DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
Status of Claims
This is a non-final office action in response to Applicant's amendment filed on 11/02/2020. Applicant’s submission has been entered. Claims 1-2, 9-14, 22-25 are currently amended claims. Claims 1-25 are pending in the application. 
The rejection of claims 1-2, 5-10, 13-14, 17-22 and 25 under 35 USC §102 has been withdrawn in light of applicant’s amendment to the claims.
Response to Arguments
The Applicant's arguments filed on 11/2/2020 (see pages 10-12) with respect to Claims 1-25 have been fully considered but not persuasive. 
In particular, applicant’s argument has been focused on the rejection of claims 1-2, 5-10, 13-14, 17-22, and 25 under the 35 USC §102 as being anticipated by Foley. Upon further review of the Foley reference in light of claim interpretation and applicant’s argument, the examiner agrees with applicant on some of the argument, therefore the rejection of claims under 35 USC 
Examiner acknowledges applicant’s amendment to the independent claims to clarify the claimed invention and further distinguish from the prior art Foley. The examiner further acknowledges applicant’s effort to summarize the prior art Foley and the advantages of the claimed invention (See pages 10-14 of the Remarks).
Regarding claim 1 (similarly for claim 13), applicant’s main argument is that Foley does not disclose each and every element of previously presented claim 1 when considered as a whole. The collectors and software agents disclosed by Foley are positioned locally with respect to the monitored file systems. In particular, the collectors are installed on the local networks of the file systems and the software agents are installed on the file systems themselves. It is the collectors and software agents that process the audit trail data in view of the security policies (See pages 15-16 of the Remarks). 
Examiner agrees with applicant that the Foley teaches a data governance system for enterprise system where data governance includes monitoring/auditing of audit trail data from local file systems/local data storages that is indicative of data access or modification activities by the collector component (collector(s)) of the central manager and applying the security policy to determine remediation action when the audit trail data (i.e. event) is in conflict with data governance policy of the data governing system. Examiner has shown in the previous office actions mailed 3/2/2020 and 7/2/2020 that Foley teaches the collector(s) that can be interpreted as part of data governance system that receives event data from local file systems 
Examiner agrees with applicant that Foley does not explicitly teach that the collector(s)/aggregator/central manager may be interpreted as the data governance server (or data governance service or system) as currently amended and are remotely connected to the local file systems through public network like WAN or internet. Further examiner acknowledges that applicant has amended claim 1 (similarly claim 13) to recite “receiving over said WAN one or more communications from said data 18governance server including instructions to perform a set of remediation 19actions on said local data storage system, if said data governance server 20determines that said event conflicts with said first set of data governance policies 21stored on said data governance server” and agrees with applicant that “In particular, Foley does not disclose "receiving over said WAN one or more communications from said data governance server including instructions to perform a set of remediation actions on said local data storage system…” (See page 21 of the Remark). Therefore the rejection of claim 1 (and claim 13) and their respective dependent claims under 35 USC §102 has been withdrawn. However, upon updated search, prior arts Liu and Keene are found to teach the features. Therefore examiner asserts the combination of Foley, Liu and Keene teaches each and every elements of the present claims 1 and 13.


The rest of Applicant's arguments filed on 11/2/2020 (see pages 13-14 of the Remarks) have been considered but moot in view of grounds of rejection. In addition, Examiner would also like to point out that applicant’s argument that Foley’s disclosed system is enterprise-wide system and the system of instant application has advantage to provide economical cloud-based data governance to small entities and less expensive (See page 13 of the Remarks). However claim 1 does not include any features to prevent applying the method steps of claim 1 in an enterprise system of Foley when the data governance is applied in a cloud computing environment. Therefore applicant’s further argument about the distinction (see pages 13-14 of the Remarks) between Foley and the instant invention is moot in view of the current office action.
Regarding claim 25, applicant argued that Foley does not disclose the cited underlined limitations "a plurality of source connector routines each including a subset of said set of instructions configured to monitor a corresponding one of a plurality of particular data sources on said file storage system", where "said one of said plurality of particular data sources includes first source data of a first type", "a second one of said plurality of particular data sources includes second source data of a second type different than said first type", "a first one of said source connector routines is compatible with said first data source, but not said second data source", and "a second one of said source connector routines is compatible with said second data source, but not said first data source". To support the requirement of software compatibility, applicant presented para. [0074] "each of connectors 602 monitor a specific data source, where a data source includes a subset of data sources 408 that corresponds to a particular data type and/or program" and para. [0096] "the particular method used for generating and/or processing events is dependent on the source itself” of the instant application. Thus applicant suggested “one of ordinary skill in the art would understand that a connector utilizing a particular method for monitoring a specific data source, the particular method being dependent on the specific data source, would be incompatible with another data source being monitored by a different connector utilizing a different method”. Therefore it is examiner’s understanding from above that it is well known property that software routine is compatible or incompatible to the source data, depending on whether the software depends on the data type. Upon further search, the examiner came across reference John that appears to teach the discussed features above. See the new ground of rejection presented below in the current office action.
