DETAILED ACTION
This communication is in respond to applicant’s amendments filed on December 16, 2021. Claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed on 12/16/2021 have been fully considered but they are not persuasive for the following reasons:
Applicant’s Argument:
With respect to claims 1, 6-11 and 16-20 rejected under 35 U.S.C. § 103, Applicant argues that “Barton's disclosure is with respect to an "application." Barton discloses ways for an application to manage and secure its usage. Barton does not disclose the claimed invention herein with respect to "communication information" associated with a "profile" on a "secure endpoint object." The profile is based on a user or an entity. The profile is not an application.
” (Applicant’s response filed on 12/16/2021, page 9).
Examiner’s Response:
The examiner respectfully disagrees. At the onset, in response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., profile is based on a user or an entity, and “conversation level” in argument below) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Nevertheless, Barton’s clearly disclosed “profile” associated with secure communication in at least the following context: in paragraph 0068, Barton disclosed a cloud being configured as private cloud used by particular customers or client computers, which indicates that the particular customers or client computers are being identified (i.e. whitelisted) based on their identification information, such identification information correspond to the claimed profile (i.e., information about the customers or client computers). 

Applicant’s Argument:
“The application in Barton is controlled at the application level. While it allows a peer to peer distribution, Barton does not allow communication information to be embedded within a secure object that is controlled at the conversation level. Barton does not teach the claimed control at conversation level that is not centrally controlled but controlled by the profile that originates the communication information. Even when the communication information from the profile at the source secure endpoint object is disseminated (in transit) to other devices or rests (arrives) at destination, the source retains control over that communication information.
Vogel also does not disclose the claimed invention. Vogel's disclosure is limited securing the information from one peer to another peer. There is no disclosure that allows the communication information to be secure at source, in transit and destination. Such a disclosure is simply not taught in Barton, or in Barton in view of Vogel. The current amendment clarifies this distinct aspect. The 103 rejection is overcome.” (Applicant’s response filed on 12/16/2021, pages 9-10).
Examiner’s Response:
Applicant’s argument appears to suggest that a conversation level is different from communications between entities in an application. However, during patent examination, the 
In addition, Vogal also clearly disclose establishing a secure and encrypted private network with a whitelist of two or more profiles using alias and digital keys and associating each profile with equal access and control irrespective of its associated computing device capability (Vogel, Fig. 2, private network established where peer communication implemented using public/private keys of user; also par 0014-0015, the users sharing public key/private key pairs correspond to a whitelisted peers), and embedding communication information in transit in a secure conversation object wherein each conservation object has one or more message objects with one or more attributes comprising of source address, destination address, time sent, or time received (Vogel, par 0015, “...the first user and second use may send encrypted messages to each other....encrypted message is an objected consisting of a user’s IP address and a text string”, a user’s IP address corresponds to a source or destination address).
Therefore, the examiner maintains that Barton in view of Vogal teach each and every limitation as currently recited.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites the limitation "the profile’s communication information" in line 7.  There is insufficient antecedent basis for this limitation in the claim. For the following rejection, this limitation is interpreted as any communication information associated with the profile.
Claim 1 recites the limitation "the profile’s communication information" in line 8.  There is insufficient antecedent basis for this limitation in the claim. For the following rejection, this limitation is interpreted as any communication information associated with the profile.
Claim 9 recites the limitation “...for all the communication information between a first profile and a second profile” in line 2, it is not clear what “all the communication information” is referring to. For the following rejection, this limitation is read as any communication information between a first profile and a second profile.
Claim 19 recites the limitation “...for all the communication information between a first profile and a second profile” in line 3, it is not clear what “all the communication information” is referring to. For the following rejection, this limitation is read as any communication information between a first profile and a second profile.
The dependent claims included in the statement of rejection but not specifically addressed in the body of the rejection have inherited the deficiencies of their parent claim and have not resolved the deficiencies. Therefore, they are rejected based on the same rationale as applied to their parent claims above.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 6-11 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over US PG-PUB No. 2014/0040638 A1 to Barton et al. (hereinafter Barton) in view of US PG-PUB No. 2012/0109830 A1 to Vogel (hereinafter Vogel).
As per claim 1, Barton disclosed a method of enforcing communications semantics on a private network (Barton, par 0058, a method for controlling remote access to resources at an enterprise computing system (i.e. private network)), comprising: 
establishing a secure and encrypted private network with a whitelist of two or more profiles using alias and digital keys (Barton, par 0068, “...a cloud may be configured as a private cloud to be used by one or more particular customers or client computers 211-214 and/or over a private network”, and par 0098, “An encryption key generation feature may be used such that the key used to encrypt data on the device is generated using a passphrase or biometric data supplied by the user (if offline access is required). It may be XORed with another key randomly generated and stored on the server side if offline access is not required. Key derivation functions may operate such that keys generated from the user password use KDFs (key derivation functions, notably PBKDF2) rather than creating a cryptographic hash of it”); 
associating each profile with equal access and control irrespective of its associated computing device capability (Barton, par 0509, “the orchestration framework may also interconnect computing devices to operate as a coordinated whole via a peer-to-peer communication session”); 
embedding the profile’s communication information at source or destination in secure endpoint object (Barton, par 0399, “The client device 2505 may comprise any of an end point device, client computers 107, 109, 211-214, mobile device 302, mobile device 402, or any other device. For example, the mobile device may comprise any of a smartphone, a tablet, and the like. One or more applications may be running on the client device 2505. An application may desire to access a protected resource, such as an enterprise resource, and a module included in the application (or other applications) may facilitate access to those protected resources.”, the facilitating access of protected resource corresponds to embedding communication information of the client device in secure endpoint object (to enable secure access)); 
enforcing one or more of distribution parameters or life cycle parameters for the communication information (Barton, par 0307, “policies may be usable to define how long messages are retained and when messages are deleted (e.g., based on time, size, sender, recipient, etc.)”);
Barton does not explicitly disclose “embedding the communication information when in transit in a secure conversation object wherein each conservation object has one or more message objects with one or more attributes comprising of source address, destination address, time sent, or time received”, however, in an analogous art in secure network communications, Vogel disclosed a decentralized social network system which establishing a secure and encrypted private network with a whitelist of two or more profiles using alias and digital keys and associating each profile with equal access and control irrespective of its associated computing device capability (Vogel, Fig. 2, private network established where peer communication implemented using public/private keys of user; also par 0014-0015, the users sharing public key/private key pairs correspond to a whitelisted peers), and embedding communication information when in transit in a secure conversation object wherein each conservation object has one or more message objects with one or more attributes comprising of source address, destination address, time sent, or time received (Vogel, par 0015, “...the first user and second use may send encrypted messages to each other....encrypted message is an objected consisting of a user’s IP address and a text string”, a user’s IP address corresponds to a source or destination address); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to combine the system of Barton with the system of Vogel, modify the system of Barton to incorporate the message objects implementation in social network peer to peer communication as disclosed by Vogel, such implementation would provide increased modularity and allow efficient management of software complexity. 

