Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Status of Claims
Claims 2-21 are subject to examination.  
Claim 1 is cancelled.  


 Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 2, 10, 18, 3, 11, 19, 6, 14, 7, 15, is/are rejected under 35 U.S.C. 103 as being unpatentable over Modzelewski et al., 2014/0181258 Dropbox Inc in view of Ben-Reuven 2013/0074191 and “Official Notice”. 
Referring to claims 2, 10, and 18, Modzelewski-Dropbox discloses limitations of claims 2, 10, and 18, a system, comprising: a memory comprising instructions; and one or more hardware processors, wherein the instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to: a computer-implemented method comprising: a non-transitory machine-readable storage medium including instructions that, when executed by one or more hardware processors, causes the one or more hardware processors to: receiving, by a hardware processor, a download request (upload/retrieve content, para 19) from a device (a request to obtain data from a data block stored at an online storage provider/system/server/memory, para 40, note: since the data is obtained it implies that the data is downloaded at the device, which is coming from the data block storage) requesting to download a first set of information stored in a memory (obtaining data from a data block stored at an online storage provider/system/server/memory, para 40-43) protected by a firewall configured to control access to the memory; 

    PNG
    media_image1.png
    669
    459
    media_image1.png
    Greyscale

applying, by a software implemented by the hardware processor (the software of the system/server, para 40-43), a data size limit rule that limits a data size of the first set of information (implements a rule that limits the data size along with a threshold for the data of the data block, para 40-43) requested by the download request to be no larger than a predefined data size threshold (the requested data of the data block is not larger than the data size threshold, para 40-43); 

    PNG
    media_image2.png
    369
    454
    media_image2.png
    Greyscale


    PNG
    media_image3.png
    327
    545
    media_image3.png
    Greyscale

not allowing, by the firewall implemented by the hardware processor, the device from downloading the first set of information from the memory that is associated with the download request (figure 4A showing memory(ies) that is/are associated with the request that is made for accessing information/data) based on the data size firewall. Ben-Reuven discloses firewall, para 73, firewall with storage with data, to not allow content for the request. One of ordinary skilled in the art, would readily know what a firewall is, which has been well-known in the art for more than a decade and used around the world. In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to include firewall and also one of ordinary skill in the art would have been motivated to do so because it could provide restriction for access of data. Certain data would be precluded from access. This would enable specifying and not allowing access to the certain data by specified entities, by utilizing the well-known firewall.
Modzelewski-Dropbox also discloses that the information can be personal identifiable information (user information, para 20). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide restriction for access of data. Certain data would be precluded from access. This would enable specifying and not allowing access to the certain data such as user information by specified entities, para 20. 
Modzelewski-Dropbox and Ben-Reuven do not specifically mention about, denying. “Official Notice” is taken that Denying is well-known and expected in the art. For example, Walsh, 8,424,075 (2013) implements, well-known denying, col., 7, line 35. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to include denying and also one of ordinary skill in the art would have been motivated to do so because it could provide indication that the request is not carried out. Upon indication of denial of the request the user can resubmit the request and/or the user can modify the request to access the information, col., 7, lines 20-22.

Referring to claim(s) 3, 11, 19, Modzelewski-Dropbox discloses receiving the download request to download the first set of personal identifiable information that is user profile information or confidential information (para 20).

Referring to claim(s) 6, 14, Modzelewski-Dropbox discloses receiving, by a hardware processor, a second download request (another upload/retrieve content, para 19) from a device (a request to obtain data from a data block stored at an online storage provider/system/server/memory, para 40, note: since the data is obtained it implies that the data is downloaded at the device, which is coming from the data block storage) requesting to download a second set of information stored in a memory (obtaining another data from a data block stored at an online storage provider/system/server/memory, para 40-43) protected by a software configured to control access to the memory; applying, by a software implemented by the hardware processor (the software of the system/server, para 40-43), a data size limit rule that limits a data size of the second set of information (implements a rule that limits the data size along with a threshold for the data of the data block, para 40-43) requested by the download request to be no larger than a predefined data size threshold (the requested data of the data block is not larger than the data size threshold, para 40-43); and preventing, by the software implemented by the hardware processor, the device from downloading the second set of information from the memory based on the data size the second set of information exceeding the predefined data size threshold (“without transferring the actual data” / not allowing the device to obtain the data from the data block when the data from the data block is above data size threshold). Modzelewski also discloses that the information can be second personal identifiable information (another user information, para 20). Ben-Reuven discloses, firewall, para 73, firewall with storage with data, prevent/allow content for the request.

