DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 01/10/21.  Claims 1-20 are still pending and have been considered below.

Claim Rejections - 35 USC § 112
The amendments and/or arguments submitted by Applicants have been considered and are persuasive; thus, the previous claim rejection(s) have been withdrawn.

Claim Rejections - 35 USC § 102
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim(s) 1-6, 8-14 and 16-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Ramesh et al. (2015/0026462).
Claim 1:  Ramesh et al. discloses a method comprising:
identifying a subset of fields that contain sensitive information(discovering elements of the file which are sensitive) [page 2, paragraph 0017] within a message based on a type of cloud service to be performed on data within the message(sensitive items identified by type, class or category based on each business’s requirement(s)) [page 1, paragraphs 0006-0007 | page 2, paragraphs 0019-0020];
encrypting values stored within the subset of fields while leaving values in remaining fields of the message intact to generate a partially encrypted message(only encrypting the sensitive elements in an entity such as a file or a table and leaving the non-sensitive elements in the clear) [page 2, paragraph 0016]; and
transmitting the partially encrypted message to a computing system of the service(crypto agent may work over a network with big data store) [page 3, paragraphs 0037-0038 | figure 4].
Claim 2:  Ramesh et al. discloses the method of claim 1, wherein the identifying comprises identifying the subset of fields based on predefined regulator expressions matched to messages of the type of cloud service to be performed [page 2, paragraphs 0014 & 0020-0021].
Claim 3:  Ramesh et al. discloses the method of claim 1, wherein the identifying comprises identifying different subsets of fields within the message for different respective types of cloud services to be performed on the data [page 2, paragraphs 0014 & 0020-0021].
Claim 4:  Ramesh et al. discloses the method of claim 1, wherein the encrypting comprises encrypting text within a sensitive field while leaving an identifier of the sensitive field within the message intact [page 2, paragraphs 0018-0019].
Claim 5:  Ramesh et al. discloses the method of claim 1, wherein the encrypting comprises identifying a format of a sensitive field within the message and encrypting a value of the sensitive field with a format preserving encryption to create a format-preserving replacement value [page 2, paragraph 0016 & 0018].
Claim 6:  Ramesh et al. discloses the method of claim 1, wherein the encrypting comprises identifying the type of cloud service to be performed on the data from among a plurality of cloud services, and selecting an encryption key based on the type of cloud service to be performed [page 3, paragraph 0030 | page 1, paragraphs 0003-0004].
Claim 8:  Ramesh et al. discloses the method of claim 1, wherein the transmitting comprises transmitting a partially encrypted hypertext transfer protocol (HTTP) message to a cloud service provider [page 3, paragraphs 0037-0038 | figure 4].
Claim 9:  Ramesh et al. discloses an apparatus, comprising: a processor configured to:
identify a subset of fields that contain sensitive information [page 2, paragraph 0017] within a message based on a type of cloud service to be performed on data within the message [page 1, paragraphs 0006-0007 | page 2, paragraphs 0019-0020];
encrypt values stored within the subset of fields while values in fields of the message that remain are left intact to generate a partially encrypted message [page 2, paragraph 0016]; and
transmit the partially encrypted message to a computing system of the service [page 3, paragraphs 0037-0038 | figure 4].
Claim 10:  Ramesh et al. discloses the apparatus of claim 9, wherein the processor is configured to identify predefined regulator expressions matched to messages of the type of cloud service to be performed when the subset of fields is identified [page 2, paragraphs 0014 & 0020-0021].
Claim 11:  Ramesh et al. discloses the apparatus of claim 9, wherein the processor is configured to identify different subsets of fields within the message for different respective types of cloud services to be performed on the data when the subset of fields is identified [page 2, paragraphs 0014 & 0020-0021].
Claim 12:  Ramesh et al. discloses the apparatus of claim 9, wherein the processor is configured to encrypt text within a sensitive field while leaving an identifier of the sensitive field within the message intact when the values are encrypted [page 2, paragraphs 0018-0019].
Claim 13:  Ramesh et al. discloses the apparatus of claim 9, wherein the processor is configured to identify a format of a sensitive field within the message and encrypt a value of the sensitive 
Claim 14:  Ramesh et al. discloses the apparatus of claim 9, wherein the processor is configured to identify the type of cloud service to be performed on the data from among a plurality of cloud services, and select an encryption key based on the type of cloud service to be performed when the values are encrypted [page 3, paragraph 0030 | page 1, paragraphs 0003-0004].
Claim 16:  Ramesh et al. discloses the apparatus of claim 9, wherein the processor is configured to transmit a partially encrypted hypertext transfer protocol (HTTP) message to a cloud service provider when the partially encrypted message is transmitted [page 3, paragraphs 0037-0038 | figure 4].
Claim 17:  Ramesh et al. discloses a non-transitory computer readable storage medium configured to store at least one instruction that when executed by a processor causes the processor to perform:
identifying a subset of fields that contain sensitive information [page 2, paragraph 0017] within a message based on a type of cloud service to be performed on data within the message [page 1, paragraphs 0006-0007 | page 2, paragraphs 0019-0020];
encrypting values stored within the subset of fields while leaving values in remaining fields of the message intact to generate a partially encrypted message [page 2, paragraph 0016]; and
transmitting the partially encrypted message to a computing system of the service [page 3, paragraphs 0037-0038 | figure 4].
Claim 18:  Ramesh et al. discloses the non-transitory computer readable storage medium of claim 17, wherein the identifying comprises identifying the subset of fields based on predefined 
Claim 19:  Ramesh et al. discloses the non-transitory computer readable storage medium of claim 17, wherein the identifying comprises identifying different subsets of fields within the message for different respective types of cloud services to be performed on the data [page 2, paragraphs 0014 & 0020-0021].
Claim 20:  Ramesh et al. discloses the non-transitory computer readable storage medium of claim 17, wherein the encrypting comprises encrypting text within a sensitive field while leaving an identifier of the sensitive field within the message intact [page 2, paragraphs 0018-0019].

