Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The present application is being examined under the pre-AIA  first to invent
provisions.
This office action is in response to the amendment filed on 10/25/2021. Claims 1 and 23 have been amended. Claim 32 is new.
Claims 1 – 3, 5, 9 – 13, 15, 18, 19, 21, 23, 26, 31 and 32 are pending for consideration. 

Information Disclosure Statement
The information disclosure statements (IDS) dated 08/05/2021, 08/05/2021 and 08/05/2021 have been received and considered.

Response to Arguments
Applicant's Arguments/Remarks filed on10/25/2021 (hereafter Remarks) have been fully considered.
Applicant’s arguments with respect to claim(s) 1 and 23 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

On p. 3 of the Remarks Applicant stated that Mraz fails to disclose that the split data is combined according to the identifier and decrypted at the second network domain. 
Examiner respectfully disagrees. Simultaneous analysis of split data, i.e., combined according to identifier is met by the operations of Remote File Transfer Server 314 (RFTS) of Mraz handling data of different channels, i.e., authenticating and filtering, on destination platform (Mraz, in Para. [0019] discloses “The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.” Mraz, in Para. [0025] discloses “System 200 is configured to provide eight separate virtual card channels 211 to 218 accessible by file transfer software. Each channel 211 to 218 is preferably identified using an ATM VPI/VCI channel identifier” Mraz, in Para. [0022] discloses “The RFTS clients (at the client computers) (one for each of the 24 channels) each creates a source-authenticated, encrypted session each time a file 300 is sent to the associated RFTS server” Mraz, in Para. [0022] discloses “When the new file 300 is detected, data filters 311 are used to ensure that file 300 meets the criteria associated with the respective filter ( as discussed herein), and if so RFTS client 312 transmits file 300 via port 2502, to a destination machine in the second network domain via RFTS server 314.”), the rejection of data decryption limitation is relied upon Ford explicitly disclosing encryption/decryption data operations by file processing server (Ford, in Para. [404] discloses “Then upon a request by a second user client 5412 to download the content, file processing services 5410 may decrypt the content and transfer the file, such as protected through SSL encryption.”)
On p. 3 of the Remarks Applicant further stated that the system in Mraz, comprising data filters deployed at both send server and receive server which are connected via a one-way data link, is different from a communication network having a data controller, KSI, digital signature module, a policy information module, a policy enforcement module, etc.
Examiner respectfully disagrees. Applicant focused on only one feature of Mraz invention dealing with the by default ‘one-way’ a cross domain solution (CDS) data processing ignoring its general setting according security requirements which discloses the cited limitation, see e.g. (Mraz, in Para. [0003] discloses “A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains. A CDS may be one-way only (from a low to a high domain or from a high to a low domain) or may be two-way.” Mraz, in Para. [0024] discloses “Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.”)
Accordingly, the rejection under 103 is maintained.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 3, 5, 9, 10, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Mraz et al. (US 2014/0337410 A1) (hereafter Mraz), in view of Ford et al. (US 2017/0041296 A1) (hereafter Ford), in view of Trepetin et al. (US 10936744) (hereafter Trepetin), and in view of Korsunsky et al. (US 2011/0238855) (hereafter Korsunsky).

