DETAILED ACTION
Remarks
The instant application having Application No. 15/214985 filed on July 20, 2016.  After a thorough search and examination of the present application and in light of prior art made of record, claims 9-13, 16-20 and 22-31 are allowed.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
          Authorization for this examiner’s amendment was given in a telephone interview with Attorney, Mr. Timothy B. Scull (Reg. No. 42,137) on February 8, 2021.

Please amend the claims as follows:

 (Canceled) 
2.	(Canceled)  

3.	(Canceled)  

4.	(Canceled)  

5.	(Canceled)  

6.	(Canceled)  



8.	(Canceled)  

9.	(Currently Amended)  A system comprising:
at least one processor; and
a memory operatively connected with the at least one processor storing computer-executable instructions that, when executed by the at least one processor, causes the at least one processor to execute a method that comprises:
	identifying, via a network, files of network data from a plurality of data stores;
	grouping the identified files of network data to generate a grouping of network data based on similarity of the network data;
identifying a data schema in the files of network data in the grouping based on pattern matching of content of the files;
identifying portions of the files that contain the data schema;
determining one or more policy rules that apply to that content of the data schema; 
generating a confidence score for identification of the data schema based on the pattern matching that evaluates content of the position in the identified files of network data;
determining compliance of the content with the one or more policy rules by evaluating the identified portions, while not evaluating at least one other portion; and
in accordance with the evaluation, generating a report of compliance of the files of the grouping of identified files with the one or more policy rules.

10.	(Previously Presented)  The system of claim 9, wherein the memory stores further computer-executable instructions for recursively discovering the network data, wherein the plurality of data stores comprises a plurality of a distributed network, data received at a firewall, data stored on a client computing device, or data from an application executing on the client computing device.

11.	(Previously Presented)  The system of claim 9, wherein the pattern matching comprises scanning at least one file and where the at least one file that is scanned comprises a most recent file in the grouping. 



13.	(Previously Presented)  The system of claim 9, wherein identifying the data schema in the one or more files in the grouping comprises determining the position of the data schema in the one or more files in the grouping. 

14.	(Canceled)  

15.	(Canceled)  

16.	(Previously Presented)  The system of claim 9, wherein the memory stores further computer-executable instructions for executing at least one action to remediate a compliance violation identified in the reporting, each executed action comprises: 
requesting a data owner of a file to remedy the compliance violation; 
scrubbing a file to remedy the one or more compliance violations; or 
deleting a file that includes the compliance violation.

17.	(Currently Amended)  A method comprising:
accessing, by a computing device over one or more networks, a plurality of data stores to identify files of network data to be evaluated for policy compliance;
	grouping, by the computing device, identified files of network data based on one or more file characteristics associated with the network data;
identifying, by the computing device, a data schema associated with the identified files, wherein the identifying further comprises:
determining a position of the data schema in the identified files of network data, and
generating a confidence score for identification of the data schema based on pattern matching that evaluates content of the position in the identified files of network data; 
determining a policy rule that applies to the identified files of network data associated with the data schema; 
scanning only a portion of at least one file in the identified files of network data that ; and
generating a report of compliance with the policy rule for the portion of file data scanned.

18.	(Previously Presented)  The method of claim 17, further comprising recursively discovering the network data, wherein the plurality of data stores comprises a plurality of a distributed network, data received at a firewall, data stored on a client computing device, or data from an application executing on the client computing device.

19.	(Currently amended)  The method of claim 17, further comprising: 

executing at least one action to remediate a violation identified based on the scanning, wherein each action comprises: 
requesting a data owner of a file to remedy the violation; 
scrubbing a file to remedy the violations; or 
deleting a portion of a file that includes the violation.

20.	(Previously Presented)  The method of claim 17, wherein the scanning of the portion of the at least one file comprises: 
scanning the portion of a most recent file; or 
scanning the portion of the at least one file that has a date that exceeds a time period of a retention policy for the policy rule.

21.  	(Canceled)  

22.   	(New)  The method of claim 17, wherein the pattern matching comprises scanning at least one file and wherein the file that is scanned comprises a most recent version of the file. 

23.	(New)  The method of claim 17, wherein the file that is scanned has a date that exceeds a retention policy.

24.	(New)  The method of claim 17, wherein identifying the data schema further comprises determining the position of the data schema in the files of the first group. 

25.  	(New)  The method of claim 17, wherein the act of determining a policy rule that applies to the identified files of network data associated with the data schema is based on the confidence score exceeding a threshold value. 

26. 	(New)  A computer storage media including instructions, which when executed by a processor, cause the processor to:
access, over one or more networks, a plurality of data stores to identify files of network data to be evaluated for policy compliance;
	group identified files of network data based on one or more file characteristics associated with the network data;
identify a data schema associated with the identified files, wherein the identifying further comprises:
determining a position of the data schema in the identified files of network data, and
generating a confidence score for identification of the data schema based on pattern matching that evaluates content of the position in the identified files of network data; 
determine a policy rule that applies to the identified files of network data associated with the data schema; 
scan only a portion of at least one file in the identified files of network data that corresponds with the position of the data schema to determine a violation of the policy rule; and
generate a report of compliance with the policy rule for the portion of file data scanned.

