Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 8-14 are rejected under 35 U.S.C. 101 because the broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent. See MPEP 2111.01 When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under U.S.C. 101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 1356-56 (Fed Cir. 2007)(transitory embodiments are not directed to statutory subject matter)

The USPTO suggests the following approach to overcome this 101 rejection. A claim drawn to such a computer readable medium that covers both transitory and non-transitory may be amended to marrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. 101 by adding the limitation "non-transitory" to the claim.
Claims 15-20 are rejected under 35 U.S.C. 101 because the claims are directed to software per se. Claim 15 recites computer-readable storage media which may be a signal per se as described above. Furthermore a processing system does not explicitly include any hardware. The Examiner suggests including a “hardware processor” or “non-transitory computer-readable storage medium” to overcome the rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 4, 11, 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
The claim recites: “wherein the login credentials included in the request are not valid to access the data resource” and “validating the login credentials submitted by the user in the request.” It is unclear how you can validate credentials that are not valid. For the purposes of compact prosecution the Examiner will interpret the login credentials not valid to access as being invalid alone without multi-factor authentication.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-4, 7-11, 14-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stoler (US 10,623,446) in view of Sastri (US 2018/0026940)

Regarding Claim 1,

Stoler (US 10,623,446) teaches a method of operating a computing system to facilitate protection of data resources from unauthorized access, the method comprising: 
receiving a request from a user to access the data resource at the updated address associated with the data shield server and on the unique port that is uniquely assigned to the authorized user (Figure 3D and associated text)(Col. 11, lines 9-12, teaches network request may include network address information e.g. IP address, port number)(Col. 14, lines 46-54, teaches port numbers uniquely assigned); 
in response to the request, authenticating the user using multi-factor authentication to verify that an identity of the user that submitted the request matches the authorized user assigned to the unique port on which the request was received (Figure 3E teaches multi-factor verification of identity data and network address information)(Col 11, lines 56-60)
and upon successful authentication, operating as a proxy to connect the user through to the data resource (Figure 3F, teaches upon successful authentication operating a proxy to connect the user to the resource)(Col. 12, lines 52-57)


Stoler does not explicitly teach instructing an authorized user to replace an address and a port associated with a data resource with an updated address 
Sastri (US 2018/0026940) teaches instructing an authorized user to replace an address and a port associated with a data resource with an updated address (Paragraph [0027] teaches directing a user to update the address mapping)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Stoler to include instructing an authorized user to replace the address and the results would be predictable (i.e. the uniquely assigned port and address in Stoler would have been caused by instruction to the user to update the port and address)

Regarding Claim 2,

Stoler and Sastri teaches the method of claim 1. Stoler teaches wherein the request includes login credentials for the user to access the data resource (Col. 2, lines 21-25, teaches identity data can include “a password”).

Regarding Claim 3,

Stoler and Sastri teaches the method of claim 2. Stoler teaches wherein operating as the proxy to connect the user through to the data resource comprises submitting the login credentials for the user to the data resource and connecting the user through to the data resource upon successful validation of the login credentials by the data resource (Fig. 3F, and associated text, teaches security server 101 operating as a proxy to submit login credentials for the user).

Regarding Claim 4,

Stoler and Sastri teaches the method of claim 2. Stoler teaches wherein the login credentials included in the request are not valid to access the data resource (Figure 4, 406 and associated text, teaches credentials alone are not valid to access the data resource) and valid login credentials for the user to access the data resource are hidden from the user, and wherein operating as the proxy to connect the user through to the data resource comprises validating the login credentials submitted by the user in the request and responsively submitting the valid login credentials for the user to the data resource that are valid for the user to access the data resource (Figure 3F and associated text, teaches submitting credentials directly to the resource (e.g. hidden from the user) and the security server acting as a proxy to connect the user to the resource by submitting credentials)) 


Regarding Claim 7,

Stoler and Sastri teaches the method of claim 1. While Stoler teaches the user of whitelist (Col. 7, lines 33) but does not explicitly teach wherein the updated address associated with the data shield server is whitelisted on the data resource so that the data shield server is allowed to connect to the data resource directly.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to put the security server on the whitelist so the server is able to connect to the resource directly and the results would be predictable (i.e. security server would be on a whitelist)

Regarding Claims 8-11, 14

Claims 8-11, 14 are similar in scope to Claims 1-4, 7 and are rejected for a similar rationale.

Regarding Claims 15-18,

Claims 15-18 are similar in scope to Claims 1-4 and are rejected for a similar rationale.

Claim(s) 5-6, 12-13, 19-20, is/are rejected under 35 U.S.C. 103 as being unpatentable over Stoler and Sastri in further view of Odom (US 2018/0234422)


Regarding Claim 5,

Stoler and Sastri teaches the method of claim 1 further but does not explicitly teach monitoring data received from the data resource and filtering out restricted data items that are returned by the data resource that the user is not authorized to receive.
Odom teaches monitoring data received from the data resource and filtering out restricted data items that are returned by the data resource that the user is not authorized to receive (Paragraph [0223] teaches monitoring data received and disconnecting if the user is not authorized)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Stoler and Sastri with the monitoring method of Odom
The motivation is for port security (Paragraph [0238])

Regarding Claim 6,

 Stoler and Sastri teaches the method of claim 1  but does not explicitly teach further comprising monitoring commands submitted by the user to the data resource, intercepting an unauthorized command for an action that the user is not authorized to perform, and blocking the unauthorized command from reaching the data resource.
Odom teaches comprising monitoring commands submitted by the user to the data resource, intercepting an unauthorized command for an action that the user is not authorized to perform, and blocking the unauthorized command from reaching the data resource.
(Paragraph [0223] teaches monitoring data received and disconnecting if there is an unauthorized command)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Stoler and Sastri with the monitoring method of Odom
The motivation is for port security (Paragraph [0238])

Regarding Claims 12-13, 19-20,

Claims 12-13, 19-20, are similar in scope to Claims 5-6 and are rejected for a similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439