Regarding claim 1 Mraz teaches: A method for handling transfer of a data object between network domains (Mraz, in Para. [0003] discloses “A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains. A CDS may be one-way only (from a low to a high domain or from a high to a low domain) or may be two-way.”), the method being performed by a first data controller of a first network domain, the method comprising: obtaining a request for transmission of the data object to a second data controller of a second network domain (Examiner note: obtaining requests (i.e. call for operations) and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system in conjunction with the controlling system 200; the first (second) controller of the first (second) network domain is met by the first (second) server 205 (server 210) located in the first (second) network domain) (Mraz, in Para. [0003] discloses “A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains” Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.” Mraz, in Para. [0024] discloses “Each server platform 205, 210 is administered separately. Each server platform 205,210 is unambiguously associated with the network to which it is connected. Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.”); 
determining what kind of transfer of the data object is allowed (Examiner note: the limitation what kind of transfer is allowed is a policy decision and it is met by a proper system 200 setting comprising analysis of all data traffic features) (Mraz, in Para. [0031] discloses “system 200 configuration explicitly limits the available ports, protocols, and services to the minimal set required to allow system 200 to pass the defined traffic.”);
obtaining an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;] 
[determining that the data object in the first network domain is to be modified prior to transfer of the data object to the second network domain; performing the modification by splitting the data object into at least a first data object pant and a second object pant to be received by separate receivers in the second network domain]
[ wherein performing modification on the data object further comprises performing at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain; and 
enabling transfer of the data object to the second network domain according to the identifier.]
Mraz fails to explicitly teach: obtaining an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;
enabling transfer of the data object to the second network domain according to the identifier
Ford from the analogous technical field teaches: obtaining an identifier identifying allowable transfer of the data object between the first network domain and the second network domain (Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange)”;
enabling transfer of the data object to the second network domain according to the identifier (Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature in order to higher security of the data transfer in the system (Ford, [0081, 0152]).
Mraz as modified fails to explicitly teach: wherein performing modification on the data object further comprises performing at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain
Trepetin from the analogous technical field teaches: wherein performing modification on the data object further comprises performing at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain (Trepetin, in col.1, ll.29-32 discloses “the invention provides a method and system of anonymizing a database such that it may be queried efficiently while still retaining the ability to not decrypt requested data.” Trepetin, in col.40, ll.33-36 discloses “This family provides cloud and data centers computing with a new way of database operations, data hosting, transmission and computational analysis using ciphered data.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, in view of the teaching of Trepetin which discloses anonymizing data/database and controlling data transfer/transmission in order to higher security of the data management in the system (Trepetin, col.1, ll.29-32, col.40, ll.33-36).
Mraz as modified further fails to explicitly teach: determining that the data object in the first network domain is to be modified prior to transfer of the data object to the second network domain; performing the modification by splitting the data object into at least a first data object pant and a second object pant to be received by separate receivers in the second network domain
Korsunsky from the analogous technical field teaches: determining that the data object in the first network domain is to be modified prior to transfer of the data object to the second network domain; performing the modification by splitting the data object into at least a first data object pant and a second object pant to be received by separate receivers in the second network domain (Examiner note: split the data objects into two parts followed by the separate processing is met by splitting normalized data 428 encompassing the data flow 444 into two parts/copies processed separately by units 314 and 702; determination if split data object modifications are required is met by the operation of the firewall application 514) (Korsunsky, in Para. [0197] discloses “The normalized data 428 may encompass a representation of the data flow 444.” Korsunsky, in Para. [0476] discloses “the path of the data flow 444 may include a split where one copy of the data flow proceeds to the machine learning logic 314 and another copy proceeds to the data flow router 702.” Korsunsky, in Para. [0562] discloses “The firewall application 514 may allow, deny, or modify the data flow 444, as appropriate and as is described in greater detail hereinafter.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford and Trepetin, in view of the teaching of Korsunsky which discloses split of the data objects into two parts followed by the separate processing in order to achieve higher security of data processing in the network (Korsunsky, [0197, 0476, 0562]).


Regarding claim 2 Mraz teaches: The method according to claim 1, wherein obtaining said request comprises: obtaining a request from the second data controller for transmission of the data object to the second network domain (Examiner note: as noted above, obtaining requests (i.e. call for operations) and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system in conjunction with the controlling system 200; request for a transfer from the second data controller is met by a call for a relevant filter application from the second server 210) (Mraz, in Para. [0056] discloses “Instances of FIOE may be located in both the first server 205 and the Second server 210, though they are configured to call different filter applications” Mraz, in Para. [0025] discloses “system 200 preferably provides for twenty-four separate file transfer data streams from first server 205 to second server 210.” Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)” Mraz, in Para. [0024] discloses “Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.” Mraz, in Para. [0021] discloses “system 200 presents 24 network interfaces 220 at the data inlet designed to carry primary data flow across the CDS accreditation boundary.” Mraz, in Para. [0020] discloses “system 200 may comprise the following major components:…(5) multiple instances of File Integrity Orchestration Engine (FIOE) software, which orchestrates invocation of data filter software applications” Mraz, in Para. [0059] discloses “FIOE calls the first of a series of data filters (step 602).”);

