DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This communication is responsive to the amendment filed 04/27/2021.  

Claims 1-24 are pending in this application. Independent claims 1, 9, and 17 have been amended.


Claim Rejections - 35 USC § 103
2. 	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention 


Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Ouye et al. (US 20030120601) in view of  Yablokov et al. (US 20140181896) and further in view of Du et al. (US 20180091513)
 
It is noted that any citations to specific, pages, columns, paragraphs, lines, or figures in the prior art references and any interpretation of the reference should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. See MPEP 2123.

As to claim 1:
Ouye teaches a method for performing a task on a computing device based on access rights (to grant or deny access rights to a user attempting to access a protected system or secured electronic data, an access right evaluation process is carried out among all applicable policies including those embedded in the secured electronic data…The access right evaluation may be advantageously used in systems or applications in which devices, mediums or electronic data are secured and can be restrictively accessed by those who are authenticated and have proper access privilege; Abstract), the method comprising: 

gathering data characterizing a task by intercepting function calls used to perform the task, and sending a request to an operating system of the computing device to temporarily interrupt the called functions until access rights are determined (to facilitate the description of the rule evaluation process, referring now to FIG. 3, there is shown a flowchart of process 300 of accessing a secured document according to one embodiment of the present invention and may be understood in conjunction with FIG. 2. At 302, an application is launched with a document being specified, for example, WINWORD.EXE is activated to open a file named xyz.doc. As explained above, a handler from the OS identifies the application and enters the OS wherein the IFS manger is called upon at 304. The IFS manger activates a client module at 306 and at the same time, the IFS manger passes the handler to receive at 308 the selected document from a store. As the selected document passes through the client module, the selected document is "intercepted" and determined whether it is secured or non-secured at 310. If the client module determines that the selected document is not secured, the process 300 goes to 320, namely, the selected document is allowed to pass through the client module and be loaded into the application from the IFS manger… Now if it is determined at 310 that the selected document is secured, the process 300 goes to 312 wherein the header or security information therein is decrypted with an authenticated user key associated with the user attempting to access the selected document (it is assumed that the user has already been authenticated). At 314, the access rules in the decrypted security information are retrieved. At 316, an access measurement or evaluation is triggered to determine if the user has the access right to access the selected document given the access rules from the document. If the evaluation fails, which means that the user is not permitted to access this particular document… If the evaluation passes successfully, which means that the user is permitted to access this particular document; paragraphs 0108-0109); 

(paragraphs 0012 and 0026: a protected system employs one or more levels of access policy. When a user attempts to access the system, the access policy is dynamically evaluated against the user's access privilege; paragraph 0032: To provide pervasive security to protected systems or secured files, it is desirable to employ at least one level of access rules that measure against a user's access privilege. Together with one or more levels of system rules, preferably imposed implicitly, protected systems or secured files can be secured at all times); 

generating a test based on the threat level and test generating rules and presenting the test to the user (Abstract: the access right evaluation process is configured preferably to operate transparently to the user. The access right evaluation may be advantageously used in systems or applications in which devices, mediums or electronic data are secured and can be restrictively accessed by those who are authenticated and have proper access privilege; paragraph 0026: a user may seek an access right to enter a protected system (e.g., a device, a database, a directory) or to request an act on a secured item (e.g., to print a file or delete a folder). In one aspect of the present invention, a protected system employs one or more levels of access policy. When a user attempts to access the system, the access policy is dynamically evaluated against the user's access privilege; paragraph 0084: It should be noted that FIGS. 1B, 1C, 1D and 1E are only exemplary structures of a secured document employing access rules. One of the features in the present invention is an evaluation mechanism (i.e. an access test) that dynamically evaluates system rules and the access rules in a secured item against the access privilege (i.e. rights) associated with a user requesting the secured item); 

analyzing results of the test and determining access rights of the task based on the results (paragraph 0014: The evaluation results are subsequently and logically combined in a computing device to determine if a user is ultimately permitted to access a protected system or a secured file; paragraph 0037: to access the document… pass an access test in which the access rules in the security information are measured against the user's access privilege (i.e. access rights)); and 

performing the task based on the access rights (paragraph 0013: if each of the items in the system rules as well as the access rules is respectively evaluated and all produce a logic pass, an access right to the secured file is granted; paragraph 0014: the user is associated with the computing device from which the user can access the protected system or the secured file, if granted the access; paragraph 0109: If the evaluation fails, which means that the user is not permitted to access this particular document… If the evaluation passes successfully, which means that the user is permitted to access this particular document). 
Ouye, however, does not explicitly teach the following additional limitations:
Yablokov teaches the function calls are used at least for blocking and unblocking of processes performing the tasks (Abstract: When a handler function receives an API function call from a modified application, it may determine if the received API function call complies with the access rules. When the API function call complies with the access rules, the handler function performs the API function call from the application to the protected resources. When the API function call violates the access rules, the handler function block that API function call; paragraph 0060: the container may also include appropriate library of handler functions that check application calls for compliance with associated security policies and block or allow application calls to critical network resources).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Ouye with Yablokov because it would have provided the enhanced capability for protecting computer resources from unauthorized access.

