Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Claim Rejections - 35 USC § 101
	35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

	Claims 15 - 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  
	Regarding claim 15, said claim is directed to a “computer program product” recited as “comprising a computer-readable storage medium…”. The broadest reasonable interpretation of a claim drawn to a computer-readable storage medium includes forms of transitory propagating signals in view of the ordinary and customary meaning of computer-readable storage media. A transitory propagating signal is not a process, machine, manufacture or composition of matter. Applicant’s recitation of a “computer-readable storage medium” thus appears to include non-statutory, transitory embodiments.	A claim drawn to such a computer-readable storage medium may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection by further specifying that the claim is limited to “non-transitory” media, directing the claim to a “storage device” rather than a “storage medium”, or specifying that said medium “does not include a signal”.
	Regarding claims 16 - 20, said claims further specify the “computer-readable storage medium” of claim 15, while failing to remedy the above noted deficiencies of claim 15. The analysis applied above to claim thus is similarly applicable to claims 16 - 20.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.

Claim 17 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  	Claim 17 is recited as further limiting the “computer program product of claim 1”. Claim 1, however, is directed to a “method” and not a “computer program product”.	Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.	For the purposes of performing compact prosecution, claim 17 is being treated as further limiting claim 15.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 3, 5 – 10, 12 – 17, and 19 - 20 are rejected under 35 U.S.C. 103 as being unpatentable over Buruganahalli (US-9419942-B1) in view of Purusothaman (US-20190364072-A1).
	Regarding claim 1, Buruganahalli shows a method for privacy and security policy delivery, comprising:	storing, in a memory of a computing device, one or more compatibility modules, the one or more compatibility modules being a security policy defining a set of specific access rules for a destination endpoint (col. 7 lines 25-36, col. 13 lines 36-46);	receiving, by the computing device, a user request from the user device for the destination endpoint, the destination endpoint being associated with one or more domains on a second network (col. 4 lines 15-22); and 	analyzing, by the computing device, the one or more domains using the security policy of the selected compatibility module (col. 4 lines 20-22, col. 5 lines 25-28).	Buruganahalli does not show receiving, by the computing device, a user selection of one of the one or more compatibility modules, the user selection being received from a user device on a first network;	installing, on the computing device, the selected compatibility module.	Purusothaman shows receiving, by the computing device, a user selection of one of the one or more compatibility modules, the user selection being received from a user device on a first network ([66,72,82]);	installing, on the computing device, the selected compatibility module ([82]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the policy security techniques of Buruganahalli with the policy GUI of Purusothaman, enabling selection and installation of particular policies, in order to improve a user’s ability to customize which policies are applied at particular locations in a managed network.
	Regarding claim 2, Buruganahalli in view of Purusothaman further show where in the destination endpoint is selected from the group consisting of: a computing device, a computing device application (Buruganahalli, col. 3 lines 18-27), a software program, and a website.
	Regarding claim 3, Buruganahalli in view of Purusothaman further show wherein the set of specific rules define the one or more domains associated with the destination endpoint to be granted access to the computing device (Buruganahalli showing allowing establishment of a TLS session; col. 2 lines 36-61, col. 5 lines 25-32 and lines 62-66).
	Regarding claim 5, Buruganahalli in view of Purusothaman further show wherein the user selection is received via a user interface (Purusothaman, [82]).
	Regarding claim 6, the combination above shows claim 1.	The combination above does not show wherein the one or more compatibility modules includes metadata for displaying the one or more compatibility modules via the user interface 	Purusothaman shows wherein the one or more compatibility modules includes metadata for displaying the one or more compatibility modules via the user interface ([72,95]).	It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to further modify the combination above with the metadata use of Purusothaman in order to simplify location of the policy desired by the user.
	Regarding claim 7, Buruganahalli in view of Purusothaman further show wherein the metadata enables the user to search the one or more compatibility modules (Purusothaman, [72,95]).
	Regarding claim 8, Buruganahalli shows a system for privacy and security policy delivery, the system comprising:	one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories (Figs. 4 and 5), the instructions comprising: 	instructions to storing, in a memory of a computing device, one or more compatibility modules, the one or more compatibility modules being a security policy defining a set of specific access rules for a destination endpoint (col. 7 lines 25-36, col. 13 lines 36-46);
	instructions to receive, by the computing device, a user request from the user device for the destination endpoint, the destination endpoint being associated with one or more domains on a second network (col. 4 lines 15-22); and	instructions to analyze, by the computing device, the one or more domains using the security policy of the selected compatibility module (col. 4 lines 20-22, col. 5 lines 25-28).
	Buruganahalli does not show instructions to receive, by the computing device, a user selection of one of the one or more compatibility modules, the user selection being received from a user device on a first network; 	instructions to install, on the computing device, the selected compatibility module.
Purusothaman shows instructions to receive, by the computing device, a user selection of one of the one or more compatibility modules, the user selection being received from a user device on a first network ([66,72,82]); 	instructions to install, on the computing device, the selected compatibility module ([82]).	It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the policy security techniques of Buruganahalli with the policy GUI of Purusothaman, enabling selection and installation of particular policies, in order to improve a user’s ability to customize which policies are applied at particular locations in a managed network.
	Regarding claim 9, the limitations of said claim are rejected in the analysis of claim 2.
	Regarding claim 10, the limitations of said claim are rejected in the analysis of claim 3.
	Regarding claim 12, the limitations of said claim are rejected in the analysis of claim 5.
	Regarding claim 13, the limitations of said claim are rejected in the analysis of claim 6.
	Regarding claim 14, the limitations of said claim are rejected in the analysis of claim 7.
	Regarding claim 15, the limitations of said claim are rejected in the analysis of claim 1.
	Regarding claim 16, the limitations of said claim are rejected in the analysis of claim 2.
	Regarding claim 17, the limitations of said claim are rejected in the analysis of claim 3.
	Regarding claim 19, the limitations of said claim are rejected in the analysis of claim 5.
	Regarding claim 20, the combination above shows claim 15.	The combination above does not show wherein the one or more compatibility modules includes metadata for displaying the one or more compatibility modules via the user interface and the metadata enabling the user to search the one or more compatibility modules.	Purusothaman shows wherein the one or more compatibility modules includes metadata for displaying the one or more compatibility modules via the user interface ([72,95]) and the metadata enabling the user to search the one or more compatibility modules ([72,95]).	It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to further modify the combination above with the metadata use of Purusothaman in order to simplify location of the policy desired by the user.

Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Buruganahalli in view of Purusothaman, as applied to claim 1 above, further in view of Dhawan (Dhawan, Mohan, Christian Kreibich, and Nicholas Weaver. "Priv3: A third party cookie policy." W3C Workshop: Do Not Track and Beyond. (Year: 2012))
	Regarding claim 4, Buruganahalli in view of Purusothaman show claim 1.	Buruganahalli in view of Purusothaman do not show use of a set of specific rules that define one or more cookies associated with the destination endpoint to be granted access to the computing device.	Dhawan shows use of a set of specific rules that define one or more cookies associated with the destination endpoint to be granted access to the computing device (pg. 3, Section 3, left column discussing “selective cookie suppression”, and pg. 3, Section 4, discussing the use of cookie domain blacklists).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the security policie management system of Buruganahalli in view of Purusothaman with the cookie management of Dhawan in order to further improve the security and privacy of the devices on the managed network.
	Regarding claims 11 and 18, the limitations of said claims are rejected in the analysis of claim 4.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, which includes:	Cam-Winget (US-20200389497-A1),	Merzdovnik (Merzdovnik, Georg, et al. "Block me if you can: A large-scale study of tracker-blocking tools." 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE. (Year: 2017)),	Yue (Yue, Chuan, Mengjun Xie, and Haining Wang. "An automatic HTTP cookie management system." Computer Networks 54.13: 2182-2198. (Year: 2010)), and 	Jackson (Jackson, Collin, et al. "Protecting browser state from web privacy attacks." Proceedings of the 15th international conference on World Wide Web. (Year: 2006)).





	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN M MACILWINEN whose telephone number is (571)272-9686. The examiner can normally be reached Monday - Friday, 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, WILLIAM TROST can be reached on (571)272-7872. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

JOHN MACILWINEN
Primary Examiner
Art Unit 2442



/JOHN M MACILWINEN/Primary Examiner, Art Unit 2442