Regarding claim 3 Mraz teaches: The method according to claim 1, wherein obtaining said request comprises: obtaining a request from a local send function of the first data controller for transmission of the data object to the second network domain (Examiner note: data filters comprise all domain information including the local functions) (Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.” Mraz, in Para. [0017] discloses “This gives the customer complete control over which data filters are applied to any given data transfer…Since customer-supplied custom data filters may include confidential information, such filters are preferably positioned only within the higher security domain.”).

Regarding claim 5 Mraz teaches: The method according to claim 1, wherein said allowable transfer comprises at least one of: preventing transfer of the data object to the second network domain, allowing transfer of the data object to the second network domain, preventing modification of the data object in the second network domain transfer, allowing modification of the data object in the second network domain, and requiring modification of the data object in the first network domain prior to transfer of the data object to the second network domain (Examiner note: allowing or preventing data transfer are met by operations of the data filters) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters that permit forward data transfer based on the following criteria: (1) the file is not executable; (2) the file contains only 7-bit printable ASCII content; (3) the file is free of recognizable viruses and other malware; and ( 4) the file contains no "dirty words." To discern whether particular content is allowable (e.g., only non-executable 7-bit ASCII files are permitted), the system must be able to accurately identify the file/data types and deny all unless expressly permitted.”).

Regarding claim 9 Mraz teaches: The method according to claim 1, wherein said enabling handling comprises: (Examiner note: as noted above, allowing or preventing data transfer are met by operations of the data filters) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters that permit forward data transfer based on the following criteria: (1) the file is not executable; (2) the file contains only 7-bit printable ASCII content; (3) the file is free of recognizable viruses and other malware; and ( 4) the file contains no "dirty words." To discern whether particular content is allowable (e.g., only non-executable 7-bit ASCII files are permitted), the system must be able to accurately identify the file/data types and deny all unless expressly permitted.”), transferring the data object to the second network domain; or preventing transfer of the data object to the second network domain (Examiner note: as noted above, the data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system allowing or preventing data transfer) (Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.”).

Regarding claim 10 Mraz teaches: The method according to claim 1, further comprising: obtaining notification from the second data controller that transfer of the data object for which transfer of the data object to the second network domain is prevented has occurred; and issuing a message in response to having obtained the notification (Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0017] discloses “System 200 permits a customer to load custom data filters into special placeholders as needed. This gives the customer complete control over which data filters are applied to any given data transfer. This process has a failsafe built into the placeholder filter. If data attempts to pass through a placeholder filter that does not have a legitimate custom data filter installed, an error message is generated”).