The combination of Ouye and Yablokov does not teach, Du teaches the use of task templates (the analysis includes comparing sensor data (or processed versions thereof) to each of one or more templates and/or patterns stored in the pattern store 1135. In some embodiments, the templates or patterns stored in the pattern store 1135 correspond to criteria for evaluating whether the user operating the user device (e.g., user A 405 operating mobile device A 410) is an authorized user or an unauthorized user; paragraph 0181).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine Du with Ouye as modified by Yablokov  
As to claim 2:
Ouye teaches the task is for at least one of: control of a process for processing data including personal or confidential data of the user; control of a process being performed either on the computing device or on another computing device communicatively coupled to the computing device; control of an application; and changing or configuring working parameters of an operating system of the computing device (paragraphs 0014 and  0109).
As to claim 3:
Ouye teaches the task is at least one of a task involving: a creation, a modification, or a deletion of personal or confidential data of the user on the computing device; a sending of data through a computer network; a creation or modification of files; a control of the computing device; and a control of software running on the computing device (paragraphs 0026,0033, and  0091). As to claim 4:
Ouye teaches the task for the control of the computing device includes at least a task for: working with objects of a file system of the computing device; working with rights of objects of an operating system of the computing device; working with graphic interface elements of an application on the computing device; and controlling an operating mode of equipment of the computing device (paragraphs 0026,0033, and  0091). As to claim 5:
Ouye teaches the data characterizing the task includes at least: parameters and attributes uniquely identifying the task from among a plurality of tasks; and parameters and attributes of the computing device that are necessary for performing the task (paragraphs 0026,0033, and  0091).  As to claim 6:
Ouye teaches the threat level is provided as a numerical value characterizing a probability of performing the task causing harm to information security of the computing device, the probability being based on the gathered data and a similarity of the task to another task for which a threat level has been previously determined (paragraphs 0026,0033, and  0091). As to claim 7:
Ouye teaches the performing of the task comprises includes: performing the task on a virtual machine, determining whether the user successfully passes the test; and adopting changes made on the virtual machine to the computing device when the user successfully passes the test (paragraphs 0086-0087 and 0109). As to claim 8:
Ouye teaches the threat level of a current task is determined as a function of threat levels of one or more previous tasks (paragraphs 0032 and 0083). As to claims 9-16:
Note the rejection of claims 1-8 above, respectively. Claims 9-16 are the same as claims 1-8, except claims 9-16 are system claims and claims 1-8 are method claims.

As to claims 17-24:
Note the rejection of claims 1-8 above, respectively. Claims 17-24 are the same as claims 1-8, except claims 17-24 are computer readable medium claims and claims 1-8 are method claims.


Response to Arguments 

3.	Applicant's arguments filed 04/27/2021 have been fully considered but are deemed to be moot in view of the new ground(s) of rejection necessitated by Applicant's amendments.  

Applicant argues that “the template of Du is not the same as or equivalent to the task template of the claims”. 

In response, under a broadest reasonable interpretation, Du meets the limitations as claimed. Du teaches task templates (the analysis includes comparing sensor data (or processed versions thereof) to each of one or more templates and/or patterns stored in the pattern store 1135. In some embodiments, the templates or patterns stored in the pattern store 1135 correspond to criteria for evaluating whether the user operating the user device (e.g., user A 405 operating mobile device A 410) is an authorized user or an unauthorized user; paragraph 0181).

The scope of the claimed “task templates” clearly transcends the more narrow scope that Applicant attempts to impute through argument. Claimed subject matter, not the specification is the measure of the invention. Limitations in the specification cannot be read into the claims for the purpose of avoiding the prior art, In re Self, 213 USPQ 1 (CCPA 1982), In re Priest, 199 USPQ 11 (1978). The recited “task templates” is clearly subject to a broad interpretation as detailed in the rejections maintained above. The Examiner has a duty and responsibility to the public and to Applicant to interpret the claims as broadly as reasonably possible during prosecution. In re Prater, 415 F.2d 1 393, 1404-05, 162 USPQ 541, 550-51 (CCPA 1969).

Conclusion

4.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 


Contact Information

5.	Any inquiry or a general nature or relating to the status of this application should 
              be directed to the TC 2100 Group receptionist: (571) 272-2100.

	Any inquiry concerning this communication or earlier communications from the 
	examiner should be directed to VAN H. NGUYEN whose telephone number is (571) 272-3765. The examiner can normally be reached on Monday- Friday from 9:00AM- 5:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LEWIS BULLOCK can be reached at (571) 272-3759. 

The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	



/VAN H NGUYEN/
Primary Examiner, Art Unit 2199