27.	(New)  The computer storage media of claim 26, wherein the instructions, which when executed by the processor, further cause the processor to:
recursively discover the network data, wherein the plurality of data stores comprises a plurality of a distributed network, data received at a firewall, data stored on a client computing device, or data from an application executing on the client computing device.

28. 	(New)  The computer storage media of claim 26, wherein the instructions, which when executed by the processor, further cause the processor to:
execute at least one action to remediate a violation identified based on the scanning, wherein each action comprises: 
requesting a data owner of a file to remedy the violation; 
scrubbing a file to remedy the violations; or 
deleting a portion of a file that includes the violation.

29. 	(New)  The computer storage media of claim 26, wherein the instructions, which when executed by the processor, further cause the processor to:
determine the policy rule that applies to the identified files of network data associated with the data schema based on the confidence score exceeding a threshold value.

30.   	(New)  The computer storage media of claim 26, wherein the pattern matching comprises scanning at least one file and wherein the file that is scanned comprises a most recent version of the file. 

31.	(New)  The computer storage media of claim 26, wherein the instructions wherein the file that is scanned has a date that exceeds a retention policy.

Examiner’s Statement of Reasons for Allowance

Claims 9-13, 16-20 and 22-31 are allowed over the prior art made of record.
The following is an Examiner’s Statement of Reasons for the indication of allowable subject matter:  Claims 9-13, 16-20 and 22-31 are allowable over the prior art of record because the Examiner found neither prior art cited in its entirety, nor based on the prior art, found any motivation to combine any of the said prior arts.  
The prior art of records teaches in the same field of invention.  
Prior art of record Kays et al. (US Patent Publication No. 2005/0005233 A1) discloses a system and method comprising a reporting mechanism for outputting an HMTL and XML document from a collection of hierarchically maintained settings such as group policy object settings or resultant set of policy data. The reporting mechanism provides a substantially complete view of which settings are configured (enabled) in a given group policy object, or a view for a resultant set of policy (that is applied to a given SOM), along with the values of the settings. The markup language format enables viewing a flat representation of the settings, and printing, saving and/or transporting of the settings. XML schemas describe a valid representation of group policy settings, and a valid representation of resultant set of policy.
Prior art of record Kawamura et al. (US Patent Publication No. 2010/0318389 A1) discloses a business flow processing method includes: extracting data of a series of works carried out for each case from a database storing results of the works, generating process instances in which work names of the works carried out are arranged in time series; judging, for each of the process instances, whether or not a backtracking from a first work to a second work carried out prior to the first work occurs; deleting, for each type of backtracking patterns, an additional backtracking from the process instance in which the backtracking occurs; counting, for each process type, the number of process instances after the deletion of the additional backtracking, which belong to the process type; and identifying, based on counting results, a process whose counted number of process instances is equal to or greater than a predetermined reference, and outputting the identified process as a main business flow.
Prior art of record Brandt et al. (US Patent Publication No. 2004/0117624 A1) discloses a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order. The security learning system monitors/learns network traffic patterns during a learning phase, fires alarms or events based upon detected deviations from the learned patterns, and/or causes other automated actions to occur.
Prior art of record Zoppas et al. (US Patent No. 7,996,373 B1) discloses a method and apparatus for scanning structured data from a data repository having an arbitrary data schema and for applying a policy to the data of the data repository are described. In one embodiment, the structured data is converted to unstructured text data to allow a schema-independent policy to be applied to the text data in order to detect a policy violation in the data repository regardless of the data schema used by the data repository.
In contrast to Applicant’s claim 17, the cited references alone or in combination fail to suggest or to teach that “accessing, by a computing device over one or more networks, a plurality of data stores to identify files of network data to be evaluated for policy compliance; grouping, by the computing device, identified files of network data based on one or more file characteristics associated with the network data; identifying, by the computing device, a data schema associated with the identified files, wherein the identifying further comprises: determining a position of the data schema in the identified files of network data, and generating a confidence score for identification of the data schema based on pattern matching that evaluates content of the position in the identified files of network data; determining a policy rule that applies to the identified files of network data associated with the data schema; scanning only a portion of at least one file in the identified files of network data that corresponds with the position of the data schema to determine a violation of the policy rule; and generating a report of compliance with the policy rule for the portion of file data scanned.”

Independent claims 9  and 26 are similar to that of the independent claim 17; therefore, is allowable for the same reason as claim 17.  The dependent claims, being further limiting to the independent claims, definite and enabled by the specification are also allowed.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record, listed on form PTO-892, and not relied upon, if any, is considered pertinent to applicant’s disclosure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASANUL MOBIN whose telephone number is (571)270-1289.  The examiner can normally be reached on 9:30AM to 6:00PM EST M-F.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fred Ehichioya can be reached on 571-272-4034.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/HASANUL MOBIN/
Primary Examiner, Art Unit 2168