Regarding claim 23 Mraz teaches: A data controller of a first network domain for handling transfer of a data object between network domains, the data controller comprising (Examiner note: functions of the data controller are met by the designed operations of the controlling system 200) (Mraz, in Para. [0017] discloses “System 200 permits a customer to load custom data filters into special placeholders as needed. This gives the customer complete control over which data filters are applied to any given data transfer.” Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.”): processing circuitry; and a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain a request for transmission of the data object to another data controller of a second network domain (Examiner note: as noted above, obtaining requests and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system in conjunction with the controlling system 200) (Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)” Mraz, in Para. [0024] discloses “Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.” Mraz, in Para. [0021] discloses “system 200 presents 24 network interfaces 220 at the data inlet designed to carry primary data flow across the CDS accreditation boundary.” Mraz, in Para. [0020] discloses “system 200 may comprise the following major components:…(5) multiple instances of File Integrity Orchestration Engine (FIOE) software, which orchestrates invocation of data filter software applications” Mraz, in Para. [0059] discloses “FIOE calls the first of a series of data filters (step 602).”);
determine what kind of transfer of the data object is allowed (Examiner note: the limitation what kind of transfer is allowed is a policy decision and it is met by a proper system 200 setting comprising analysis of all data traffic features) (Mraz, in Para. [0031] discloses “system 200 configuration explicitly limits the available ports, protocols, and services to the minimal set required to allow system 200 to pass the defined traffic.”);
[obtain an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;]
, (Examiner note: data could be modified/changed by the data filters comprised by system 200 which performs identification; in addition, modification of the data for transfer is met by splitting data into eight channels having three data streams each, which allows a multiple applications on split data parts including any predefined combinations using the programmable send and receive cards) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters” Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0025] discloses “Each channel 211 to 218 may preferably carry three data streams, for a total of 24 data streams in the presently preferred embodiment. This feature allows multiple applications to share the send card or receive card hardware as if each application were interacting with a separate card.”);
 [wherein the data controller is further caused to perform at least one of anonymizing, Page 6 pseudonymizing of the data object, prior to the transfer of the data object to the second network domain; and 
enable transfer of the data object to the second network domain according to the identifier.]
Mraz fails to explicitly teach: obtain an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;
enable transfer of the data object to the second network domain according to the identifier.
Ford from the analogous technical field teaches: obtain an identifier identifying allowable transfer of the data object between the first network domain and the second network domain (Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange)”;
enable transfer of the data object to the second network domain according to the identifier (Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature in order to higher security of the data transfer in the system (Ford, [0081, 0152]).
Mraz as modified fails to explicitly teach: wherein the data controller is further caused to perform at least one of anonymizing, Page 6 pseudonymizing of the data object, prior to the transfer of the data object to the second network domain
Trepetin from the analogous technical field teaches: wherein the data controller is further caused to perform at least one of anonymizing, Page 6 pseudonymizing of the data object, prior to the transfer of the data object to the second network domain (Trepetin, in col.1, ll.29-32 discloses “the invention provides a method and system of anonymizing a database such that it may be queried efficiently while still retaining the ability to not decrypt requested data.” Trepetin, in col.40, ll.33-36 discloses “This family provides cloud and data centers computing with a new way of database operations, data hosting, transmission and computational analysis using ciphered data.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, in view of the teaching of Trepetin which discloses anonymizing data/database and controlling data transfer/transmission in order to higher security of the data management in the system (Trepetin, col.1, ll.29-32, col.40, ll.33-36).

Claims 31, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Mraz, Ford, Trepetin, and Korsunsky as applied to claim 1 above and further in view of  of Saros et al. (US 2012/0044059).

Regarding claim 31 Mraz as modified fails to explicitly teach: The method according to claim 1, further comprising: associating the data object with a location tag, the location tag identifying the first network domain; and providing, based on the identifier, a cryptographic domain signature that binds the location tag to the data object.
Saros from the analogous technical field teaches:   The method according to claim 1, further comprising: associating the data object with a location tag, the location tag identifying the first network domain; (Saros in Para. [0011] discloses “The plurality of parameters may be associated with at least two of the following: a physical location of the tag being read, a deployment status of the tag, a time of day of the tag reading, a date of the tag reading”) and providing, based on the identifier, a cryptographic domain signature that binds the location tag to the data object (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, Korsunsky, and Trepetin, in view of the teaching of Saros which discloses association of location tags with the identification domain which is included in cryptographic signature in order to higher security of the data management in the system (Saros, [0011, 0041]).

Regarding claim 32 Mraz as modified fails to explicitly teach: The method according to claim 1, further comprising: providing a cryptographic integrity signature to the data object.
Saros from the analogous technical field teaches: The method according to claim 1, further comprising: providing a cryptographic integrity signature to the data object (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, Korsunsky, and Trepetin, in view of the teaching of Saros which discloses association of location tags with the identification domain which is included in cryptographic signature in order to higher security of the data management in the system (Saros, [0041]).