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claim(s) 7 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ramesh et al. (2015/0026462) in view of Schuette et al. (2014/0059355).
Claim 7:  Ramesh et al. discloses the method of claim 1, but does not explicitly disclose further comprising inserting an identifier of an encryption key used to perform the encrypting into an unused field of the message.
However, Schuette et al. discloses a similar invention [page 2, paragraph 0020] and further discloses encrypting values of one or more sensitive fields within a message based on an encryption key [page 3, paragraph 0028]; and inserting an identifier of an encryption key used to perform the encrypting into an unused field of the message [page 3, paragraph 0030].
Ramesh et al. with the additional features of Schuette et al., in order to both comply with any applicable data privacy laws and reassure customers of data privacy and security, as suggested by Schuette et al. [page 1, paragraph 0001].
Claim 15:  Ramesh et al. discloses the apparatus of claim 9, but does not explicitly disclose wherein the processor is configured to insert an identifier of an encryption key used to perform the encryption into an unused field of the message.
However, Schuette et al. discloses a similar invention [page 2, paragraph 0020] and further discloses encrypting values of one or more sensitive fields within a message based on an encryption key [page 3, paragraph 0028]; and wherein the processor is configured to insert an identifier of an encryption key used to perform the encryption into an unused field of the message [page 3, paragraph 0030].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Ramesh et al. with the additional features of Schuette et al., in order to both comply with any applicable data privacy laws and reassure customers of data privacy and security, as suggested by Schuette et al. [page 1, paragraph 0001].