As per claim 6, Barton-Vogel disclosed the method of claim 1, further comprising: preventing screen capture when the communication information is within a secure endpoint object (Barton, par 0097, “Screenshot protection is another feature, where an application may prevent any data from being stored in screenshots. For example, the key window's hidden property may be set to YES. This may cause whatever content is currently displayed on the screen to be hidden, resulting in a blank screenshot where any content would normally reside”); or preventing deletion or copying of the communication information inside of the private network that conflicts with one or more distribution or lifecycle parameters (Barton, par 0182, “In some examples, applications in the set 820 of managed applications on the mobile device 110 can be assigned to different groups. In such cases, policies (e.g., 822a, 824a, and 826a) are updated to include records of groups and group members. The flow of files and/or data between applications can thus be further restricted to members of particular groups. Providing different groups of mobile applications within the managed set 820 can help to segregate applications handling highly sensitive data from those that handle less sensitive data”).

As per claim 7, Barton-Vogel disclosed the method of claim 1, further comprising: revoking the second profile from the whitelist of the first profile (Barton, par 0222, “perform precautionary actions, such as deleting decryption keys used for decrypting message attachments, when certain conditions are met, such as when a blacklisted mobile application is detected on the mobile device or the device is reported as stolen”); automatically deleting all objects from the first profile, the second profile and the private network that have communication information between the first profile and the second profile (Barton, par 0345, “The container 1736 can be installed by, e.g., the agent 1720, IT administrators of the enterprise system, or the device 1720 manufacturer. The container 1736 can enable some or all of the enterprise data stored in the file system 1738 to be deleted without modifying private data stored on the mobile device 1720 outside of the container 1736. The file system 1738 can facilitate selective or complete deletion of data from the file system 1738. For example, a component of the enterprise system can delete data from the file system 1738 based on, e.g., encoded rules. In some embodiments, the agent 1720 deletes the data from the file system 1738, in response to receiving a deletion command from the enterprise EMM system. In other embodiments, the data is deleted without the assistance of the agent 1720, for example if an agent 1720 is not provided”).