Applicant is suggested to further incorporate innovative features into the independent claims to advance prosecution of the case.
Claim Objections
Claims 1, 4-5, 13 are objected to because of the following informalities:  
Claim 1 line 19 (similarly claim 13 line 18) recites “if said data governance server …” may read as “when said data governance server …”, or another more appropriate form.
Claims 4 and 5 recite “said step of generating event” and depend on claim 2 which recites “generate events
Claim 12 line 3, “or updating of a derivative data set …” may read as “or updating of the derivative data set …”.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7 recites “wherein said step of generating an event …”. However there is no “generating an event” in claim 1 that claim 7 depends upon. Therefore claim 7 lacks of insufficient antecedent basis for this limitation in the claim. Applicant is suggested to amend the claim by replacing “wherein said step of generating an event …” to “wherein said step of capturing an event …”.
Claim 19 recites the limitation "said data monitors" in line 1.  There is insufficient antecedent basis for this limitation in the claim. Claims 20-21 depend on claim 19, therefore are also rejected for the same reason.
Claim 25 lines 27-32 recites “and 27said first one of said source connector routines is configured to receive responsive 28to said event being received by said data governance service a request to 29provide a first data object of said first type corresponding to said event to said 30data governance service, and to provide said first data object of said first type Page 8 of 28App. Serial No.: 15/488,125Atty. Docket No.: 0143-023D231to said data 
First, examiner suggests applicant to recite “and 27said first one of said source connector routines is configured to receive, responsive 28to said event being received by said data governance service, a request to 29provide a first data object of said first type corresponding to said event to said 30data governance service …” or “and27 responsive 28to said event being received by said data governance service, said first one of said source connector routines is configured to receive a request to 29provide a first data object of said first type corresponding to said event to said 30data governance service…” or more appropriate form. 
Second, it is not clear the claim may be construed as “said first one of said source connector routines is configured to receive…a request to provide…, and to provide…” or “said first one of said source connector routines is configured to receive…, and to provide …” rendering the claim indefinite. Applicant is suggested to amend and clarify the claim language.  
Dependent claims 8-9 and 20-21 are also rejected for being dependent under the same rationale set forth above for claims 7 and 19.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 5-10, 13-14, 17-22 are rejected under 35 U.S.C. 103 as being unpatentable over Foley et al (US20170024408A1, hereinafter, "Foley"), in view of Liu (US9166993B1, hereinafter, “Liu”), further in view of Keene et al (US20100242082A1, hereinafter, “Keene”).
Regarding claim 1, claim 13, Foley teaches:
		In a local data storage system, a method for utilizing cloud-based 2data governance (Foley, [0087] the solution provides centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment), said method comprising:  
		3capturing an event indicative of a file system operation performed on a data object 4stored in said local data storage system, said file system operation being a 5modification or an access of said data object (Foley, [0008] The centralized monitoring (of the sets of file servers) is provided by a security manager appliance (sometimes referred to as a "collection server" or just "collector"), which is operative to receive from each of the plural file systems audit trail data (i.e. event). Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The audit trail data may include one or more classifiers generated by the software agent and used to classify data associated with a given file system access activity. And [0087) Each file system is instrumented with the lightweight software agent that intercepts (or, more generally, captures) the relevant file system access activity); 
		6establishing a network connection with a geographically remote [data governance 7server of a cloud-based data 7governance system over a wide-area network (WAN)] (Foley, Fig. 3 as example, European data centers, American data centers, which are data centers with storages at geographically remote locations. And [0025] the distributed data processing system 100 may also be implemented to include a number of different types of networks, such as for example, an intranet, a local area network (LAN), a wide area network (WAN)… And [Claim 2] The method as described in claim 1 further including sending the audit trail data to a central location remote from the plural file systems. And [0052] The software TAP agent 602 interfaces to the policy manager and data collector component 608 in the central manager 604 (i.e. data governance server in view of Liu below); (See Liu for a cloud based data governance server over WAN below)
		8providing information to said [data governance server over said 10WAN] to associate said 9local data storage system with a first set of data governance policies stored on said 10data server but not other sets of data governance policies 11stored on said data governance server (Foley, [0008] Each file system may receive the same security policy, or different security policies (i.e., not other sets of data governance policies)… Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy);  