Claims 11 – 13, 15, 18, 19, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Mraz in view of Ford and in view of Saros.
 
Regarding claim 11 Mraz teaches: A method for handling transfer of a data object between network domains, the method being performed by a second data controller, of a second network domain, the method comprising: obtaining the data object from a first data controller of a first network domain, (Examiner note: as noted above, obtaining requests and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system) (Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)”),
[wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtaining an identifier identifying allowable handling of the data object in the second network domain; andPage 4 verifying the cryptographic integrity signature;] 
wherein handling the data object comprises modifying the data object according to the identifier by combining at least a first data object part of the data object with a second object part of the data object into the data object and decrypting the data object (Examiner note: as noted above, data could be modified/changed by the data filters comprised by system 200 which performs identification; in addition, modification of the data for transfer is met by splitting data into eight channels having three data streams each, which allows a multiple applications on split data parts including any predefined combinations using the programmable send and receive cards) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters” Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0025] discloses “Each channel 211 to 218 may preferably carry three data streams, for a total of 24 data streams in the presently preferred embodiment. This feature allows multiple applications to share the send card or receive card hardware as if each application were interacting with a separate card.”).
Mraz fails to explicitly teach: wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtaining an identifier identifying allowable handling of the data object in the second network domain; andPage 4 verifying the cryptographic integrity signature;
Ford from the analogous technical field teaches: wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtaining an identifier identifying allowable handling of the data object in the second network domain; [andPage 4 verifying the cryptographic integrity signature;] (Ford, in Para, [0139] discloses “the electronic signature facility 208 may provide a unique signature code ID for a signature page, such that the signature code ID is unique in the system, thus providing a unique identifier for the signature page.” Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange)” Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature in order to higher security of the data transfer in the system (Ford, 0081, 0139, 0152).
Mraz as modified fails to explicitly teach: andPage 4 verifying the cryptographic integrity signature
Saros from the analogous technical field teaches: andPage 4 verifying the cryptographic integrity signature (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford in view of the teaching of Saros which discloses verification of a cryptographic signature in order to higher security of the data management in the system (Saros, [0041]).

Regarding claim 12 Mraz teaches: The method according to claim 11, further comprising: providing a request to the first data controller for transmission of the data object to the second network domain (Examiner note: as noted above, obtaining requests and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system) (Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)” Mraz, in Para. [0024] discloses “Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.”).

Regarding claim 13 Mraz teaches: The method according to claim 11, wherein said allowable handling comprises at least one of: preventing transfer of the data object to the second network domain, allowing transfer of the data object to the second network domain, preventing modification of the data object in the second network domain transfer, and allowing modification of the data object in the second network domain (Examiner note: as noted above, allowing or preventing data transfer are met by operations of the data filters; data could be modified/changed by the data filters) (Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0055] discloses “Data filters may be deployed before or after transfer through the one-way data link (on the left- or right-side network).”).

Regarding claim 15 Mraz teaches: The method according to claim 11, further comprising: handling the data object in the second network domain according to the identifier (Examiner note: handling the data according to identifier is met by an appropriate configuration of the system 200) (Mraz, in Para. [0028] discloses “the system must be able to accurately identify the file/data types and deny all unless expressly permitted. System 200 verifies non-executability using the UNIX file command and ASCII format using the owllsAscii filter function.”).

Regarding claim 18 Mraz teaches: The method according to claim 15, wherein handling the data object comprises: discarding the data object when, according to said allowable handling, transfer of the data object to the second network domain is prevented (Examiner note: as noted above, the data transfers control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system allowing or preventing data transfer; data files could be deleted by the Problem Process module) (Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.” Mraz, in Para. [0057] discloses “If the problem file continues to land in the problem directory 505 over a prolonged period of time (measured in minutes), the Problem Process module 504 deletes the file and logs the event.”).

