DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments, see pp. 8, filed 12/21/2020, with respect to the rejection of claim 1 under 35 U.S.C. 102(a)(1) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground of rejection is made in view of Arasu.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-5, 9-10, 15-16 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Mohammad et al. US patent application 2015/0012478 [herein “Mohammad”], and further in view of Arasu et al. US patent application 2012/0330880 [herein “Arasu.
Claim 1 recites “A computer system comprising: a processor; and a computer readable storage medium having stored thereon program code that, when executed by the processor, causes the processor to: receive a message indicating that a service of a software system has injected an artificial data record into a first data store of an organization wherein the first data store is owned or managed by the software system,”
Mohammad teaches a system for data lineage discovery and analysis, with a Technical Asset Reference Repository TARR as a record or authoritative source, capturing all data elements and technical assets (i.e., first data store) in the system [0086].
Mohammad does not disclose the limitation on injecting an artificial data record into the first data store; however, Arasu teaches a system to generate (i.e., inject) synthetic data (i.e., artificial data records) to populate a database table (i.e., first data store) (Arasu: [0001]).
Claim 1 further recites “wherein the artificial data record is created by the software system for tracking movement of data records of a type corresponding to the artificial data record throughout the organization, and wherein the message includes a unique identifier associated with the artificial data record, an identifier of the first data store, and a timestamp indicating a time at which the artificial data record was injected;”
In Mohammad, a compliance officer may enter a data element identifier into GUI, in order to verify data lineage information linked to the identifier [0239]. The 
Mohammad does not disclose the limitation on type of artificial data record including its components; however, Arasu’s synthetic data generation populates database tables satisfying a wide variety of schema properties (i.e., type), such as primary key (i.e., unique identifier associated with the artificial data record), foreign key to TARR (i.e., identifier of the first data store), and domain constraint such as creation timestamp column (i.e., injection timestamp) (Arasu: [0026]).
Claim 1 further recites “store the message in an artificial data record repository;”
Mohammad does not disclose this limitation; however, Arasu populates a database table (i.e., artificial data record repository) with synthetic data (Arasu: [0026]).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad with Arasu. One having ordinary skill in the art would have found motivation to utilize Arasu to inject synthetic data records with certain schema properties into Mahammad to trace lineage of such records through data flow.
Claim 1 further recites “on a periodic basis, scan a plurality of data stores of the organization to identify presence of the unique identifier associated with the artificial data record;”
Mohammad’s lineage engine continuously (i.e., periodic basis) scan for data within a system of interconnected databases, applications, servers and network to discover data (i.e., identifier) [0201]. According to Merriam-Webster: periodically and 
Claim 1 further recites “upon finding the unique identifier in a second data store of the organization that is different from the first data store at a time after the timestamp, generate data flow information for the organization indicating that data of the type corresponding to the artificial data record has flowed from the first data store to the second data store; and”.
Mohammad’s lineage engine generates data lineage (i.e., data flow) information [0199]. Lineage information describes data elements flowing from source (i.e., first data store), via hops, to a target (i.e., second data store) [0122].
Claim 1 further recites “verify one or more policies of the organization based on the data flow information.”
Mohammad’s system receives a criterion (i.e., policy) required to access one or more data elements [0349]. The system determines (i.e., verifies) if a criterion is fulfilled based on user credential [0357].
Claims 15 and 18 are analogous to claim 1, and are similarly rejected.

Claim 4 recites “The computer system of claim 1 wherein the plurality of data stores are registered in a data catalog.”
Mohammad teaches claim 1, and stores data lineage information in the Technical Asset Reference Repository (i.e., catalog) [0148], including source, target, and hops (i.e., plurality of data stores) of data flows.

Claim 5 recites “The computer system of claim 4 wherein prior to scanning the plurality of data stores, the program code causes the processor to retrieve metadata regarding the plurality of data stores from the data catalog.”
Mohammad teaches claim 4. Application discovery tools interface with metadata tool to continuously scan for data [0317]. Metadata tool is part of the Technical Asset Reference Repository (i.e., catalog), which stores information on technical assets (i.e., data stores) [0316].

Claim 9 recites “The computer system of claim 1 wherein the program code further causes the processor to: output the data flow information in a human-readable format.”
Mohammad displays (i.e., outputs) data lineage (i.e., flow) information on a user interface (i.e., human-readable format) [0256].
Claims 16 and 19 are analogous to claim 9, and are similarly rejected.

Claim 10 recites “The computer system of claim 9 wherein the human-readable format is a data flow graph.”
Mohammad’s system retrieves a graph of data lineage information (i.e., data flow graph) [0413], to be displayed on a user interface (i.e., human-readable format) [0415].