As per claim 8, Barton-Vogel disclosed the method of claim 1, further comprising: accepting receipt of the communication information from the profiles on one or more of the whitelists of the private network based on redistribution irrespective of the quality or content of the communication information; preventing receipt of unsolicited communication information on the private network (Barton, par 0209, “The enterprise system 910 preferably includes an external firewall 922 and an internal firewall 924. Each firewall 922, 924 can comprise a device or set of devices designed to permit or deny network transmissions based upon certain criteria. The firewalls 922 and 924 can comprise software stored on non-transitory computer-readable storage, hardware, firmware, or a combination thereof. The firewalls 922 and 924 can be configured to perform basic routing functions. Embodiments described herein can cooperate with one or both of the firewalls 922 and 924 or other devices of the enterprise system 910 to filter mobile devices' access requests based on a set of gateway rules, in order to protect the enterprise system 910 from unauthorized access while permitting legitimate communications to pass. As will be described in further detail below, such access rules can be used to regulate access based on, e.g., mobile device properties, user properties, the specific enterprise resources 930 for which access is requested, or any combination thereof”); or providing indication on the first profile if any rules of the private network are violated (Barton, par 0265, “Client agent 1720 can be configured to log fault detections, performance measurements, related events, event times, event locations, and other data, and to provide such data to an analytics service as described above in connection with the SDK 2404”).

As per claim 9, Barton-Vogel disclosed the method of claim 1, further comprising: setting a life cycle parameter of expiry time for all the communication information between a first profile and a second profile (Barton, par 0315, “In some arrangements, access control is structured so that the level of security diminishes over time. For instance, some tickets which enable high security may expire first (e.g., after a predefined amount of time such as an hour, 15 minutes, etc.). Other tickets which enable lower security may expire at a later time (e.g., after a later predefined amount of time such as a day, etc.). Other ticket-based techniques for imposing different levels of security based on time are suitable for use as well”); automatically deleting all objects from the first profile, the second profile and the private network that have communication information between the first profile and the second profile after the expiry time (Barton, par 0078, “The data stored in an unsecured data container 342 may remain on the mobile device 302 when the data stored in the secure data container 328 is deleted from the mobile device 302. An enterprise may want to delete from the mobile device selected or all data, files, and/or applications owned, licensed or controlled by the enterprise (enterprise data) while leaving or otherwise preserving personal data, files, and/or applications owned, licensed or controlled by the user (personal data). This operation may be referred to as a selective wipe. With the enterprise and personal data arranged in accordance to the aspects described herein, an enterprise may perform a selective wipe”).

As per claim 10, Barton-Vogel disclosed the method of claim 1, wherein the first profile computing device is one or more of the following: a personal computer, a laptop, a tablet, a handheld device, a smartphone, an internet of things device (Barton, par 0399, “The client device 2505 may comprise any of an end point device, client computers 107, 109, 211-214, mobile device 302, mobile device 402, or any other device. For example, the mobile device may comprise any of a smartphone, a tablet, and the like. One or more applications may be running on the client device 2505. An application may desire to access a protected resource, such as an enterprise resource, and a module included in the application (or other applications) may facilitate access to those protected resources”).

Claims 11 and 16-20 recite substantially the same limitations as claims 1 and 6-10, respectively, in the form of a system implementing the corresponding method, therefore, they are rejected under the same rationale.

Claims 2-5 and 12-15 are rejected under 35 U.S.C. 103 as being unpatentable over Barton in view of Vogel as applied to claim 1 above, and further in view of US PG-PUB No. 2017/0193234 A1 to LeVasseur et al. (hereinafter LeVasseur).
As per claim 2, Barton-Vogel disclosed the method of claim 1, further comprising: 
the distribution parameters include one or more of the following: redistribution geographic perimeter, redistribution location marker, or redistribution geo port (Barton, par 0555, “There may be multiple different managed modes, e.g., based on different security levels of various users or sets of credentials provided by a user, different user roles identified by a set of credentials (e.g., manager versus staff employees), geographic locations from which the device is operated, network locations, operational environment (e.g., a healthcare-related managed mode versus a financial industry managed mode), or based on any other contextual determination”); or wherein the life cycle parameters include one or more of the following: scheduling transit time, read count, usage count, one-time passcode (Barton, par 0102, “In some cases, after a user authenticates with a user ID, a text is sent to the user with an OTP 420. In some cases, this may be implemented only for online use, with a prompt being a single field”);
Barton does not explicitly disclose setting the distribution or life cycle parameters at the profile for default operation; allowing customization of the distribution or life cycle parameters at the conversation object or message object by the profile at the source secure endpoint object, wherein the distribution parameters include one or more of the following: redistribution allowed, redistribution count, redistribution time expiry; however, in an analogous art in secure network communications, LeVasseur disclosed setting the distribution or life cycle parameters at the profile for default operation; allowing customization of the distribution or life cycle parameters at the conversation object or message object by the profile at the source secure endpoint object; wherein the distribution parameters include one or more of the following: redistribution allowed, redistribution count, redistribution time expiry (LeVasseur, par 0750-0752, “3. The default message options (e.g. Allow Tracking, Allow Forwarding, Allow Replying). These message options can, if the service 110 allows it, be modified by users on a per-message basis. An example of the interface for determining service options, default values and over ride rights is visually represented in FIG. 40. 4. The length of time eMail2 messages are stored on the eMail2 service 110, (this can be overridden for specific users or groups of users)”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Barton to further incorporate the customization of message access controls as disclosed by LeVasseur, such modification would allow per-message protection as suggested by LeVasseur (LeVasseur, par 0409, 0and 750-0752).  

