DETAILED ACTION
This Office Action is with regard to the most recent papers filed 6/30/2021.

Response to Arguments
Applicant's arguments filed 6/30/2021 have been fully considered but they are not persuasive. 
On pages 7-8, Applicant argues that Choi fails to disclose determining whether the received e-mail message is sent from an authorized node.  In support of this argument, Applicant cites the instant specification at paragraph [0038], where the firewall policy can block any email traffic that is received from a source other than the CBES system.  It should be noted that the instant claim fails to provide any basis for how it is determined that the node is authorized (it should be noted that Applicant’s remarks fail to directly address the Examiner’s assertion in the rejection that “A firewall blocks traffic that is no acceptable, where any allowed traffic is considered to be from an authorized node,” nor does Applicant specifically state how the claim subject matter should be interpreted, but instead argues that the rejection does not “verify that an incoming email has been sent by a particular authorized server,” which is not the language that is presented in the instant claim.).  It is submitted that there are many ways to determine if a node is authorized, where this would only require that some criteria is utilized to determine if traffic should be accepted from the node.  The criteria, in the case of the cited portion of the instant specification, would essentially present a whitelist, which specifies a specific source.  In the case of Choi, as cited by the Applicant, it is determined “whether inbound communications have been sent by a “spam zombie” with an illegitimate address,” where it is apparent that an authorized node, based on Applicant’s remarks (Remarks: Pages 7-8) would be a node that is determined to not be a “spam zombie.”  If Applicant intends for a specific criteria to be used to determine if a node is authorized (e.g. a whitelist or that the node is a particular node), the claim should be amended to reflect this.
Thus, as the claim fails to provide the basis for a node to be determined to be an authorized node, an authorized node is considered to be any node from which traffic is accepted, where no actual criteria is required (e.g. an open system would determine all nodes to be authorized, while restricted systems could use any criteria for the determination, such as a whitelist, blacklist, that the traffic meets the firewall policies, etc.), the rejection of the instant claims has been maintained, as presented below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0065742 (Humpries) in view of US 9,083,556 (Choi).
With regard to claim 1, Humpries discloses a method for analyzing and filtering an email message destined to a computing resource in a computer network that has been security processed by an email security system, the method comprising: 
establishing a communication link with the email security system that applies a email security policy to analyze and filter all email traffic destined to the computer network (Humpries: Figure 1.  It is noted that the “cloud-based e-mail security system” appears to refer to the overall network, and other than containing the authorized node, the cloud-based security system does not appear to have any specific functionality in the instant claim.  Further, the instant claim fails to provide for what is establishing the communication link.); 
forwarding the received email message to an on-premises email security gateway (Humpries: Figure 1 and Paragraphs [0016] to [0018].  The server agent, which acts as an intermediary for all received emails, is forwarded the message.  Lacking detail of what constitutes on-premises, this term appears to have little meaning, as any system will be on-premises (as it would be at least hosted in some location).  For the term “on-premises” to have any real meaning, the claim would have to provide detail with regard to the premises, such as what other entities are at the same premises.); 
analyzing the forwarded email message by the on-premises email security gateway based on an on-premises email security policy (Humpries: Paragraphs [0034] and [0018].  The e-mail is analyzed based on profiles and rules (security policy).); and
sending, by the on-premises email security gateway, the forwarded email message to a mail server in the computer network (Humpries: Figure 1.  The security system forwards the e-mail message to the internal email server.).
Humpries fails to disclose expressly, but Official Notice is taken that cloud-based system were well-known in the art (more specifically, cloud implementations of different computing systems that would otherwise be hosted at one or more specific locations were well-known in the art.).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to have the security system being a cloud-based system to achieve the well-known benefits of cloud computing, including improved scalability versus dedicated hardware and lower costs for an organization verses maintaining and installing their own hardware for implementing the system.
Further, Humpries fails to teach, but Choi teaches:
receiving an email message by an on-premises email security (OPES) system hosted in a demilitarized zone in the computer network (Choi: Figure 1A and Paragraph [0019].  Demilitarized zones, where a firewall is implemented on both sides of the zone, were known in the art, where such zones would act as a buffer between a private network and the Internet.); 
determining whether the received email message is sent from an authorized node in the cloud-based email security system (Choi: Figure 1A and Paragraph [0019].  A firewall blocks traffic that is not acceptable, where any allowed traffic is considered to be from an authorized node.); 
forwarding the received email message to an on-premises email security gateway located in the demilitarized zone based on whether the email message was sent from the authorized node in the cloud-based email security system (Choi: Figure 1A and Paragraph [0019].  The endpoints 120 of Figure 1A, refer to different types of computers, including e-mail servers, where when applied to Humpries, would have the demilitarized zone of Choi applied between the bounds of network 101 and the network fabric 104.); 
wherein the mail server receives as incoming email traffic only email messages received from the authorized node in the cloud-based email security system (Choi: Figure 1A and Paragraph [0019].  The only traffic allowed through the firewalls would be the authorized traffic.).
Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize a demilitarized zone, including firewalls as both sides configured to only forward authorized traffic, to provide another layer of security for the network traffic, allowing only initially authorized traffic through (such as based on port numbers and IP addresses), while still benefiting from the system of Humpries to evaluate the actual content of the traffic.