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Mohammad as applied to claim 1 above, in view of Arasu, and further in view of CronHowto, https://help.ubuntu.com/community/, 2016, pp. 1-8 [herein “CronJob”].
Claim 2 recites “The computer system of claim 1 wherein the service is a runner service associated with the software system that is configured to inject artificial data records into the first data store on a periodic basis.”
Mohammad and Arasu teach claim 1, where Arasu generates (i.e., inject) synthetic data (i.e., artificial data records) to populate a database table (i.e., first data store) (Arasu: [0001]), but do not disclose this claim; however, Arasu’s method can be run as a cron job (i.e., runner service), which is a system daemon used to execute desired tasks in the background at designated times (i.e., periodic basis) (CronJob: pp. 1/8). The cron job is run on the server to generate synthetic data periodically based on a schedule.
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad and Arasu with CronJob. One having ordinary skill in the art would have found motivation to utilize CronJob to automatically and periodically generate artificial data records with certain schema properties whose lineage can be traced through data flow.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Mohammad as applied to claim 1 above, in view of Arasu, and further in view of Minimum required NTFS permissions for Scan to File Repository, https://forum.support.xerox.com, 2017, pp. 1-2 [herein “ScanPermission”].
Claim 6 recites “The computer system of claim 4 wherein when each data store is registered in the data catalog, the computer system is granted read access to the data store.”
Mohammad teaches claim 4, but does not disclose this claim; however, ScanPermission teaches the minimum level of permissions required by the scanner (i.e., computer system) to scan files, which include (1) read access to read files from the data stores, and (2) write access to store the scan results (ScanPermission: pp. 1/2).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad with ScanPermission. One having ordinary skill in the art would have found motivation to grant at least read access for the computer system to all the data stores, such that periodic scanning can be done without human intervention.

Claims 11-14, 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Mohammad as applied to claim 1, 15 and 18 above respectively, in view of Arasu, and further in view of Pasquier et al. Data provenance to audit compliance with privacy policy in the Internet of Things. Pers Ubiquit Comput (2018) 22:333-344 [herein “Pasquier”].
Claim 11 recites “The computer system of claim 1 wherein the one or more policies include policies pertaining to data movement or data retention.”
Mohammad’s system receives a criterion (i.e., policy) required to access one or more data elements [0349]. The system determines (i.e., verifies) if a criterion is fulfilled based on user credential [0357].
Mohammad teaches claim 1, but does not disclose this claim; however, Pasquier expresses data protection law (i.e., policy) as constraints on data flow (i.e., data movement) (Pasquier: 5:1). Provenance graphs are analyzed to demonstrate compliance with a given policy (Pasquier: 6:1).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad with Pasquier. One having ordinary skill in the art would have found motivation to expand Mohammad’s policy compliance analysis beyond access policies to include Pasquier’s data movement policies.

Claim 12 recites “The computer system of claim 1 wherein the program code that causes the processor to verify the one or more policies comprises program code that causes the processor to: parse the data flow information to identify the data flow from the first data store to the second data store; and for each of the one or more policies: analyze the data flow with respect to the policy to determine if the policy has been violated.”
Mohammad teaches claim 1, but does not disclose this claim; however, Pasquier expresses data protection law (i.e., policy) as constraints on data flow (Pasquier: 5:1) -- from source (i.e., first data store) via hops to target (i.e., second data store). Provenance graphs are analyzed (i.e., parsed) to demonstrate (i.e., determine) compliance (i.e., violation) with a given policy (Pasquier: 6:1).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad with Pasquier. One having ordinary skill in the art would have found motivation to incorporate Pasquier’s provenance graph analysis into Mohammad’s policy compliance analysis such that violation of data movement policies can be detected.

Claim 13 recites “The computer system of claim 12 wherein if the processor determines that a policy in the one or more policies has been violated, the program code further causes the processor to take one or more remedial actions.”
Mohammad teaches claim 12, and notifies users of data lineage information change, which can be an alert to request approval for the change [0151], but does not disclose this claim; however, Pasquier’s auditor queries provenance data streams for possible violation of regulations (i.e., policies), which leads to the generation of an event that triggers an action (i.e., remedial action) (Pasquier: 5.3:4).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad with Pasquier. One having ordinary skill in the art would have found motivation to incorporate Pasquier’s provenance graph analysis into Mohammad’s policy compliance analysis such that violation of data movement policies can be detected and remedial actions can be performed.

Claim 14 recites “The computer system of claim 13 wherein the one or more remedial actions include generating an alert indicating the policy violation, restricting access to data involved in the policy violation, encrypting the data involved in the policy violation, or deleting the data involved in the policy violation.”
Mohammad teaches claim 13, and notifies users of data lineage information change, which can be an alert to request approval for the change [0151], but does not disclose this claim; however, Pasquier’s auditor queries provenance data streams for possible violation of regulations (i.e., policies), which leads to the generation of an event that triggers an action (i.e., alert) (Pasquier: 5.3:4).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad with Pasquier. One having ordinary skill in the art would have found motivation to incorporate Pasquier’s provenance graph analysis into Mohammad’s policy compliance analysis such that violation of data movement policies can be detected and alerts generated.

Claim 17 recites “The method of claim 15 wherein if the computer system determines 2that a policy in the one or more policies has been violated, the method further comprises 3generating an alert indicating the policy violation, restricting access to data involved in the 4policy violation, encrypting the data involved in the policy violation, or deleting the data 5involved in the policy violation.”
Mohammad teaches claim 15, and notifies users of data lineage information change, which can be an alert to request approval for the change [0151], but does not disclose this claim; however, Pasquier’s auditor queries provenance data streams for possible violation of regulations (i.e., policies), which leads to the generation of an event that triggers an action (i.e., alert) (Pasquier: 5.3:4).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to combine Mohammad with Pasquier. One having ordinary skill in the art would have found motivation to incorporate Pasquier’s provenance graph analysis into Mohammad’s policy compliance analysis such that violation of data movement policies can be detected and alerts generated.
Claim 20 is analogous to claim 17, and is similarly rejected.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHELLY X. QIAN whose telephone number is (408)918-7599.  The examiner can normally be reached on Monday - Friday 8-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tony Mahmoudi can be reached on (571)272-4078.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHELLY X QIAN/Examiner, Art Unit 2163                                                                                                                                                                                                        


/ALEX GOFMAN/Primary Examiner, Art Unit 2163