DETAILED ACTION

Currently pending claims are 1 – 20.

Claim Objection
Claims 11 and 19 are objected to because of the following informalities (and Examiner respectfully request to correct as follows): “one or more processors” should be replaced with “one or more hardware processors (or one or more processor devices)” – Examiner notes this is because a computer processor could be a software processor (e.g. a Microsoft WORD processor).  Appropriate correction(s) is (are) required.  // “A computer processor” may include the “software processor” (e.g. a word processor) //

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 19 is rejected under 35 U.S.C. 101 because the claimed invention may be directed to software per se which is directed to non-statutory subject matter.  Examiner notes for a system claim, at least one recited element, in the claim body, must be a hardware component; however, the claim may be reasonably interpreted as being not limited to hardware elements according to the disclosure of the specification (SPEC-PG.PUB: Para [0109]: a processing entity can be hardware-basd or software-based or can be formed using a combination of hardware and software – i.e. which is not limited to a "hardware processor", wherein  a functional module may take the form of “software”) and thus the claim may be merely directed to software per se as a non-statutory subject matter for a system claim.  It is in the claim body, for example, including the changes of (i) a “storage device” as well as (ii) “one or more hardware procecssors” (& “the one or more hardware procecssors”). Any other claims not addressed are rejected by virtue of their dependency.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



Claims 1 – 4, 6 – 14 and 16 – 20 are rejected under 35 U.S.C.103 as being unpatentable over Anders et al. (U.S. Patent 10,902,072), in view of DI et al. (U.S. Patent 2009/0307746).  


As per claim 1, 11 & 19, Anders teaches a method for performing policy-based user device security checks, the method comprising: 
establishing a trust policy that governs interactions over a plurality of content objects in a collaboration system that manages sharing of the plurality of content objects with multiple users at corresponding user devices (Anders: Figure 2 & 4, Col. 7 Line 11 – 16 and Col. 9 Line 3 – 16 / Line 24 – 26 / Line 45 – 55: providing a cloud compuing infrastructure (as a collaboration system) that supports and manages content sharing among a plurality of users over a network based on security policies / compliance requirements); 
receiving a content object from a first user device, the content object being uploaded to the collaboration system (Anders: see above & Col. 2 Line 64 – 66: a user device (i.e. a 1st user device) can upload data content to a web server for sharing with other user devices); 
sharing the content object with a second user (Anders: see above); 
gathering, upon receiving an interaction event raised by a second user device of the second user, a set of interaction attributes associated with interaction event (Anders: see above & Col. 10 Line 56 – 65 and Col. 9 Line 53 – 55: when content is shared to a social medium platform, a security event is provided for cloud consumers (users) (e.g. a 2nd user device) to access the shared content) that includes (e.g.) the respective attribute(s) such as identity information for verification, protection (e.g. access permission) for data / resource access, and etc. (Anders: Col. 9 Line 53 – 55)); 
applying the trust policy to the interaction attributes to determine security conditions that correspond to the interaction events (Anders: see above & Col. 7 Line 11 – 15).
However, Anders does not disclose expressly generating responses to the interaction events, the responses being generated based at least in part on the security conditions.
DI (& Anders) teaches generating responses to the interaction events, the responses being generated based at least in part on the security conditions (DI: Para [0010] and Para [0064]: (a) managing security of an access admission control on a connection between user equipments (UE(s)) (i.e. a 1st user device and a 2nd user device (DI: Para [0010]), wherein (b) generating a response for preventing the UE without antivirus software from accessing the network (DI: Para [0064]) according to the the admission control w.r.t. software information of the UE based on (e.g.) a checking whether the software version or configuration of the UE meets the network security requirements or not – this is consistent with the disclosure of the instant specification (SPEC: Para [0028]: checking the user device to determine if an antivirus agent is installed).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of generating responses to the interaction events, the responses being generated based at least in part on the security conditions because DI’s teaching can effectively and securely evaluate whether the UE meets the network security requirements or not and preventing the UE without antivirus software from accessing the network in response to the checking (see above) within the Anders’s system of supporting and managing content sharing among a plurality of users over a network based on security policies / compliance requirements (see above). 

As per claim 2, 12 and 20, Anders as modified teaches wherein the first user device is associated with a first user in a first enterprise, and wherein the second user device is associated with a second enterprise that is different from the first enterprise (Anders: see above & Col. 7 Line 17 – 16: across several (different) organizations).  

As per claim 3 and 13, Anders as modified teaches comparing user device information to the security conditions to identify one or more unsatisfied conditions, wherein the responses are generated based at least in part on the unsatisfied conditions (Anders: see above: includes (e.g.) the respective attribute(s) such as the identity for verification, protection (e.g. access permission) for data / resource access, and etc. (Anders: Col. 9 Line 53 – 55)) || (DI: see above: preventing the UE without antivirus software from accessing the network (DI: Para [0064]) according to the the admission control w.r.t. software information of the UE based on (e.g.) a checking whether the software version or configuration of the UE meets the network security requirements or not).  

As per claim(s) 4, 6 – 7, 14 and 16 – 17, the claims contain(s) similar limitations to claim(s) 1 and thus is/are rejected with the same rationale

As per claim 9 (& Claim 8) and 18, Anders as modified teaches wherein the security conditions pertain to at least one of, an installed antivirus program, a file encryption capability, a firewall capability, or an analysis within a virtual system (Anders: see above: (e.g.) an analysis within a virtual system) || (DI: Para [0010] and Para [0064]: (a) managing security of an access admission control on a connection between user equipments (UE(s)) (i.e. a 1st user device and a 2nd user device (DI: Para [0010]), wherein (b) the admission control may be performed for the users according to the software information of the UE based on (e.g.) a checking whether the software version or configuration of the UE meets the network security requirements or not – for example, in response to the checking, preventing the UE without antivirus software from accessing the network (DI: Para [0064])).

As per claim 10, Anders as modified teaches wherein the security conditions correspond to one or more trust levels (Anders: see above & Col. 9 Line 53 – 60: (a) at least one security level and/or (b) security requirements w.r.t. Serveice Level Agreement (SLA) constitutes at least two or more trust levels).  

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Anders et al. (U.S. Patent 10,902,072), in view of DI et al. (U.S. Patent 2009/0307746), and in view of Palomaki et al. (U.S. Patent 2014/0208425).  

As per claim 5 and 15, Palomaki (& Anders) teaches wherein an instance of a trust agent is delivered to the user device to retrieve the user device information (Palomaki: Para [0020]: implementing and delivering a security agent to operate on behalf of a user device to retrieve the user security credentials so as to extract a list of applications installed on the user device).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of generating responses to the interaction events, the responses being generated based at least in part on the security conditions because Palomaki’s teaching can effectively and securely implement and deliver a security agent to operate on behalf of a user device to retrieve the user security credentials so as to extract a list of applications installed on the user device (see above) within the Anders’s system of supporting and managing content sharing among a plurality of users over a network based on security policies / compliance requirements (see above). 



Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2283 – 2021
---------------------------------------------------