DETAILED ACTION


1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending.  Claims 1, 9 and 16 are independent.  

3.	The IDS’es submitted on 7/22/2020, 8/17/2020 and 1/29/2021 have been considered.

Claim Objections
4.	Claim 9 is objected to because of a typographical error.  The claim recites “receiving, by the first routing platform device, communication data that is to be routed from a source device to a destination device via the first routing platform device, wherein the communications data corresponds to tag data based on a correlation of information related to the communication data” (emphasis added).  Examiner recommends replacing “the communications data” with “the communication data” for consistency.

Appropriate correction is required.





Claim Rejections - 35 USC § 112
5.	The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

6.	Claims 9-15 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement.  Claim 9 contains subject matter “the communications data corresponds to tag data based on a correlation of information related to the communication data” which was not described in the specification in such a way as to enable one skilled in the art to which it pertains, or with which it is most nearly connected, to make and/or use the invention.  Accordingly, dependent claims 10-15 are also rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, based on their dependency of the rejected claim 9.











7.	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


8.	Claims 9-15 are also rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.  Claim 9 recites “the communications data corresponds to tag data based on a correlation of information related to the communication data”.  It is unclear whether “the communications data corresponds to tag data” means that “the communication data” is actually “tag data” or “the communication data” is just associated with “tag data”.  Accordingly, dependent claims 10-15 are also rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, based on their dependency of the rejected claim 9.







Claim Rejections - 35 USC § 103
9.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

10.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

11.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Lang (US PG Pub. 2015/0269383) in view of Stamos (US Patent 8,990,392).
	As regarding claim 1, Lang discloses A system, comprising: 
a processor [para. 0227-0228]; and 
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations [para. 0227-0228], comprising: 
receiving communication data that is to be routed from a source device to a destination device via a routing platform device device [para. 0662-0665;"distributed trustworthiness notification framework propagates trustworthiness notifications between all CMP-PDPs that protect processes/systems/applications that are potentially communicating with each other"]; 
in response to the receiving of the communication data, determining tag data associated with the communication data based on a correlation of information related to the communication data [para. 0328, 0323, and 0662-0665; "interactions defined in the functional system description (CMP-FDS) can be correlated with information from user login rights on various nodes, and with attributes associated with users"; "Trustworthiness attributes are tagged to information sent (interactions 3410 and 3415), so that it arrives together with the information at the recipient and can be directly used for access control policy enforcement"], wherein the tag data classifies at least one of the source device, the destination device, or a user identity associated with at least one of the source device or the destination device [para. 0662-0665 and 0757; "Numerous policies can be implemented similar to privilege delegation policies, such as: use the initiator's trustworthiness level; use the average of the trustworthiness levels of all nodes on the multihop path; use the lowest of the trustworthiness levels of all nodes on the multi-hop path; etc"; "security classification label of the accessed resource"]; 
determining policy data for source devices, destination devices, and user identities that are tagged with the tag data, the policy data defining an access control policy that is associated with at least one of prohibiting or allowing, according to specified parameters of the access control policy, a transmission of the communication data from the source device to the destination device [para. 0064 and 0662-0665 and 0671; "access control policy enforcement"; matching rule; "Access enforcement: Block information flows to and from compromised applications based on access policies and trustworthiness attributes"]; and 
facilitating an application of the access control policy [para. 0313].
Lang does not explicitly disclose that the access control policy is applied at least based on a portion of domain name data associated with at least one of the source device or the destination device.  However, Stamos discloses it [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; access policy applied based on domain name].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Lang’s system to further comprise the missing limitation, as disclosed by Stamos, being discussed above in order to provide appropriate access control policy based on a desired level of security associated with a domain being accessed [col. 3 lines 22-52].

As regarding claim 2, Lang further discloses The system of claim 1, wherein the determining of the policy data for source devices, destination devices, and user identities that are tagged with the tag data is performed dynamically after the receiving of communication data that is to be routed from the source device to the destination device [para. 0064 and 0662-0665 and 0671; "access control policy enforcement"; matching rule; "Access enforcement: Block information flows to and from compromised applications based on access policies and trustworthiness attributes"].  

As regarding claim 3, Lang further discloses The system of claim 1, wherein the operations further comprise: receiving a command expressed in a natural language form; and processing the command to identify the tag data [para. 0078 and 0288].  

