Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION
This Office Action is in response to the communication and claim amendment filed on 04/26/2022; Claims 1, 10, and 19 have been amended; Claims 1, 10, and 19 are independent claims.  Claims 1-20 have been examined and are pending. 
The eTerminal Disclaimer filed on 07/14/2021 (US 10609083 & 10601870).
Authorization for this Examiner’s Amendment was given in a telephone interview with Applicant’s representative, Mr. ODESSA, RYAN (Reg. No.: 79951) has agreed and authorized the Examiner to amend claims 1 and 10; Canceled claims 3, 12, and 19-20.
Examiner’s Amendments
Claims
Replacing claims 1-20 as following:
(Currently Amended)	A distributed security system comprising:
a plurality of content processing nodes that are located external on the Internet to a network edge of an enterprise and located external on the Internet from one of a computer device and a mobile device associated with a user, wherein an external system is any of the enterprise, the computer device, and the mobile device, and wherein a content processing node includes a hardware processor configured to 
monitor a content item including a web page, a file, or an e-mail message that is sent from or requested by the external system, wherein communications between the processing nodes and the external system are via a proxy, a tunnel, and redirection;
classify the content item via a plurality of data inspection engines that utilize policy data and threat data;
perform threat detection on the content item when the content item is classified as unknown;
distribute the content item when the content item is classified as clean or after a cleaning process; and
preclude distribution of the content item when the content item is classified as violating; and
an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data for the external system and the threat data for threat classification and configured to monitor each of the processing nodes, that includes monitoring a health of each of the processing nodes, and to perform one or more of redirect and balance traffic between the processing nodes based on the monitoring of each of the processing nodes[[.]], and
wherein the content processing nodes are configured to update the authority node based on the threat detection, and wherein the authority node is configured to update the threat data based on the update and to provide updated threat data to the plurality of content processing nodes.

(Original)	The distributed security system of claim 1, wherein the policy data defines access privileges, content allowability, and restricted domains, and wherein the threat data includes known viruses, malware sites, and spam email domains.

(Canceled)	

(Original)	The distributed security system of claim 1, wherein the plurality of content processing nodes are distributed through a geographic region.

(Original)	The distributed security system of claim 1, wherein all data destined for or received from the Internet, from the external system, is processed through the content processing node.

(Original)	The distributed security system of claim 1, wherein specific data specified for the external system is processed through the content processing node.

(Original)	The distributed security system of claim 1, wherein the content item is precluded if any one of the plurality of data inspection engines has a violation.

(Original)	The distributed security system of claim 1, wherein the content item includes one or more parts C=[c1, c2, . . . , cm], and the content item is violating if any of the plurality of data inspection engines generates an output that is violating for any part C=[c1, c2, . . . , cm].

(Original)	The distributed security system of claim 1, wherein the plurality of data inspection engines include a detection processing filter that is used as a front end to looking at the threat data, to reduce processing time thereof.

(Currently Amended)	A content processing node comprising:
a processor for performing instructions and one or more memory devices for storing instructions and data, wherein the content processing node is part of a distributed security system and is located external on the Internet to a network edge of an enterprise and located external on the Internet from one of a computer device and a mobile device associated with a user, wherein an external system is any of the enterprise, the computer device, and the mobile device, 
wherein the instructions cause the processor to perform steps of
receive policy data for the external system and threat data threat classification from an authority node in the distributed security system, wherein the authority node is additionally configured to monitor the processing node, that includes monitoring a health of the processing node, and to perform one or more of redirect and balance traffic to the processing node based on the monitoring of the processing node,
monitor a content item including a web page, a file, or an e-mail message that is sent from or requested by the external system, wherein communications between the processing nodes and the external system are via a proxy, a tunnel, and redirection,
classify the content item via a plurality of data inspection engines that utilize the policy data and the threat data,
perform threat detection on the content item when the content item is classified as unknown,
distribute the content item when the content item is classified as clean or after a cleaning process, and
preclude distribution of the content item when the content item is classified as violating[[.]], and
wherein the content processing node is configured to update the authority node based on the threat detection, and wherein the authority node is configured to update the threat data based on the update and to provide updated threat data to a plurality of content processing nodes.

(Original)	The content processing node of claim 10, wherein the policy data defines access privileges, content allowability, and restricted domains, and wherein the threat data includes known viruses, malware sites, and spam email domains.

(Canceled)

(Original)	The content processing node of claim 10, wherein the distributed security system includes a plurality of content processing nodes including the content processing node, and wherein the plurality of content processing nodes are distributed through a geographic region.

(Original)	The content processing node of claim 10, wherein all data destined for or received from the Internet, from the external system, is processed through the content processing node.

(Original)	The content processing node of claim 10, wherein specific data specified for the external system is processed through the content processing node.

(Original)	The content processing node of claim 10, wherein the content item is precluded if any one of the plurality of data inspection engines has a violation.

(Original)	The content processing node of claim 10, wherein the content item includes one or more parts C=[c1, c2, . . . , cm], and the content item is violating if any of the plurality of data inspection engines generates an output that is violating for any part C=[c1, c2, . . . , cm].

(Original)	The content processing node of claim 10, wherein the plurality of data inspection engines include a detection processing filter that is used as a front end to looking at the threat data, to reduce processing time thereof.

(Canceled)

20.	(Canceled)

Examiner's Statement of reason for Allowance
Claims 1-2, 4-9, 10-11, and 13-18 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The invention is directed system distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.
The closest prior arts are over Zakas (“Zakas,” US 2006/0026669, published Feb. 2, 2006), Glass et al. (“Glass,” US 2005/0060643, published Mar. 17, 2005), and Werner et al. (“Werner,” US 2006/0031373, published Feb. 9, 2006) are generally directed to various aspect of a system distributed security system includes a plurality of a plurality of content processing nodes that are located external on the Internet to a network edge of an enterprise and located external on the Internet from one of a computer device and a mobile device associated with a user, wherein an external system is any of the enterprise, the computer device, and the mobile device, and wherein a content processing node includes a hardware processor configured to monitor a content item including a web page, a file, or an e-mail message that is sent from or requested by the external system, wherein communications between the processing nodes and the external system are via a proxy, a tunnel, and redirection; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; perform threat detection on the content item when the content item is classified as unknown; distribute the content item when the content item is classified as clean or after a cleaning process; and preclude distribution of the content item when the content item is classified as violating.
However, none of Zakas, Glass, and Werner teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims 1 and 10.  For examples, it failed to teach “an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data for the external system and the threat data for threat classification and configured to monitor each of the processing nodes, that includes monitoring a health of each of the processing nodes, and to perform one or more of redirect and balance traffic between the processing nodes based on the monitoring of each of the processing nodes” and  “wherein the content processing nodes are configured to update the authority node based on the threat detection, and wherein the authority node is configured to update the threat data based on the update and to provide updated threat data to the plurality of content processing nodes.”
This feature in light of other features, when considered as a whole, in the independent claims 1 and 10 are allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380.  The examiner can normally be reached on Monday-Friday: 6:00 AM-3:30 PM, other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Canh Le/
Examiner, Art Unit 2439

May 4th, 2022 



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439