Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
Claims 1-12, 19-20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “a disarm and reconstruction unit” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Paragraph [0034] of Applicant’s specification describes the disarm and reconstruction unit but does not disclose structure, material or acts performing the function to link structure to the function (i.e. there is no hardware or software elements specifically mentioned). Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-3, 5-10, 12-16, 18-20 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Shavro (US 11,030,318)


Regarding Claim 1,

Shavro (US 11,030,318) teaches a system for protecting a computer network, the system comprising: 
a disarm and reconstruction unit configured to receive from an access broker a terminated client request (Fig. 2, 200, 202, parse a request and detect a potential vulnerability), 
disarm the client request, and reconstruct the client request to produce a disarmed request, wherein the access broker sends the disarmed request to the application (Fig. 2, 204, 208, alter the request and reconstruct the service request).

Regarding Claim 2,

Shavro teaches the system of claim 1 wherein the disarm and reconstruction unit is configured to deconstruct the request into components, determine one or more permitted and non-permitted component, remove the non-permitted component, and reconstruct the request using the permitted component (Col. 10, lines 29-31, 43-45, teaches tags designated as safe (i.e. permitted components) and blacklist of unsafe HTML elements (i.e. non-permitted)) .

Regarding Claim 3,

Shavro teaches the system of claim 2 wherein the disarm and reconstruction unit determines one or more of a permitted component and a non-permitted component by comparing the component to a list (Col. 10, lines 43-45, a blacklist of unsafe HTML elements (i.e. non-permitted)) .



Regarding Claim 5,

 Shavro teaches the system of claim 2 wherein the disarm and reconstruction unit determines one or more of a permitted component and a non-permitted component by applying a validator (Col. 10, lines 29-31,teaches a sanitizer)

Regarding Claim 6,

Shavro teaches the system of claim 2 wherein the components comprise one or more of a header and a value of the header (Col. 7, lines 62-65, “packet header parser”)

Regarding Claim 7,

Shavro teaches the system of claim 6 and further comprising a processor configured to create a permitted component to replace a removed non-permitted component, the permitted component to be used to reconstruct the request (Fig. 2, 204, 208, alter the request and reconstruct the service request).

Regarding Claim 8,

Shavro teaches the system of claim 1 wherein the access broker is located at an application layer of the computer network (Col. 6, lines 39-41, application layer protocol)

Regarding Claim 9,

Shavro teaches the system of claim 1 wherein the access broker is configured to validate the request against a protocol of the application and allow only a validated request to be received at the disarm and reconstruction unit (Col. 10, lines 40-45, teaches validating HTTP parameters) .


Regarding Claim 10,

Shavro teaches the system of claim 1 and further comprising a pipeline unit configured to perform one or more of a) adding context to the request, b) authenticating the reconstructed request, and c) authorizing the reconstructed request (Col. 14, lines 23-26, teaches context based remediation) .


Regarding Claim 12,

Shavro teaches the system of claim 1 wherein the access broker is configured to receive a response from the application and to send the response to the client (Fig. 1, 124, 128, teaches receiving a response and sending it back to the client) 

Regarding Claim 13,

Claim 13 is similar in scope to Claims 1-2 and are rejected for a similar rationale.

Regarding Claims 14-16, 18

Claims 14-16, 18 is similar in scope to Claims 8-10, 12 and are rejected for a similar rationale.

Regarding Claims 19-20,

Claims 19-20 are similar in scope to Claims 1-2 and are rejected for a similar rationale.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shavro in view of Healy (US 2018/0241720)

Regarding Claim 4,

Shavro teaches the system of claim 3 but does not explicitly teach wherein the list is specific to a protocol of the application.
Healy (US 2018/0241720) teaches wherein the list is specific to a protocol of the application (Paragraph [0039-0040])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Shavro with the protocol specific list of Healy and the results would be predictable (i.e. list would be made in a “protocol specific manner”)


Claim(s) 11, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shavro 


Regarding Claim 11,

Shavro teaches system of claim 10 but does not explicitly teach wherein the pipeline unit is configured to log the request to which context was added and which was authenticated and authorized.
The Examiner takes Official Notice that logging request are well known in the art and it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Shavro to log requests and the results would be predictable (i.e. requests would be logged)

Regarding Claim 18,

Claim 18 is similar in scope to Claim 11 and is rejected for a similar rationale.

Conclusion






Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439