Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed on April 19, 2022 has been entered.
Claims 1-20 are pending.
	Claims 1-20 are rejected.
	
	
	Double Patenting
3. 	The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
4.    	A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) -706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-l.jsp.
5.    	Claims 1- 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over Claims 1-20 of U.S. Patent No. 11,075,959. Although independent Claims 1 are not identical, they are not patentably distinct from each other, and the rest of the claims, including independent Claims 11 and 17 as well as all the dependent claims, are actually identical.
Because both sets of claims essentially recite the same procedure in which the provisioned agent accesses data in order to determine a SO confidence assignment matrix and then either executes or suppresses a selected secure operation, it would have been obvious to a person of ordinary skill in the art that the claims of the instant application are not patentably distinct from the claims of U.S. Patent No. 11,075,959. Under the guidance of KSR International Co. v. Teleflex Inc., 127 S. Ct. 1727, 82 USPQ2d 1385, 1395-97 (2007) of using simple substitution of one known methods to obtain predictable results (MPEP 2143(I)(B), the double patenting would have been obvious to a person of ordinary skill in the art. Therefore, the claims shown in the table recite essentially the same subject matter and remain subject to rejection for double patenting.
Instant Application
17/354,599
US Patent No.
11,075,959

Comments
Claim 1:

A system including: 

network interface circuitry configured to establish a sanitized uplink between a privacy- secure-edge-zone provisioned agent and a central-zone-provisioned security controller, the sanitized uplink configured to prevent upstream transport of un- sanitized data; and

security control circuitry configured to execute controller-blind secure-operation (SO) control of an edge-zone device by:

receiving a request for a selected secure-operation from an edge-zone device; 










responsive to: 

the provisioned agent accessing the un-sanitized data while localized in the privacy-secure edge-zone; and 

the provisioned agent determining, via a SO confidence analysis, based 
on a SO confidence assignment matrix and 
un-sanitized data, a SO confidence coefficient for the edge-zone device, the SO confidence assignment matrix including multiple condition-descriptors configured to support the SO confidence analysis based on the un-sanitized data, the security controller being blind to the un-sanitized data: 

receiving the SO confidence coefficient from the provisioned agent while remaining blind to the un-sanitized data; 

based on the SO confidence coefficient, determining whether the edge-zone device is SO compliant; 

at a time when the edge-zone device is SO compliant, causing execution of the selected secure-operation responsive to the request; 

at a time when the edge-zone device is not SO compliant, refusing execution of the selected secure-operation responsive to the request.  

Claim 1:
A system including:
network interface circuitry configured to establish a sanitized uplink between a privacy-secure-edge-zone provisioned agent and a central-zone-provisioned security controller, the sanitized uplink configured to prevent upstream transport of unsanitized data; and
security control circuitry configured to execute controller-blind secure-operation (SO) control of an edge-zone device by:
providing a SO confidence assignment matrix from the security controller to the provisioned agent, the SO confidence assignment matrix including multiple condition-descriptors configured to support a SO confidence analysis based on un-sanitized data, the security controller being blind to the un-sanitized data; 
responsive to:
the provisioned agent accessing the un-sanitized data while localized in the privacy-secure edge-zone; and
the provisioned agent determining, via the SO confidence analysis, based on the SO confidence assignment matrix and the un-sanitized data, a SO confidence coefficient for the edge-zone device:




receiving the SO confidence coefficient from the provisioned agent while remaining blind to the un-sanitized data; 
based on the SO confidence coefficient, determining whether the edge-zone device is SO compliant;
at a time when the edge-zone device is SO compliant, providing a SO interface option for a selected secure-operation;
at a time when the edge-zone device is not SO compliant, suppressing the SO interface option for the selected secure-operation; and 

responsive to selection of the SO interface option via an input interface of the edge-zone device, causing execution of the selected secure-operation.



Almost identical claims.

















The instant claim is more broadly recited.


























This part of the instant limitation is found in the patent claim, as underlined two limitations above. The order of the descriptive information is changed, but the content is the same.

























The instant claim is more broadly recited with respect to this limitation, and the patent claim recites the execution.
Claim 2:

The system of claim 1, 
where the selected secure-operation is configured to generate an interactive interface on a display of the edge-zone device.  

Claim 2:
The system of claim 1, where the selected secure-operation is configured to generate an interactive interface on a display of the edge-zone device.



Dependent Claims 2-10 are identical.
Claim 3:

The system of claim 1, 
where the selected secure-operation includes an 
account access action, an account creation action, or both.

Claim 3:

The system of claim 1, where the selected secure-operation includes an account access action, an account creation action, or both.

Claim 4:

The system of claim 1, 
where the multiple condition-descriptors correspond 
to indications of compliance with enterprise policy constraints.  

Claim 4:

The system of claim 1, where the multiple condition-descriptors correspond to indications of compliance with enterprise policy constraints.

Claim 5:

The system of claim 4, 
where the enterprise policy constraints include terms 
for compliance with a regulatory framework.  

Claim 5:

The system of claim 4, where the enterprise policy constraints include terms for compliance with a regulatory framework.

Claim 6:

The system of claim 1, 
where at least an individual 
one of the multiple-
condition descriptors 
prevents execution of a parallel transaction on the edge-zone device, 
the parallel transaction, 
when executed, obfuscates a source of the parallel transaction.  

Claim 6:

The system of claim 1, where at least an individual one of the multiple-condition descriptors prevents execution of a parallel transaction on the edge-zone device, the parallel transaction, when executed, obfuscates a source of the parallel transaction.

Claim 7:

The system of claim 1, 
where the multiple condition-descriptors include 
asserted private data held within the central-zone for comparison with captured private data from the edge-zone device.

Claim 7:
The system of claim 1, where the multiple condition-descriptors include asserted private data held within the central-zone for comparison with captured private data from the edge-zone device.

Claim 8:

The system of claim 7, 
where the SO confidence assignment matrix is configured to compel a reduction in the determined SO confidence coefficient when a mismatch between the asserted private data and the captured private data is identified.  


Claim 8:

The system of claim 7, where the SO confidence assignment matrix is configured to compel a reduction in the determined SO confidence coefficient when a mismatch between the asserted private data and the captured private data is identified.

Claim 9:

The system of claim 8, 
where the multiple condition-descriptors further 
support collection of a captured context for the captured private data.  

Claim 9:

The system of claim 8, where the multiple condition-descriptors further support collection of a captured context for the captured private data.

Claim 10:

The system of claim 9, 
where SO confidence assignment matrix is configured to increase the reduction that is compelled when the captured context includes a reliable context.  

Claim 10:

The system of claim 9, where SO confidence assignment matrix is configured to increase the reduction that is compelled when the captured context includes a reliable context.

Claim 11:

A method including: 

at network interface circuitry, establishing a sanitized 
uplink between a privacy-secure-edge-zone 
provisioned agent and a central-zone-provisioned security controller, the sanitized uplink configured to prevent upstream transport of un-sanitized data; and

at security control circuitry, executing controller-blind secure-operation (SO) 
control of an edge-zone device by: 

providing a SO confidence assignment matrix from the security controller to the provisioned agent, the SO confidence assignment 
matrix including multiple 22Date of USPTO EFS DepositPATENT June 22, 2021Case No. 15718/848condition-descriptors configured to support a SO confidence analysis based on un-sanitized data, the security controller being blind to the un-sanitized data; responsive to: 

the provisioned agent accessing the un-sanitized data while localized in the privacy-secure edge-zone; and 

the provisioned agent determining, via the SO confidence analysis, based 
on the SO confidence assignment matrix and the un-sanitized data, a SO confidence coefficient for the edge-zone device: 

receiving the SO confidence coefficient from the provisioned agent while remaining blind to the un-sanitized data; 

based on the SO confidence coefficient, determining whether the edge-
zone device is SO compliant; 

at a time when the edge-zone device is SO compliant, providing a SO interface option for a selected secure-operation; 

at a time when the edge-
zone device is not SO compliant, suppressing the 
SO interface option for the selected secure-operation; and 

responsive to selection of the SO interface option via an input interface of the edge-zone device, causing execution of the selected secure-operation.  

Claim 11:
A method including:
at network interface circuitry, establishing a sanitized uplink between a privacy-secure-edge-zone provisioned agent and a central-zone-provisioned security controller, the sanitized uplink configured to prevent upstream transport of un-sanitized data; and
at security control circuitry, executing controller-blind secure-operation (SO) control of an edge-zone device by:
providing a SO confidence assignment matrix from the security controller to the provisioned agent, the SO confidence assignment matrix including multiple condition-descriptors configured to support a SO confidence analysis based on un-sanitized data, the security controller being blind to the un-sanitized data; responsive to:
the provisioned agent accessing the un-sanitized data while localized in the privacy-secure edge-zone; and
the provisioned agent determining, via the SO confidence analysis, based on the SO confidence assignment matrix and the un-sanitized data, a SO confidence coefficient for the edge-zone device:
receiving the SO confidence coefficient from the provisioned agent while remaining blind to the un-sanitized data; 
based on the SO confidence coefficient, determining whether the edge-zone device is SO compliant;
at a time when the edge-zone device is SO compliant, providing a SO interface option for a selected secure-operation;
at a time when the edge-
zone device is not SO compliant, suppressing the SO interface option for the selected secure-operation; and 

responsive to selection of the SO interface option via an input interface of the edge-zone device, causing execution of the selected secure-operation.


Identical independent Claims 11.
Claim 12:

The method of claim 11, where the selected secure-operation generates an interactive interface on a display of the edge-zone device.  

Claim 12:
The method of claim 11, where the selected secure-operation generates an interactive interface on a display of the edge-zone device.


Dependent Claim 12-16 are identical.
Claim 13:

The method of claim 11, where the selected secure-operation includes 
an account access action, an account creation action, or both.

Claim 13:

The method of claim 11, where the selected secure-operation includes an account access action, an account creation action, or both.

Claim 14:

The method of claim 11, where the multiple condition-descriptors correspond 
to indications of compliance with enterprise policy constraints.

Claim 14:

The method of claim 11, where the multiple condition-descriptors correspond to indications of compliance with enterprise policy constraints.

Claim 15:

The method of claim 14, where the enterprise policy constraints include terms 
for compliance with a regulatory framework.

Claim 15:

The method of claim 14, where the enterprise policy constraints include terms for compliance with a regulatory framework.

Claim 16:

The method of claim 11, where at least an individual one of the multiple condition-descriptors prevents 
execution of a parallel transaction on the edge-zone device, the parallel transaction, when executed, obfuscates a source of the parallel 23Date of USPTO EFS DepositPATENT June 22, 2021Case No. 15718/848transaction.

Claim 16:

The method of claim 11, where at least an individual one of the multiple condition-descriptors prevents execution of a parallel transaction on the edge-zone device, the parallel transaction, when executed, obfuscates a source of the parallel transaction.

Claim 17:

A product including: 

machine-readable media other than a transitory signal; and instructions stored on the machine-readable media, the instructions configured to, when executed, cause a machine to: 

at network interface circuitry, establish a sanitized uplink between a privacy-secure-edge-zone provisioned agent and a central-zone-provisioned security 
controller, the sanitized uplink configured to prevent upstream transport of un- sanitized data; and 

at security control circuitry, execute controller-blind secure-operation (SO) 
control of an edge-zone 
device by: 

providing a SO confidence assignment matrix from the security controller to the provisioned agent, the SO confidence assignment 
matrix including multiple condition-descriptors configured to support a SO confidence analysis based 
on un-sanitized data, the security controller being blind to the un-sanitized data; 

responsive to: 

the provisioned agent accessing the un-sanitized data while localized in the privacy-secure edge-zone; and 

the provisioned agent determining, via the SO confidence analysis, based 
on the SO confidence assignment matrix and the un- sanitized data, a SO confidence coefficient for the edge-zone device: 

receiving the SO confidence coefficient from the provisioned agent while remaining blind to the un-sanitized data; 

based on the SO confidence coefficient, determining whether the edge- zone device is SO compliant; 

at a time when the edge-zone device is SO compliant, providing a SO interface option for a selected secure-operation; 

at a time when the edge-
zone device is not SO compliant, suppressing the SO interface option for the selected secure-
operation; and 

responsive to selection of the SO interface option via an input interface of the edge-zone device, causing execution of the selected secure-24Date of USPTO EFS DepositPATENT June 22, 2021Case No. 15718/848operation.  

Claim 17:
A product including:
machine-readable media other than a transitory signal; and instructions stored on the machine-readable media, the instructions configured to, when executed, cause a machine to:
at network interface circuitry, establish a sanitized uplink between a privacy-secure-edge-zone provisioned agent and a central-zone-provisioned security controller, the sanitized uplink configured to prevent upstream transport of unsanitized data; and
at security control circuitry, execute controller-blind secure-operation (SO) control of an edge-zone device by:
providing a SO confidence assignment matrix from the security controller to the provisioned agent, the SO confidence assignment matrix including multiple condition-descriptors configured to support a SO confidence analysis based on un-sanitized data, the security controller being blind to the un-sanitized  data; 
responsive to:
the provisioned agent accessing the un-sanitized data while localized in the privacy-secure edge-zone; and 
the provisioned agent determining, via the SO confidence analysis, based on the SO confidence assignment matrix and the un-sanitized data, a SO confidence coefficient for the edge-zone device:
receiving the SO confidence coefficient from the provisioned agent while remaining blind to the un-sanitized data; 
based on the SO confidence coefficient, determining whether the edge-zone device is SO compliant;
at a time when the edge-zone device is SO compliant, providing a SO interface option for a selected secure-operation; 
at a time when the edge-zone device is not SO compliant, suppressing the SO interface option for the selected secure-operation; and
responsive to selection of the SO interface option via an input interface of the edge-zone device, causing execution of the selected secure-operation.


Identical independent Claims 17.
Claim 18:

The product of claim 17, where the multiple condition-descriptors include asserted private data held within the central-zone for comparison with captured private data from the edge-zone device.  

Claim 18:
The product of claim 17, where the multiple condition-descriptors include asserted private data held within the central-zone for comparison with captured private data from the edge-zone device.

Dependent Claim 18-20 are identical.
Claim 19:

The product of claim 18, where the SO confidence assignment matrix is configured to compel a reduction in the determined SO confidence coefficient when a mismatch between the asserted private data and the captured private data is identified.  

Claim 19:

The product of claim 18, where the SO confidence assignment matrix is configured to compel a reduction in the determined SO confidence coefficient when a mismatch between the asserted private data and the captured private data is identified.

Claim 20:

The product of claim 19, where the multiple condition-descriptors further 
support collection of a captured context for the captured private data.
Claim 20:

The product of claim 19, where the multiple condition-descriptors further support collection of a captured context for the captured private data.



Examiner Note:  No prior art references were found to teach the above claims, which would be allowable upon Applicant filing a Terminal Disclaimer with respect to US Patent No. 11,075,959. 
Response to Arguments
Applicant's arguments filed April 19, 2022 have been fully considered but they are not persuasive. 
Regarding the Double Patenting rejection, Applicant argues as follows:
Claims 1- 20 were rejected on the ground of non-statutory double patenting as being unpatentable over Claims 1-20 of U.S. Patent No. 11,075,959. Although independent Claims 1 are not identical, the rejection asserts that they are not patentably distinct from each other, and the rest of the claims, including independent Claims 11 and 17 as well as all the dependent claims, are actually identical. 
This rejection is traversed because (1) the independent claims 11 and 17, as amended, are no longer identical, and (2) the independent claims 1, 11 and 17, as amended are patentably distinct from the independent claims of U.S. Patent No. 11,075,959. As shown above, claims 11 and 17 have been amended to parallel the features of independent claim 1. As such, amended claims 11 and 17 are no longer identical to the same independent claims in the parent patent. 
The office action fails to make a prima facie obviousness-type double-patenting rejection as to the claims being patentably indistinct. Indeed, the amendments highlight the differences of the instant claims and the claims from the parent patent. The rejection is deficient because it fails to make out why the differences from the instant claims are not patentably distinct. In the claims of the parent patent, the security analysis was initiated by the server-side actions in the "security controller." In the instant claims, the security analysis is initiated by the device on which the local agent is running the "provisioned agent," by the claims reciting "receiving a request for a selected secure-operation from an edge-zone device." Moreover, in the claims of the parent patent, depending on whether the edge-zone device is SO compliant, the security control circuitry is either providing or suppressing the SO interface option of a selected secure-operation. In contrast, in the instant claims, depending on whether the edge-zone device is SO compliant, the security control circuitry is causing or refusing execution of the selected secure-operation responsive to the request. The rejection fails to account for these differences or explains how these differences are obvious. The parent claims do not anticipate the instant claims, and are not shown to be an obvious variation thereof. See MPEP 804.11.B. Therefore, a prima facie double patenting rejection has not been made out, and the rejection should be withdrawn.

Examiner respectfully disagrees that the Double Patenting rejection should be withdrawn.  Applicant argues as follows:
In the claims of the parent patent, the security analysis was initiated by the server-side actions in the "security controller." In the instant claims, the security analysis is initiated by the device on which the local agent is running the "provisioned agent," by the claims reciting "receiving a request for a selected secure-operation from an edge-zone device."

Regardless of which entity initiates the process, the overall procedure remains the same.  The provisioned agent accesses data in order to determine a SO confidence assignment matrix and then either executes or suppresses a selected secure operation after making the determination.  Thus, the same steps are performed in both sets of claims.
Applicant’s next argument is as follows:
Moreover, in the claims of the parent patent, depending on whether the edge-zone device is SO compliant, the security control circuitry is either providing or suppressing the SO interface option of a selected secure-operation. In contrast, in the instant claims, depending on whether the edge-zone device is SO compliant, the security control circuitry is causing or refusing execution of the selected secure-operation responsive to the request.

This argument is not persuasive, since the “interface option” is disclosed as follows in paragraph [042] of the specification: “When the interface option corresponding to the specific SO is selected (e.g. in scenarios where the edge-zone device is SO-compliant), the SCL 200 may cause execution of the specific SO (212).”  Thus, in cases where the SO interface option is selected (which is disclosed paragraph [040] as merely a button to press), the execution occurs, thereby causing the same end result in both sets of claims.  There appears to be no difference in the overall process.  Therefore, Claims 1-20 remain rejected under double patenting.


	Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHYLLIS A BOOK whose telephone number is (571)272-0698. The examiner can normally be reached M-F 10:00 am - 7:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GLENTON BURGESS can be reached on 571-272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHYLLIS A BOOK/Primary Examiner, Art Unit 2454