unit is configured means   are to be actuatable between a first position in which the activation unit is means   are arranged so as to interrupt a the supply of the transmission unit and a second position in which the activation unit is means   are arranged so as to activate the supply of the transmission unit(Fi.3 item 303, apply the limited expression format for data mask).  

Regarding Claim  3. Sampson discloses the system according to claim 1 wherein: the information analysis and filtering unit   is further configured to generate a first operation termination signal indicating the completion of the information analysis and filtering unit   operations; [[-]] the information encryption unit   is further intended configured to generate a second operation termination signal indicating the completion of operations of the information encryption unit (Col 15 Ln 10-45, the encrypting of block of data) ; and the processor   is further configured to generate the command signal in response to the successive generation of the first operation termination signal and the second operation termination signal(Fig. 3 item 305, 306).  



Regarding Claim   5. Sampson discloses the system according to claim 4, wherein  the portable memory is further configured to store for storing at least one contact list comprising at least one call number for a mobile device to be contacted, where each call number is related to at least one second metadata related to the operation of the first information system; the processor is further configured to include the contact list in the filtering signal; the information analysis and filtering unit is further configured to generate a relationship message relating the filtered message and at least one call number for which the at least one second metadata matches the first metadata; [[-]] the information encryption unit is further configured to relate the relationship message to the encrypted message; and [the message sending unit is further configured to send the call message depending on the relationship message.  

Regarding Claim  6. Sampson discloses thesystem according to claim 5 wherein the message sending unit is further configured  to generate and send a periodic pulse 

Regarding Claim  7. Sampson discloses the system according to claim 1,  wherein the message sending unit is further configured to destroy the call message following sending the call message(Col 12 Ln 46-55, the alerts and revelation requests).  

Regarding Claim   8. Sampson discloses the system according to claim 1,  wherein the message sending unit is configured for sending the call message by using a messaging protocol chosen among at least one of the following protocols: SMS, MMS, XMPP and SMTP(Col 12 Ln 20-42, applying the mask to data).  

Regarding Claim   9. Sampson discloses thesystem according to claim 1, the information analysis and filtering unit, the information encryption unit and the processor are included in a first enclosure(Fig. 1 & Col 8 Ln 16-30, the nodes  communicates with storage deivce 14)); the data diode circuit is included in a second enclosure (Fig. 1 & Col 8 Ln 16-30, the nodes  communicates with block device 16; and the message sending unit is included in a third enclosure(Fig. 1 & Col 8 Ln 16-30, the destination device 16).  ; wherein the first enclosure, second enclosure and third enclosure are geographically distinct from each other such that no electromagnetic radiation can be picked-up from one enclosure to another (Fig. 1 & Col 8 Ln 16-30).  



	Conclusion	

The Examiner notes that communication through email is permitted only after authorization with submission of PTO/SB/439 form. Please file this form in EFS or thorough central fax before proceeding to communicate via email with the examiner. The submission of the PTO/SB/439 form via email will NOT be accepted.


The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

US Patent Pub 2016/0226836 to Garcia, which discloses the coded messages being developed for outside of company office network

US Patent Pub 2016/0203264 to Danner, which discloses the medical images being redacted without identification information.

Cybergateways for Securing Critical Infrastructures to Dornemann, whcihc discloses the firewall approaches to providing security for data.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov