EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with applicants’ representative, TEDDIE C. HSU, on 01/06/2021.

The application has been amended as follows: 

1.	(Currently Amended)	A method, comprising:
in a first large distributed data store (DDS), defining a domain for a subset of the first large DDS, wherein the domain is used 
wherein the domain is defined as a unit comprising a logical subset of the first large DDS including documents, files, directories, and collections distributed in multiple systems and databases of the first large DDS;
creating a logical diagram of the logical subset;
associating a tag with the domain, the tag indicating that the domain has data pertaining to a particular region, or language, organization or sub-organization such as a department;
establishing one or more security policies for the logical subset  a first sensitive data type of the sensitive data;
assigning an encryption key to  a second sensitive data type of the sensitive data;

securing the logical subset 
applying the one or more security policies consistently across the heterogeneous data stores of the domain; 
creating a copy of the  domain in a second large DDS; and
transferring data and the metadata of the domain to a corresponding location of  domain in the second large DDS.
2.	(Canceled)	
3.	(Previously Presented)	The method as recited in claim 1, wherein the one or more security policies include one of a backup and restore policy, an access policy, a data maintenance policy, a public availability policy, a privacy policy, a copying policy, a subdomain creation policy, a searching policy, a masking policy, a quarantining policy, or an encryption policy.
4.	(Previously Presented)	The method as recited in claim 1,
wherein the one or more security policies govern operations allowable on the domain according to  the  one  or  more  security policies including copying the domain as one unit within the large DDS, copying the domain as another unit to a different DDS, copying the domain with masking, copying the domain with encryption, searching for sensitive data, masking, quarantining, encrypting, making at least part of the domain publicly available, making at least part of the domain read-only, and deleting data elements.
5-7.	(Canceled)	
8.	(Previously Presented)	The method as recited in claim 1,

9.	(Previously Presented)	The method as recited in claim 8,
wherein each department and each corresponding domain has a respective security requirement, a respective access control, and at least one respective security policy for the corresponding domain.
10.	(Previously Presented)	The method as recited in claim 1,
wherein establishing a security protocol further includes assigning an access key or the encryption key to the data domain, determining an expiration period for a key, determining a key strength, or determining a key type.
11.	(Previously Presented)	The method as recited in claim 1, further comprising creating a rule to  govern  which  of  the one  or  more security policies apply to a domain when a data entity belongs to multiple domains; and storing the rule with the metadata.
12.	(Currently Amended)	A system, comprising:
a distributed network of computing hardware and tangible nonvolatile data storage media comprising a first large distributed data store (DDS);
a controller for defining a domain within the first large DDS and for operating on the domain, the domain comprising heterogeneous data stores 
an agent for interacting with clusters of the first large DDS;
a user interface for accessing and using the first large DDS through the controller
wherein the domain is defined for a subset of the first large DDS, wherein the domain is used for defining policies to detect and treat sensitive data in the subset;
wherein the domain is defined as a unit comprising a logical subset of the first large DDS including documents, files, directories, and collections distributed in multiple systems and databases of the first large DDS;

wherein the user interface allows a user to associate a tag with the domain, the tag indicating that the domain has data pertaining to a particular region, or language, organization or sub-organization such as a department;
wherein the controller applies one or more security policies to the logical subset a first sensitive data type of the sensitive data;
wherein the controller assigns an encryption key to  a second sensitive data type of the sensitive data;
a repository for storing the one or more security policies, the logical diagram, and the encryption key as metadata;
wherein the agent secures the logical subset 
wherein the controller applies the one or more security policies consistently across the heterogeneous data stores of the domain;
wherein the controller creates a copy of the  domain in a second large DDS; and
wherein the controller transfers data and the metadata of the domain to a corresponding location of  domain in the second large DDS.
13-14.	(Canceled)	
15.	(Previously Presented)	The system of claim 12, wherein the one or more security policies include a policy for each of sensitive data discovery, masking, quarantining, encrypting, backing-up and restoring data, creating subdomains, and copying domains.
16.	(Previously Presented)	The system of claim 12, wherein the user interface allows the	user to perform searching, masking, encryption, and quarantining on one or more domains,  to 
17.	(Canceled)	
18.	(Previously Presented)	The system of claim 12, further
comprising a dashboard for displaying an aggregate of information from one of the metadata, a sensitive data scan, a masking operation, a quarantining operation, an encryption operation, or a history of operations on a domain.
19.	(Original)	The system of claim 18, wherein the dashboard displays the information filtered for specific domains and subdomains.
20.	(Original)	The system of claim 19, wherein the dashboard uses tags to display partitioned data or filtered data.
21.	(Previously Presented)	The method as recited in claim 1, wherein the heterogeneous data stores comprise at least one of a cloud storage bucket, a relational database, or a directory within a file system.
22.	(Previously Presented)	The system of claim 12, wherein the heterogeneous data stores comprise at least one of a cloud storage bucket, a relational database, or a directory within a file system.

Reason For Allowance
The following is an examiner’s statement of reasons for allowance: 
Prior arts of record do not render obvious, nor anticipate that data and metadata of a domain is transferred to a corresponding location of a created copy of the domain in a second large DDS, wherein metadata includes one or more security policies, logical diagram, and an .

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUNG Q. PHAM whose telephone number is (571)272-4040.  The examiner can normally be reached on Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mariela D. Reyes can be reached on 571-270-1006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-


HUNG Q. PHAM
Primary Examiner
Art Unit 2159



/HUNG Q PHAM/Primary Examiner, Art Unit 2159                                                                                                                                                                                                        January 7, 2021