Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 1-8 are rejected under 35 U.S.C. 101 because the system comprises “a plurality of enforcement nodes” and “a central authority.” The specification includes a scenario wherein the nodes may be virtual (Paragraph [0043]). The term “central authority” does not explicitly include any hardware. Therefore Claim 1 may be considered software per se. The Examiner suggests explicitly hardware to overcome the 101 rejection (e.g. a memory and a processor).

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-3, 5-6, 9-11, 13-14, 17-19 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Nellen (US 2019/0141015)
 

Regarding Claim 1,

Nellen (US 2019/0141015) teaches a cloud-based system comprising: 
a plurality of enforcement nodes communicatively coupled to one another, to a user, and to the Internet and one or more cloud applications (Figure 1, Cloud-based multi-function firewall connected to one another, a user (user device), the internet (communications network) and one or more cloud applications (cloud services))
and a central authority communicatively coupled to the plurality of enforcement nodes, wherein the central authority is configured to obtain trusted network rules for a plurality of networks (Figure 1, API server which includes policy engine and configuration engine), 
wherein the trusted network rules include whether a network is untrusted or one of a plurality of trusted networks, obtain policy configurations for each of the trusted network rules and provide to each of the plurality of enforcement nodes (Paragraph [0010-0011] teaches obtaining policy configurations for insecure network and internal network (trusted network)), 
wherein the policy configurations define configurations for a cloud-based system to use with a user device based on a corresponding network where the user device is connected, and wherein each of the plurality of enforcement nodes is configured to communicate with the user device and determine which network of the plurality of network the user device is connected, and apply the configurations and operate therewith for the user device based on the network the user device is connected (Paragraph [0010-0011] teaches obtaining policy configurations for insecure network and internal network (trusted network) and determining whether a user device is in a trusted or untrusted network and applying configuration depending on where the user is connected),

Regarding Claim 2,

Nellen teaches the cloud-based system of claim 1, wherein the central authority is further configured to obtain forwarding policies for each of the plurality of networks, and wherein an enforcement node is further configured to provide the forwarding policies to a connector application executed on the user device (Paragraph [0098] teaches a security client (i.e. connector application) that enables the user device to access forwarded policies from the secure cloud).

Regarding Claim 3,

Nellen teaches the cloud-based system of claim 2, wherein the policy configurations for each of the trusted network rules define the configurations in the cloud-based system and the forwarding policies for each of the plurality of networks define how traffic is forwarded by the user device to the cloud-based system (Paragraph [0101] teaches how traffic is forwarded by the user device to the cloud)

Regarding Claim 5,

Nellen teaches the cloud-based system of claim 1, wherein the network is determined by the user device through detecting the network via any of a Domain Name Server (DNS) configuration, DNS search domains, and hostname and Internet Protocol (IP) address (Paragraph [0012] updating domain name service).



Regarding Claim 6,

Nellen teaches the cloud-based system of claim 1, wherein the configurations include content filtering through the cloud-based system (Paragraph [0129] teaches cloud based firewall filtering network traffic).

Regarding Claims 9-11, 13-14

Claims 9-11, 13-14 are similar in scope to Claims 1-3, 5-6 and are rejected for a similar rationale.

Regarding Claims 17-19,

Claims 17-19 are similar in scope to Claims 1-3 and are rejected for a similar rationale.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 4, 12, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nellen.


Regarding Claim 4,

Nellen teaches the cloud-based system of claim 2. While Nellen teaches different forwarding policies for trusted and untrusted network Nellen does not explicitly teach wherein a same forwarding policy is used for at least two of the plurality of networks.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Nellen to include the same forwarding policy for at least two networks and the results would be predictable (i.e. a forward policy would apply to two networks)

Regarding Claim 12, 20

Claim 12, 20 is similar in scope to Claim 4 and is rejected for a similar rationale.

Claims 7-8, 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Nellen in view of Sridhar (US 2018/0131685).


Regarding Claim 7,

Nellen teaches the cloud-based system of claim 1, but does not explicitly teach wherein the configurations include Data Loss Prevention (DLP) monitoring through the cloud-based system.
Sridhar (US 2018/0131685) teaches configurations include Data Loss Prevention (DLP) monitoring through the cloud-based system (Paragraph [0042] teaches Data loss prevention and monitoring in the cloud)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the system of Nellen with DLP monitoring and the results would be predictable (i.e. the policy would include Data Loss Protection)

Regarding Claim 8,

Nellen teaches the cloud-based system of claim 1, but does not explicitly teach wherein the configurations include Cloud Access Security Broker (CASB) monitoring through the cloud-based system.
Sridhar teaches a Cloud Access Security Broker (CASB) monitoring through the cloud-based system (Paragraph [0010])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Nellen with a CASB and the results would be predictable (i.e. a CASB would be used in the cloud security system of Nellen)

Regarding Claims 15-16

Claims 15-16 are similar in scope to Claims 7-8 and are rejected for a similar rationale.


Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439