With regard to claim 2, Humpries fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to determine whether the received email message includes an authorized port number (More specifically, it was well-known in the art to utilize port numbers to determine whether to allow a message or to block a message, where Humpries utilizes SMTP (Humpries: Paragraph [0013]), which one of ordinary skill in the art would have recognized is typically associated with port 25).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize the port number included in a message for providing a typical security mechanism for firewalls, such as allowing certain ports associated with desired services (e.g. SMTP port 25), while denying ports that are not associated with desired services.

With regard to claim 3, Humpries fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the authorized port number is port 25 (More specifically, as above, it was well-known in the art to utilize port numbers to determine whether to allow a message or to block a message, where Humpries utilizes SMTP (Humpries: Paragraph [0013]), which one of ordinary skill in the art would have recognized is typically associated with port 25).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize the port number included in a message for providing a typical security mechanism for firewalls, such as allowing certain ports associated with desired services (e.g. SMTP port 25), while denying ports that are not associated with desired services.

With regard to claim 4, Humpries fails to teach expressly, but Official Notice is taken that it would have been well-known in the art at the time of filing to have determining the authorized node comprises: identifying an intermediary source IP address; and comparing the intermediary source IP address against a table of authorized IP addresses (More specifically, the utilization of source IP addresses for whitelisting was well-known in the art, where for e-mail, such an intermediary source IP address is considered to include the address of a mail server or could refer to any other proxy (the term “intermediary source IP address” is interpreted to refer to any source IP address between a sender of the message and the system, such as a mail server).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to utilize whitelisting to define valid source IP addresses for communications, including mail servers or proxies would allow trusted relationships to be formed with these intermediaries, allowing messages that may otherwise be blocked to be allowed based on this trusted relationships (in accordance with the intentions of the administrator/users).

With regard to claim 5, the instant claim includes subject matter similar to that of claim 2, and is thus rejected for similar reasons.

With regard to claim 6, Humpries in view of Choi teaches wherein the cloud-based email security policy includes policy parameters that differ from policy parameters in the on-premises email security policy (Humpries: Figure 1 and Choi: Figure 1A.  Lacking detail as to the specific nature of these policies, the combination of different policies from Humpries and Choi (e.g. Policies applied by the server agent or internal e-mail server of Humpries and policies applied by the firewalls of Choi) would provide different sets of policy parameters as claimed.).

With regard to claim 7, Humpries in view of Choi teaches wherein the on-premises email security policy comprises a policy parameter that causes the on-premises email security gateway to analyze the email message using spam detection, sender reputation, email filtering, content analysis, or advanced malware protection (Humpries: Figure 1.  At least malware protection is implemented.).

With regard to claim 8, Humpries fails to teach expressly, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the on-premises email security policy comprises a policy parameter that causes the on-premises email security gateway to analyze an outgoing email message using data leakage prevention (DLP), a whitelist of files, a blacklist of files, a whitelist of recipients, or a blacklist of recipients (More specifically, each of DLP, whitelists/blacklists of files, and whitelists/blacklists of recipients were well-known in the art).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to use DLP, whitelists/blacklists of files, or whitelists/blacklists of recipients to realize the well-known benefits associated with these well-known types of policies.  For instance, whitelists/blacklists of recipients allow specific recipients to be defined as trusted or untrusted, thus avoiding possible false negatives/positives (respectively) when a known recipient should never be blocked/authorized (e.g. if a company has a specific customer, whitelisting that customer would ensure that no correspondences from that customer is blocked when using a whitelist based on other policies).).

With regard to claim 9, Humpries fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the email message comprises a header that includes an IP address of a node located in the computer network (more specifically, the use of headers and IP addresses in the header was well-known in the art, where such an IP address could include a mail server, such as the internal mail server of Humpries (Humpries: Figure 1A).).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to have the email message comprise a header that includes an IP address of a node located in the computer network to ensure that the e-mail message and header conform to standard practice, thus providing proper routing information for the e-mail message and ensuring that any filtering is properly performed based on the e-mail header.

With regard to claim 10, Humpries fails to teach, but Official Notice is taken that it would have been well-known in the art at the time of filing to have the email message comprises a header that includes an IP address of a node located outside of the computer network and outside of the cloud- based email security system (more specifically, the use of headers and IP addresses in the header was well-known in the art, where such an IP address could include a mail server, such as an external mail server of Humpries (Humpries: Figure 1A).).  Accordingly, it would have been obvious to one of ordinary skill in the art at the time of filing to have the email message comprise a header that includes an IP address of a node outside of the computer network and outside of the cloud- based email security system to ensure that the e-mail message and header conform to standard practice, thus providing proper routing information for the e-mail message and ensuring that any filtering is properly performed based on the e-mail header.

With regard to claim 11, the instant claim is similar to claim 4, and is rejected for similar reasons (more specifically, claim 4 presents the identification of an intermediary source of the e-mail, which would be outside of the network according to claim 10).

With regard to claims 12-20, the instant claims are similar to claims 1-11, and are rejected for similar reasons.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCOTT B CHRISTENSEN whose telephone number is (571)270-1144.  The examiner can normally be reached on Monday through Friday, 6AM to 2PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571) 272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


SCOTT B. CHRISTENSEN
Examiner
Art Unit 2444



/SCOTT B CHRISTENSEN/Primary Examiner, Art Unit 2444