Referring to claim(s) 7, 15, Modzelewski-Dropbox discloses receiving the second download request that requests to download the second personal identifiable information that is user profile information or confidential information (para 20).

Claim(s) 4, 8, 12, 16, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Modzelewski-Dropbox in view of Ben-Reuven, Official Notice, and Bousamra et al., 20130212381.
Referring to claim(s) 4, 12, 20, Modzelewski-Dropbox, Ben-Reuven do not disclose, which is well-known in the art, which Bousamra discloses, receiving the download request that comprises a security certificate, wherein the device is prevented from downloading the first set of personal identifiable information based at least in part on the security certificate, para 47. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the certificate. The security certificate would enable precluding certain data from access. This would enable specifying and not allowing access/communication to the certain data by specified entities, para 22, 77. 

Referring to claim(s) 8, 16, Modzelewski-Dropbox, Ben-Reuven do not disclose, which is well-known in the art, which Bousamra discloses, receiving the second download request that comprises a security certificate, wherein the second set of personal identifiable information is communicated based at least in part on the security certificate, para 47. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the certificate. The security certificate would enable including certain data for access. This would enable specifying and allowing access/communication to the certain data by specified entities, para 22, 77. 
  
 Claim(s) 5, 9, 13, 17, 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Modzelewski-Dropbox in view of Ben-Reuven, Official Notice, and Spaulading et al., 20170270317.
Referring to claim(s) 5, 13, 21, Modzelewski-Dropbox, Ben-Reuven do not disclose, which is well-known in the art, which Bousamra discloses, receiving the download request from a service application associated with the device, para 57. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the service application. The service application would enable protection of data that is accessed. This would enable service application securely handling sensitive data and not exposing to others, para 57. 

 Referring to claim(s) 9, 17, Modzelewski-Dropbox, Ben-Reuven do not disclose, which is well-known in the art, which Bousamra discloses, receiving the second download request from a service application that associated with the device, para 57. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide utilizing well-known use of the service application. The service application would enable protection of data that is accessed. This would enable service application securely handling sensitive data and not exposing to others, para 57. 


