EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with A. Steven Nugent, registration no. 68, 982 on 2/12/2021.
The application has been amended as follows: 
In Claims

Cancel claim 17

1.	(Currently Amended) A computer-implemented data processing method for analyzing data transfers, the method comprising: 
	detecting an initiation of a data transfer between a particular data asset and a second system by detecting a generation of a data transfer log entry indicating the data transfer between the particular data asset and the second system, the data transfer log entry comprising a network address for the particular data asset and a network address for the second system;
analyzing, by one or more computer processors,the data transfer log entry representing the data transfer between the particular data asset and the 
	determining, by one or more computer processors, an identity of the particular data asset based at least in part on the network address for the particular data asset;
	determining, by one or more computer processors, a geographical location of the second system based at least in part on the network address for the second system;
	accessing, by one or more computer processors based at least in part on the identity of the particular data asset, a data map associated with the particular data asset;
	determining, by one or more computer processors based at least in part on the data map, a plurality of authorized geographical locations associated with the particular data asset;
	comparing, by one or more computer processors, the geographical location of the second system to the plurality of authorized geographical locations associated with the particular data asset;
	determining, by one or more computer processors based at least in part on the comparison of the geographical location of the second system to the plurality of authorized geographical locations associated with the particular data asset, that the geographical location of the second system is an unauthorized geographical location by determining that the geographical location of the second system is not among the plurality of authorized geographical locations associated with the particular data asset; 

at least partially in response to determining the identity of the user associated with the data transfer, taking, by one or more computer processors, one or more actions to modify access capabilities of the user associated with the data transfer, wherein the access capabilities are associated with access by the user associated with the data transfer to one or more of the particular data asset and the second system.

8.	(Currently Amended) A non-transitory computer-readable medium storing computer-executable instructions for: 
	detecting, by one or more computer processors, an initiation of a data transfer between a first system and a second system by detecting a generation of a data transfer log entry indicating the data transfer between the first system and the second system, the data transfer log entry comprising a network address for the first system and a network address for the second system;
analyzing, at one or more computer processors, the data transfer log entry 

	determining, by one or more computer processors based at least in part on the network address for the first system, a data asset identifier for the first system;
	determining, by one or more computer processors based at least in part on the network address for the second system, that the second system is not associated with the particular entity;
	determining, by one or more computer processors based at least in part on the data asset identifier for the first system, a data map associated with the first system;
accessing, by one or more computer processors, the data map associated with the first system;
	analyzing, by one or more computer processors, the data map to determine whether the second system is authorized to perform data transfers with the first system;
	determining, by one or more computer processors based at least in part on the analysis of the data map, that the second system is not authorized to perform data transfers with the first system; and
	at least partially in response to determining that that the second system is not authorized to perform data transfers with the first system, accessing, by one or more computer processors, one or more network components to modify network communications capabilities between the first system and the second system.

14.	A data transfer analysis data processing system comprising:
	one or more computer processors;
	computer memory; and
	a non-transitory computer-readable medium storing computer-executable instructions that, when executed by the one or more computer processors, cause the one or more computer processors to perform operations comprising:
detecting, at the one or more computer processors, an initiation of a data transfer between a data asset and a second system by detecting a generation of a data transfer log entry indicating the data transfer between the data asset and the second system, the data transfer log entry comprising an identifier of the data asset and a network address for the second system;
determining, by the one or more computer processors based at least in part on the network address for the second system, a geographical location for the second system;
determining, by the one or more computer processors based at least in part on the identifier of the data asset, a data map associated with the data asset;
analyzing, by the one or more computer processors, the data map to determine whether the geographical location for the second system is among a plurality of geographical locations indicated in the data map associated with the data asset;
determining, by the one or more computer processors based at least in part on the analysis of the data map, that the second system is not authorized to perform data transfers with the data asset; 

detecting, at the one or more computer processors, an initiation of a second data transfer between the data asset and the second system by detecting a generation of a second data transfer log entry indicating the data transfer between the data asset and the second system, the second data transfer log entry comprising the identifier of the data asset and the network address for the second system; 
analyzing, by the one or more computer processors, the second data transfer log entry using the metadata;
determining, by the one or more computer processors based at least in part on the analysis of the second data transfer log entry using the metadata, that the second system is not authorized to perform data transfers with the data asset; and
at least partially in response to determining that that the second system is not authorized to perform data transfers with the data asset, terminating, by the one or more computer processors, the second data transfer between the data asset and the second system.

20.	(Currently Amended) A data processing system for identifying potential transfers of data, the system comprising:
	data transfer log entry reception means for receiving a data transfer log entry representing a data transfer between a first system and a second system, the data 
	data asset determination means for determining, based at least in part on the network address for the first system, that the first system is a data asset associated with a particular entity; 
	data asset identification determination means for determining, based at least in part on the network address for the first system, a data asset identifier for the first system;
	the data asset determination means for determining, based at least in part on the network address for the second system, that the second system is not associated with the particular entity;
	data map acquisition means for determining, based at least in part on the data asset identifier for the first system, a data map associated with the first system;
data map access means for accessing the data map associated with the first system;
	data map analysis means for analyzing the data map to determine whether the second system is authorized to perform data transfers with the first system;
	data transfer authorization means for determining, based at least in part on the analysis of the data map, that the second system is not authorized to perform data transfers with the first system; 
unauthorized data transfer response means for, at least partially in response to determining that that the second system is not authorized to perform data transfers with the first system, taking one or more actions to modify access capabilities of a user 
metadata storage means for storing metadata at the data asset indicating the access capabilities of the user associated with the data transfer;
data transfer detection means for detecting an initiation of a second data transfer between the first system and the second system by detecting a generation of a second data transfer log entry indicating the second data transfer between the first system and the second system, the second data transfer log entry comprising the network address for the first system and the network address for the second system; 
data transfer log analysis means for analyzing the second data transfer log entry using the metadata;
data transfer authorization determination means for determining, based at least in part on the analysis of the second data transfer log entry using the metadata, that the second data transfer is not authorized; and
data transfer termination means for, at least partially in response to determining that that the second data transfer is not authorized, terminating, the second data transfer between the first system and the second system.

Allowable Subject Matter
Claims 1-16 and 18-20 (renumbered 1-19) are allowed.
The following is an examiner’s statement of reasons for allowance: 
.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Anil Khatri whose telephone number is (571)272-3725.  The examiner can normally be reached on M-F 8:30-5:00.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, W Zhen can be reached on 571-272-3708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANIL KHATRI/            Primary Examiner, Art Unit 2191