As regarding claim 4, Lang further discloses The system of claim 1, wherein the tag data comprises criteria data that identifies a level of relevance for the tag as applied to at least one of the source device, the destination device, or the user identity associated with at least one of the source device or the destination device [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; “a higher trust TLD can have associated with it one or more policy regimes that define a set of requirements with which any site in that TLD must comply”].  

As regarding claim 5, Lang further discloses The system of claim 1, wherein the tag data comprises a first tag that is assigned to at least one of the source device, the destination device, or the user identity associated with at least one of the source device or the destination device, and a second tag that is assigned to the same at least one of the source device, the destination device, or the user identity associated with at least one of the source device or the destination device as the first tag [para. 0328, 0323, and 0662-0665; "Trustworthiness attributes are tagged to information sent (interactions 3410 and 3415), so that it arrives together with the information at the recipient and can be directly used for access control policy enforcement"].  

As regarding claim 6, Lang further discloses The system of claim 1, wherein the operations further comprise: obtaining configuration data that defines at least one of the tag data or the policy data from a first shared network data store of a communication network coupled to the routing platform device, wherein the routing platform device comprises a first routing platform device of a first local area network and wherein the determining of the tag data comprises determining the tag data based on shared data stored in a second shared network data store accessible to a second routing platform device of a second local area network, and wherein the shared data is determined based on at least one of open-source data or proprietary data published by one or more user devices [para. 0804, 0869 and 0952].   

As regarding claim 7, Lang further discloses The system of claim 1, wherein the operations further comprise: obtaining configuration data that defines at least one of the tag data or the policy data from a first shared network data store of a communication network coupled to the routing platform device, wherein the routing platform device is a first routing platform device of a first local area network, and wherein the operations further comprise: in response to determining that at least a portion of the configuration data has been assigned a label assigned with shared data, directing at least the portion of the configuration data to a second shared network data store that is accessible to second routing platform devices of second local area networks that are able to utilize at least the portion of the configuration data to implement access control [para. 0804, 0869 and 0952].

As regarding claim 8, Lang further discloses The system of claim 1, wherein the correlation of the information comprises application of a match function based on analyzing at least one of a domain name service server resource record, a tag, or relative criteria data associated with at least one of the source device, the destination device, or the communication data [para. 0328, 0323, and 0662-0665; "interactions defined in the functional system description (CMP-FDS) can be correlated with information from user login rights on various nodes, and with attributes associated with users"]. 

As regarding claim 9, Lang discloses A method, comprising: 
determining, by a first routing platform device of a first local area network, configuration data that is employable to configure the first routing platform device to facilitate routing of communication data between network devices, of one or more communication networks, that are coupled to the first routing platform device [para. 0328, 0323, and 0662-0665; "interactions defined in the functional system description (CMP-FDS) can be correlated with information from user login rights on various nodes, and with attributes associated with users"; "Trustworthiness attributes are tagged to information sent (interactions 3410 and 3415), so that it arrives together with the information at the recipient and can be directly used for access control policy enforcement"], wherein the first routing platform device comprises a processor [para. 0227-0228]; 
receiving, by the first routing platform device, communication data that is to be routed from a source device to a destination device via the first routing platform device [para. 0662-0665;"distributed trustworthiness notification framework propagates trustworthiness notifications between all CMP-PDPs that protect processes/systems/applications that are potentially communicating with each other"], wherein the communications data corresponds to tag data based on a correlation of information related to the communication data [para. 0328, 0323, and 0662-0665; "interactions defined in the functional system description (CMP-FDS) can be correlated with information from user login rights on various nodes, and with attributes associated with users"; "Trustworthiness attributes are tagged to information sent (interactions 3410 and 3415), so that it arrives together with the information at the recipient and can be directly used for access control policy enforcement"], wherein the tag data classifies at least one of the source device, the destination device, or a user identity associated with at least one of the source device or the destination device [para. 0662-0665 and 0757; "Numerous policies can be implemented similar to privilege delegation policies, such as: use the initiator's trustworthiness level; use the average of the trustworthiness levels of all nodes on the multihop path; use the lowest of the trustworthiness levels of all nodes on the multi-hop path; etc"; "security classification label of the accessed resource"]; 
determining, by the first routing platform device, policy data from the tag data that is indicative of an access control policy that is associated with at least one of denying or allowing a transmission of the communication data, and wherein the determining comprises obtaining, via an interface, a first portion of the configuration data [para. 0662-0665 and 0671; "access control policy enforcement"; matching rule; "Access enforcement: Block information flows to and from compromised applications based on access policies and trustworthiness attributes"]; and 
facilitating, by the first routing platform device, an application of the access control policy [para. 0313]. 
Lang does not explicitly disclose that the access control policy is derived from a portion of domain name data associated with at least one of the source device or the destination device.  However, Stamos discloses it [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; obtaining access policy based on domain name].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Lang’s system to further comprise the missing limitation, as disclosed by Stamos, being discussed above in order to provide appropriate access control policy based on a desired level of security associated with a domain being accessed [col. 3 lines 22-52].