Response to Arguments
Applicant's arguments filed 7/26/22, pages 8-14 have been fully considered but they are not persuasive.  Therefore, rejection of claims 2-21 is maintained. 
Regarding Applicant’s concerns, the Office Action has taken Official Notice that “[d]enying is well-known and expected in the art” and that “Walsh . . . implements, well-known denying, col. 7, line 35.” /d. But denying is neither well-known nor expected in the art, nor would it be obvious to modify Modzelewski or Ben-Reuven with the teachings of Walsh to arrive at “denying, by the firewall implemented by the one or more hardware processors, the device from downloading the first set of personal identifiable information from the memory that is associated with the download request based at least in part on the data size of the first set of personal identifiable information exceeding the predefined data size threshold,” as recited in independent claim 2 (emphasis added).
Walsh generally describes “[a] virtual environment firewall [that] receives a message having a request from a virtual environment entity intended for a virtual environment controller.” Walsh, Abstract. At a portion cited by the Office Action, Walsh describes a governance rule for areas of interest (AOI) for an avatar. See id., col. 7, Il. 26-28. Walsh describes a firewall receiving a message (e.g., from an avatar) and applying a governance rule based on the content of the message. See id., col. 7, Il. 29-32. Walsh states that, in some examples, “[t]he rule determines that the requested AOI [areas of interest]... . exceeds the permitted size of an AOI [areas of interest] and processes the message to prevent the virtual environment controller from processing the request.” /d., col. 7, Il. 32-35.
But applying a governance rule to prevent a virtual environment controller from processing a request corresponding to an area of interest for an avatar is not the same as “denying, by the firewall implemented by the one or more hardware processors, the device from downloading the first set of personal identifiable information from the memory that is associated with the download request based at least in part on the data size of the first set of personal identifiable information exceeding the predefined data size threshold,” as recited in independent claim 2 (emphasis added). Moreover, even if Walsh could be construed as teaching such features of independent claim 2—which Applicant does not concede—it would not be obvious to combine the teachings of Walsh with the teachings of Modzelewski or Ben-Reuven. For example, a person having ordinary skill in the art would not be motivated to combine a virtual environment firewall for an avatar with Modzelewski’s systems, methods, and computer- readable storage media for communicating large amounts of data or Ben-Reuven’s method for allowing members of an organization to share content on a public content site without violating the organization’s security policy. That is, the mere recitation of a “firewall” would not render it obvious to combine the teachings of Walsh with the teachings of Modzelewski or Ben-Reuven.
The examiner respectfully disagrees.
Walsh not only recites “firewall” but Walsh’s firewall implements what Walsh’s is relied upon:
(28) The virtual environment firewall receives the messages and applies a rule associated with AOI requests that governs the size of AOIs in the region 12B. The rule determines that the requested AOI defined by the circle 22B exceeds the permitted size of an AOI and processes the message to prevent the virtual environment controller from processing the request. According to one embodiment of the invention, although the original request is not processed, a request may be modified (hence the original request is denied when the rule determines that the requested information exceeds the permitted size and since the request is already denied no data is downloaded from the memory).
30) The virtual environment firewall 52, upon receiving a message, determines whether the message includes a request that matches criteria specified by one or more respective rules. If so, the virtual environment firewall 52 applies the rules to the request and, if the request does not comply with the rule, the virtual environment firewall 52 processes the message to prevent the request from being processed by the virtual environment controller 50
36) The messaging module 54 then contacts the virtual environment firewall 52 for each request matching a criterion, so that the respective governance rules can be applied to the request. Alternately, the virtual environment firewall 52 can query a rules database to identify governance rules that are relevant for the type of request. The virtual environment firewall 52 can query the rules database upon initiation of the virtual environment firewall 52, or on a periodic basis, to obtain all governance rules associated with all request types. In an alternate embodiment, as each request is processed, the virtual environment firewall 52 can query the rules database based on the request type of the request. It is determined whether the request matches any criteria identified by any rule (step 202).  

Applicant fails to consider the teachings of Walsh. Walsh mentions that firewall queries the rules database for each request and implements the rules for each request, including a request for obtaining (downloading) data from the memory. The original request is denied when the rule determines that the requested information exceeds the permitted size of the data/information and Since the request is already denied no data is obtained/downloaded from the memory.
Applicant fails to consider that Walsh’s firewall control access to the device including memory using the rules.
Applicant fails to consider that Walsh reference is not relied upon for PII.
Applicant fails to consider that what is claimed is “a download request”, which does not mention where the download information/data will ever be sent to.  Applicant fails to consider that the download never happens in the claimed subject matter.
The denying step merely denies the request when the data size rule is satisfied regarding the data/information associated with the request, which is exactly what Walsh teaches as disclosed above.
 
Contrary to Applicant’s mentioning of, That is, the mere recitation of a “firewall”; Walsh discloses not only the relied upon “denying” but substantial limitations of the claim. Hence, Walsh discloses overlapped limitations of the claim.