Double Patenting
Applicants request to hold the double patenting rejection(s) in abeyance until there is an indication of allowable subject matter has been acknowledge; accordingly, Examiner maintains the previous double patenting rejection(s) in the interim and will revisit the rejection(s) at that point in time.
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the 
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of U.S. Patent No. 10,333,902 in view of Ramesh et al. (2015/0026462).
Although the claims at issue are not identical, they are not patentably distinct from each other because both invention are directed to a substantially similar technique of data sanitization, which specifically identifies and encrypts sensitive portions of a message while leaving the remaining portions intact/unchanged; and only differing in that the instant claims identify and/or encrypt the sensitive information based on a type of cloud service to be performed.
However, Ramesh et al. discloses a similar invention and goes on to disclose identifying and/or encrypting the sensitive information based on a type of cloud service to be performed, as already discussed in more detail above.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the instant claims with the additional features of Ramesh et al., in order to take advantage of greater processing capabilities of a cloud service while also ensuring each enterprise’s sensitive data remains protected, as suggested by Ramesh et al..
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,523,638 in view of Ramesh et al. (2015/0026462).
Although the claims at issue are not identical, they are not patentably distinct from each other because both invention are directed to a substantially similar technique of data sanitization, which specifically identifies and encrypts sensitive portions of a message while leaving the remaining portions intact/unchanged; and only differing in that the instant claims identify and/or encrypt the sensitive information based on a type of cloud service to be performed.
However, Ramesh et al. discloses a similar invention and goes on to disclose identifying and/or encrypting the sensitive information based on a type of cloud service to be performed, as already discussed in more detail above.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the instant claims with the additional features of Ramesh et al., in order to take advantage of greater processing capabilities of a cloud service while also ensuring each enterprise’s sensitive data remains protected, as suggested by Ramesh et al. [page 1, paragraphs 0004-0006]; thus, arriving at claims which are not patentably distinct from the patented claims and properly rejected on the grounds of nonstatutory double patenting.

Response to Arguments
Applicant's arguments filed 01/10/21 have been fully considered but they are not persuasive.
First, Applicant argues that the prior art of record does not disclose “identifying a subset of fields that contain sensitive information within a message based on a type of cloud service to be performed on data within the message”, as claimed; in particular, Applicant appears to contend that Ramesh et al. is completely silent with respect to performing a cloud service on data within the message altogether.
Initially, Examiner notes that Ramesh et al. is directed to a technique for discovering and masking sensitive data found in file(s) residing in distributed data stores [page 1, paragraph 0003] dependent upon if a business use case requires it, and is further described in various U.S. patent applications which have been incorporated by reference [page 1, paragraphs 0006-0007]; particularly, U.S. patent application Ser. No. 14/216,840 is cited and will be discussed in view of its pre-grant publication US 2014/0304243 A1 (‘243 reference).
Amongst other things, the ‘243 reference clarifies that the distributed data stores manage data for multiple domains [page 1, paragraph 0015] where one or more security and/or sensitive data policies can be created and attached to each domain for managing the respective data [page 3, paragraph 0027], the each of the policies identifying different requirements for protecting different sensitive data types [page 2, paragraphs 0020-0022].
Therefore, Examiner respectfully disagrees and submits that the prior art of record does in fact disclose the allegedly deficient features as Ramesh et al. appears to reasonably suggest identifying a subset of fields that contain sensitive information within a message(finding specific type of sensitive data to protect) based on a type of cloud service to be performed on data within the message(treating the discovered sensitive data in accordance with the user defined policies).
Second, Applicant argues that the prior art of record does not disclose “wherein the identifying comprises identifying different subsets of fields within the message for different Ramesh et al. is completely silent with respect to identifying different subsets of fields for different respective types of cloud services to be performed.
Examiner notes that as already discussed above, the ‘243 reference teaches that different polices can be used to control exactly how different types of sensitive data are treated once found [page 2, paragraph 0021].
Therefore, Examiner respectfully disagrees and submits that the prior art of record does in fact disclose the allegedly deficient features as Ramesh et al. appears to reasonably suggest identifying different subsets of fields within the message(discovering different types of sensitive data to protect) for different respective types of cloud services to be performed on the data(different respective policies control exactly how each type of sensitive data is to be treated once found, where the treatment to be applied to the discovered sensitive data can be different for each type of sensitive data).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686.  The examiner can normally be reached on Monday-Friday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/EDWARD ZEE/Primary Examiner, Art Unit 2435