DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Nilesh Amin on 2/18/21.
The application has been amended as follows: 

1.	(Currently Amended) A system, comprising:
	a memory that stores computer executable components;
	a processor, operably coupled to the memory, and that executes the computer executable components stored in the memory, wherein the computer executable components comprise: 
a data collection component that extracts properties of data transmitted from executing an application using at least one representational state transfer application programming interface (REST API) of REST APIs;
a modeling component that, in response to the execution of the application using the REST API:
generates a model [[by]] comprising mappings between roles and data access authorizations by determining patterns of relationships between the roles and the data access authorizations based on analyzing one or more documents describing the the roles, [[and]] the data access authorizations, and historical execution of the REST APIs by applications associated with users, 
correlates between data semantic and data schematic of the data with respect to data security protection 

an audit component that: 
performs a fine-grained authorization audit by comparing the data with the mappings of the model based on a role associated with the application, and
in response to a result of the fine-grained authorization audit indicating that at least a portion of the data is associated with an unauthorized data access, initiates an action to mitigate the application from conducting another unauthorized data access.

2.	(Original) The system of claim 1, wherein the system is a data security monitoring system independent of programming languages and executing systems.

3.	(Currently Amended) The system of claim 1, wherein the action comprises generation of an alert regarding the unauthorized data access 



5.	(Currently Amended) The system of claim 1, wherein the application is a micro-service that is part of a service mesh 

6.	(Original) The system of claim 1, wherein the audit component performs the fine-grained authorization audit based on monitoring the data at a data level.

7.	(Previously Presented) The system of claim 1, wherein the action comprises generation of a ticket to resolve the unauthorized data access.

8.	(Previously Presented) The system of claim 7, wherein the action comprises stop the application from executing until the unauthorized data access is fixed.

9.	(Previously Presented) The system of claim 8, wherein the action further comprises start execution of the application upon verification that the unauthorized data access is fixed.


extracting, by a system operatively coupled to a processor, properties of data transmitted from executing an application using at least one representational state transfer application programming interface (REST API) of REST APIs; 
	in response to the execution the application using the REST API:
generating, by [[a]] the system [[by]] comprising mappings between roles and data access authorizations by determining patterns of relationships between the roles and the data access authorizations based on analyzing one or more documents describing the the roles, [[and]] the data access authorizations, and historical execution of the REST APIs by applications associated with users, and
correlating, by the system, between data semantic and data schematic of the data with respect to data security protection 

performing, by the system, a fine-grained authorization audit by comparing the data with the mappings of the model based on a role associated with the application; and
in response to a result of the fine-grained authorization audit indicating that at least a portion of the data is associated with an unauthorized data access, performing, by the system, an action to mitigate the application from conducting another unauthorized data access.

11.	(Original) The computer-implemented method of claim 10, wherein the system is a data security monitoring system independent of programming languages and executing systems.

12.	(Previously Presented) The computer-implemented method of claim 10, further comprising collecting, by the system, the data transmitted from executing the application.

13.	(Original) The computer-implemented method of claim 10, wherein the generating the model comprises employing, by the system, machine learning, and wherein the machine learning comprises latent Dirichlet allocation (LDA).

14.	(Currently Amended) The computer-implemented method of claim 10, wherein the application is a micro-service that is part of a service mesh 

15.	(Original) The computer-implemented method of claim 10, wherein the performing the fine-grained authorization audit comprises monitoring, by the system, the data at a data level.

16.	(Currently Amended) A computer program product for facilitating protecting data security, the computer program product comprising a non-transitory computer readable medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to:
extract properties of data transmitted from executing an application using at least one representational state transfer application programming interface (REST API) of REST APIs; 
	in response to the execution the application using the REST API:
generate a model [[by]] comprising mappings between roles and data access authorizations by determining patterns of relationships between the roles and the data access authorizations based on analyzing one or more documents describing the the roles, [[and]] the data access authorizations, and historical execution of the REST APIs by applications associated with users, and
correlate between data semantic and data schematic of the data with respect to data security protection 

perform a fine-grained authorization audit by comparing the data with the mappings of the model based on a role associated with the application; and
in response to a result of the fine-grained authorization audit indicating that at least a portion of the data is associated with an unauthorized data access, execute an action to mitigate the application from conducting another unauthorized data access.

17.	(Previously Presented) The computer program product of claim 16, wherein the program instructions are further executable to cause the processor to:
	collect the data transmitted from executing the application.

18.	(Previously Presented) The computer program product of claim 16, wherein the program instructions are further executable to cause the processor to: 
	employ machine learning to generate the model, and wherein the machine learning comprises latent Dirichlet allocation (LDA).

19.	(Currently Amended) The computer program product of claim 16, wherein the application is a micro-service that is part of a service mesh 
	

20.	(Original) The computer program product of claim 16, wherein the program instructions are further executable to cause the processor to:
	perform the fine-grained authorization audit based on monitoring the data at a data level.

EXAMINER’S COMMENTS
This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, examiner initiated interview to propose examiner’s amendment in response to After Final Amendment filed on 2/16/21 to expedite prosecution, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789.  The examiner can normally be reached on Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431