Regarding claim 19 Mraz teaches: The method according to claim 18, further comprising: notifying the first data controller that transfer of the data object for which transfer of the data object to the second network domain is prevented has occurred (Mraz, in Para. [0017] discloses “System 200 permits a customer to load custom data filters into special placeholders as needed. This gives the customer complete control over which data filters are applied to any given data transfer. This process has a failsafe built into the placeholder filter. If data attempts to pass through a placeholder filter that does not have a legitimate custom data filter installed, an error message is generated”).

Regarding claim 26 Mraz teaches: A data controller of a second network domain for handling transfer of a data object between network domains, the data controller comprising: (Examiner note: as noted above, functions of the data controller are met by the designed operations of the controlling system 200) (Mraz, in Para. [0017] discloses “System 200 permits a customer to load custom data filters into special placeholders as needed. This gives the customer complete control over which data filters are applied to any given data transfer.” Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.”);
[processing circuitry; andPage 6 a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain the data object from a first data controller of a first network domain, wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtain an identifier identifying allowable handling of the data object in the second network domain; and verifying the cryptographic integrity signature,] 
wherein in handling the data object, the processing circuitry further causes the data controller to modify the data object according to the identifier by combining at least a first data object part of the data object with a second object part of the data object into the data object and decrypt the data object (Examiner note: as noted above, data could be modified/changed by the data filters comprised by system 200 which performs identification; in addition, modification of the data for transfer is met by splitting data into eight channels having three data streams each, which allows a multiple applications on split data parts including any predefined combinations using the programmable send and receive cards) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters” Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0025] discloses “Each channel 211 to 218 may preferably carry three data streams, for a total of 24 data streams in the presently preferred embodiment. This feature allows multiple applications to share the send card or receive card hardware as if each application were interacting with a separate card.”).
Mraz fails to explicitly teach: processing circuitry; andPage 6 a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain the data object from a first data controller of a first network domain, wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtain an identifier identifying allowable handling of the data object in the second network domain; and verifying the cryptographic integrity signature,
  Ford from the analogous technical field teaches: processing circuitry; andPage 6 a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain the data object from a first data controller of a first network domain, wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtain an identifier identifying allowable handling of the data object in the second network domain; 
[and verifying the cryptographic integrity signature] 
(Ford, in Para, [0139] discloses “the electronic signature facility 208 may provide a unique signature code ID for a signature page, such that the signature code ID is unique in the system, thus providing a unique identifier for the signature page.” Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange)” Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature in order to higher security of the data transfer in the system (Ford, 0081, 0139, 0152).
Mraz as modified fails to explicitly teach: andPage 4 verifying the cryptographic integrity signature
Saros from the analogous technical field teaches: andPage 4 verifying the cryptographic integrity signature (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford in view of the teaching of Saros which discloses verification of a cryptographic signature in order to higher security of the data management in the system (Saros, [0041]).

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Mraz, Saros, and Ford as applied to claim 11 above, and further in view of Hakala et al. (US 2017/0004168 A1) (hereafter Hakala).

Regarding claim 21 Mraz as modified fails to explicitly teach: The method according to claim 11, wherein the cryptographic integrity signature is based on a keyless signature infrastructure, KSI.
Hakala from the analogous technical field teaches: The method according to claim 11, wherein the cryptographic integrity signature is based on a keyless signature infrastructure, KSI (Hakala, in Para. [0003] discloses “Keyless Signature Infrastructure (KSI) is a more recent hash-tree based data signing technology providing data integrity, time stamping and signer identification services. The KSI based signature technology provides an alternative solution to PKI in data integrity protection with reliable integrity proof without assuming continued secrecy of the keys.” Hakala, in Para. [0064] discloses “The KSI gateway 13 may also verify the integrity of the reference by taking a hash of the received reference and comparing it to the stored hash of the reference”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford and by Saros, in view of the teaching of Hakala which discloses a signature technology based on the Keyless Signature Infrastructure (KSI) method in order to provide more flexibility into the cryptographic signature process in the network (Hakala, [0003, 0064]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/V.I.G./Examiner, Art Unit 2431   
/MICHAEL R VAUGHAN/Primary Examiner, Art Unit 2431