As regarding claim 10, Stamos further discloses The method of claim 9, wherein the determining of the policy data comprises: identifying, by the first routing platform device, a match between the tag data and at least part of a domain name service resource record of at least one of the network devices [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; obtaining access policy based on domain name].  

As regarding claim 11, Stamos further discloses The method of claim 10, wherein the match comprises a full match between the tag data and at least the part of the domain name service resource record [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; obtaining access policy based on domain name].  

As regarding claim 12, Lang further discloses The method of claim 10, wherein the match comprises a partial match between the tag data and at least the part of the domain name service resource record [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; obtaining access policy based on domain name].  

As regarding claim 13, Stamos further discloses The method of claim 10, further comprising: storing, by the first routing platform device, an identification of the match in a tag table that is accessed while performing the determining of the policy data [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; obtaining access policy based on domain name].  

As regarding claim 14, Lang further discloses The method of claim 9, further comprising: facilitating, by the first routing platform device, a transfer of the configuration data to a network data store of the one or more communication networks, wherein the configuration data is employable by the second routing platform device of the second local area network to facilitate access control [para. 0804 and 0869].  

As regarding claim 15, Lang further discloses The method of claim 9, wherein the determining of the configuration data comprises importing the configuration data from a network data store associated with one communication network of the one or more communication networks [para. 0952; importing rules].  

As regarding claim 16, Lang discloses A non-transitory machine-readable medium, comprising executable instructions that, when executed by a processor, facilitate performance of operations, comprising: 
determining tag data associated with communication data based on a correlation related to the communication data, wherein the tag data comprises a set of tags employable to classify a source device, a destination device, and a user identity associated with at least one of the source device or the destination device [para. 0328, 0323, and 0662-0665; "interactions defined in the functional system description (CMP-FDS) can be correlated with information from user login rights on various nodes, and with attributes associated with users"; "Trustworthiness attributes are tagged to information sent (interactions 3410 and 3415), so that it arrives together with the information at the recipient and can be directly used for access control policy enforcement"]; 
correlating the tag data to determine policy data indicative of an access control policy that is associated with at least one of preventing or allowing a transmission of the communication data from the source device to the destination device [para. 0064 and 0662-0665 and 0671; "access control policy enforcement"; matching rule; "Access enforcement: Block information flows to and from compromised applications based on access policies and trustworthiness attributes"]; and 
facilitating an application of the access control policy [para. 0313]. 
Lang does not explicitly disclose that the access control policy is derived from a portion of domain name data associated with at least one of the source device or the destination device.  However, Stamos discloses it [col. 3 lines 22-52, col. 4 line 49 thru col. 5 line 4, and col. 6 lines 15-30; obtaining access policy based on domain name].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Lang’s system to further comprise the missing limitation, as disclosed by Stamos, being discussed above in order to provide appropriate access control policy based on a desired level of security associated with a domain being accessed [col. 3 lines 22-52].

As regarding claim 17, Lang further discloses The non-transitory machine-readable medium of claim 16, wherein the operations further comprise: detecting updates to address data comprising one or more of source addresses or destination addresses of the policy data [para. 0312, 0371, 1246 and 1248].  
As regarding claim 18, Lang further discloses The non-transitory machine-readable medium of claim 16, wherein the receiving of the second portion of the configuration data comprises: receiving the second portion via an interface operable to receive text instructions representative of a search instruction or the command [para. 0045 and 0585].  

As regarding claim 19, Lang further discloses The non-transitory machine-readable medium of claim 16, wherein the receiving of the second portion of the configuration data comprises: receiving the second portion via an audio interface operable to receive voice instructions [para. 0234].  

As regarding claim 20, Lang further discloses The non-transitory machine-readable medium of claim 16, wherein the receiving of the second portion of the configuration data comprises: receiving the second portion via a video interface operable to receive images from which an instruction is determined based on image processing of the images [para. 1238; interaction via facial recognition].





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433