As per claim 3, Barton-Vogel disclosed the method of claim 2; Barton does not explicitly disclose decrementing the redistribution count for each transit; preventing redistribution when redistribution count reaches zero; however, LeVasseur disclosed decrementing the redistribution count for each transit; preventing redistribution when redistribution count reaches zero (LeVasseur, par 0471, “These include message termination, message forwarding controls, including the option for required recipients on forwards, message voting, virus scanning, or metadata requirements, limits on the number of recipients, time delays before the message may be retrieved, time- or recipient-based message expirations, limitations on local storage, requirements on the level of security at the recipient client machine 100, including recipient authentication for retrieval or redistribution, and so forth”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Barton to incorporate the option for parameter based redistribution control as disclosed by LeVasseur, such modification would provide increased flexibility for security control based on user’s needs and thus would be more desirable.

As per claim 4, Barton-Vogel-LeVasseur disclosed the method of claim 1, wherein the message object has one or more of the following properties: copying of the message object within two or more conversation objects is allowed freely for the profile at the source secure endpoint object of the message object (LeVasseur, par 0115, “Each recipient can reply in the same secure fashion to any recipients originally included in a given sub-message and may add new recipients (See FIG. 8) subject to the forwarding controls put in place by the sender. FIGS. 9 and 10 provide visual representation of custom private messages in a real-world setting”, the reasons of obviousness have been noted in the rejection of claims 2 and 3 above and applicable herein); the distribution and life cycle parameters are inherited from the conversation object the message object belongs to (LeVasseur, par 0472, “if a user forwards a message, he or she can terminate the thread which begins with his or her forward, leaving the rest of the conversation active. Further, preferably, any message control functionality available to an original message is also available to a forward or reply message and a public or private sub-messages. Such functionality is possible due to the tree-like structure of Message and Parent IDs of public and private messages, forwards, and replies”); or deletion of the message object by the source profile, private network wide zeroization, or expiry of the life cycle of all of the conversation objects it belongs to (LeVasseur, par 0480, “Once terminated, further operations are limited (replying, forwarding, etc. are disallowed) for this message. If the message has been soft terminated, recipients may still retrieve the message. If the message is hard terminated, recipients may not retrieve the message. Preferably, recipient attempts at forbidden actions cause a warning message to be displayed or sent to the sender or administrators”, the reasons of obviousness have been noted in the rejection of claims 2 and 3 above and applicable herein).

As per claim 5, Barton-Vogel-LeVasseur disclosed the method of claim 1, further comprising: preventing deletion or copying of communication information outside of the whitelist of the private network if at the time of creating the communication information the redistribution count is zero (LeVasseur, par 0127, “Termination, essentially freezing the conversation in time, can be especially useful in contract negotiations, legal disputes, e-commerce communication and the general prevention of the dissemination of sensitive information. Senders have the option of choosing between soft termination, wherein users are prevented from performing further action on an eMail2 message, such as forwarding or replying, or hard termination, wherein users are prevented from accessing the message again, as well as prevented from performing further action on the eMail2 message”, the reasons of obviousness have been noted in the rejection of claims 2 and 3 above and applicable herein); or preventing deletion or copying of the communication information outside of one or more whitelists of the private networks included in redistribution (LeVasseur, par 0125, “As an example of message control, the sender may be able to enforce a policy for a message that will require that the initial recipients request the sender's permission before forwarding a message to a third party. This permission may include global permission (to allow all forwarding by the recipient) or per-3.sup.rd-party permission (where the sender may approve or deny forwarding to specific 3.sup.rd-parties)”, the reasons of obviousness have been noted in the rejection of claims 2 and 3 above and applicable herein).

Claims 12-15 recite substantially the same limitations as claims 2-5, respectively, in the form of a system implementing the corresponding method, therefore, they are rejected under the same rationale.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Linglan Edwards whose telephone number is (571)270-5440.  The examiner can normally be reached on 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/ PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




                                                                                                                                                                                                

/LINGLAN E EDWARDS/Primary Examiner, Art Unit 2491