What is claimed is mere receiving a request …; mere applying by the firewall a data size rule …; mere denying by the firewall … based on the data size rule using predefined data size threshold.  Contrary to Applicant’s assertions, Walsh teaches this. The data/information is not patentable. 
Applicant relies on irrelevant, an area of interest for an avatar, etc. which would not overcome the rejections. 
It is the data size rule that the Walsh’s firewall applies and prevents/denies the request when the data/information if more than the threshold.
The claim is so broad that nothing happens even if the data size of the information is smaller than the threshold. The download of the information is never intended or accomplished, as there is no place where the download can be done in the claim, nor the “download” request is different than any other message (the request is never meant to be fulfilled for downloading the data/information).
Applicant failed to consider that firewall configured to control access to the memory limitations contains “configured to”, which is not limited a method step that actually controlling access to the memory.
Whether it is PII or AOI it is still data/information and the data size rule is applicable to both being data/information. Otherwise, one can replace PII of the claim with some other data/information and would get a patent in future over the claimed invention.

Modzelewski-Dropbox discloses limitations of claims 2, 10, and 18, a system, comprising: a memory comprising instructions; and one or more hardware processors, wherein the instructions, when executed by the one or more hardware processors, cause the one or more hardware processors to: a computer-implemented method comprising: a non-transitory machine-readable storage medium including instructions that, when executed by one or more hardware processors, causes the one or more hardware processors to: receiving, by a hardware processor, a download request (upload/retrieve content, para 19) from a device (a request to obtain data from a data block stored at an online storage provider/system/server/memory, para 40, note: since the data is obtained it implies that the data is downloaded at the device, which is coming from the data block storage) requesting to download a first set of information stored in a memory (obtaining data from a data block stored at an online storage provider/system/server/memory, para 40-43) protected by a firewall configured to control access to the memory; 

    PNG
    media_image1.png
    669
    459
    media_image1.png
    Greyscale

applying, by a software implemented by the hardware processor (the software of the system/server, para 40-43), a data size limit rule that limits a data size of the first set of information (implements a rule that limits the data size along with a threshold for the data of the data block, para 40-43) requested by the download request to be no larger than a predefined data size threshold (the requested data of the data block is not larger than the data size threshold, para 40-43); 

    PNG
    media_image2.png
    369
    454
    media_image2.png
    Greyscale


    PNG
    media_image3.png
    327
    545
    media_image3.png
    Greyscale

not allowing, by the firewall implemented by the hardware processor, the device from downloading the first set of information from the memory that is associated with the download request (figure 4A showing memory(ies) that is/are associated with the request that is made for accessing information/data) based on the data size size threshold (“without transferring the actual data” / not allowing the device to obtain the data from the data block when the data from the data block is above data size threshold). Modzelewski-Dropbox do not specifically mention about firewall. Ben-Reuven discloses firewall, para 73, firewall with storage with data, to not allow content for the request. One of ordinary skilled in the art, would readily know what a firewall is, which has been well-known in the art for more than a decade and used around the world. In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to include firewall and also one of ordinary skill in the art would have been motivated to do so because it could provide restriction for access of data. Certain data would be precluded from access. This would enable specifying and not allowing access to the certain data by specified entities, by utilizing the well-known firewall.
Modzelewski-Dropbox also discloses that the information can be personal identifiable information (user information, para 20). Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to implement these limitations and also one of ordinary skill in the art would have been motivated to do so because it could provide restriction for access of data. Certain data would be precluded from access. This would enable specifying and not allowing access to the certain data such as user information by specified entities, para 20. 
Modzelewski-Dropbox and Ben-Reuven do not specifically mention about, denying. “Official Notice” is taken that Denying is well-known and expected in the art. For example, Walsh, 8,424,075 (2013) implements, well-known denying, col., 7, line 35. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the effective filing date of the claimed invention to modify the invention disclosed by Modzelewski-Dropbox to include denying and also one of ordinary skill in the art would have been motivated to do so because it could provide indication that the request is not carried out. Upon indication of denial of the request the user can resubmit the request and/or the user can modify the request to access the information, col., 7, lines 20-22.

 

Conclusion
One of ordinary skilled in the art would readily know what a firewall is. A firewall to deny a request is well-known in the art. Please see above cited reference Walsh for the denying.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571) 272-3973.  The examiner can normally be reached on Monday-Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado, can be reached at (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HARESH N PATEL/Primary Examiner, Art Unit 2496