		12providing said event and not said data object to said [data governance server] to 13facilitate a determination of whether said event conflicts with said first set of 14data governance policies stored on said [data governance server] (Foley, [0009] …preferably the collector stores (in a database) the audit trail, so for review or further analysis that file data access audit data (i.e. trail data, i.e. not data object) is available to be searched, for example, for suspicious patterns or unauthorized intrusions (i.e. conflicts with governance policy). And [0010] the central manager provides an enterprise-wide view of file system access activity against user- or system-configured security policies. The file system activity monitor thus provides for continuous, policy-based real-time monitoring of file system access across an enterprise); 
		15 [receiving] over said WAN [one or more communications from said data governance server including instructions to perform a set of remediation 19actions] on said local data storage system, if said data governance server 20determines that said event conflicts with said first set of data governance policies 21stored on said data governance server; and 16executing said set of remediation actions on said local data storage system (Foley, [0008] In addition, preferably the collector also applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action (i.e. remediation). The given action typically is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity. And [0050] The security policy also may define particular file system access permissions that override any native OS permissions, thereby providing another layer of security around sensitive files.  Generalizing, a particular security policy identifies one or more of: who, what, when and how of a particular file system access, as well as potentially describing a given action to take (e.g., detect, log, block, notify, etc.)). (See Keene below for limitation(s) in bracket, i.e. receiving instructions to perform remediation actions)
		While Foley teaches data governance by centralized collector component of collector/central manager remote from the monitored file systems in an enterprise system, but does not explicitly teach that the collector/central manager is the data governance server and is connected to the local data storage/file system via public network, but in the same field of endeavor Liu teaches:
		[establishing a network connection] with a geographically remote data governance 7server of a cloud-based data 7governance system (Liu, see Fig. 1, Data Governance System 130, Client Computing System 102 connection through network 103. And Col. 5 lines 11-14, the data governance system can be part of a cloud computing system. Cloud computing (the `cloud`) may refer to the access of computing resources over a computer network (i.e. cloud-based data governance system)) over a wide-area network (WAN) (Liu, Col. 5 lines 7-10, Network 103 may include, for example, …, a wide area network (WAN), a global area network (GAN) such as the Internet).

While the Foley-Liu combination does not explicitly teach receiving … one or more communications from said data governance server including instructions to perform a set of remediation 19actions, however in the same field of endeavor Keene teaches:
receiving [over said WAN] (see Liu for underlined “over said WAN” above) one or more communications from said data governance server including instructions to perform a set of remediation 19actions (Keene, [0039] When a threat or policy violation is detected by the threat management facility 100 (i.e. data governance server), the threat management facility 100 may provide for a remedial action facility 128. Remedial action may take a plurality of forms, such as …, sending a warning to a client. And [0060] Referring to FIG. 2, an administrator 134 may set a policy through the policy management facility 112 instructing (i.e. instruction) endpoint computers 144 to disable certain functions (i.e. remediation actions) in the case where they are non-compliant (i.e. conflict)).


Regarding claim 2, similarly claim 14, Foley-Liu-Keene combination further teaches:
The method of Claim 1, the system of Claim 13, 
		wherein said step of capturing an event includes deploying a plurality of data monitors, each of said plurality of data monitors being associated with one of a plurality of different data source types and operative to detect file system operations executed on data objects of said associated data source type, generate events indicative of said file system operations, and push said events to said data governance server (Foley, [0043] Thus, for example, the software TAP agent 312 can be configured to relay the captured information to one collector, to two or more collectors, to load balance the captured data between multiple collectors, or the like.  In one basic software TAP configuration option, the software TAP agent is configured to send traffic (i.e. push) to one collector only. See Fig. 6 central manager 604 (i.e. data governance system). And [0049] This classification includes one or more of the following: identifying OOTB class (e.g., PCI, HIPAA, SOX, or the like), identifying the file type (e.g., HTML, text, XML, CSV, PDF, or the like), identifying the access as involving source code, a log file, or the like, and additional information as may be called for by a particular security policy (i.e. different data sources)).

Regarding claim 5, similarly claim 17, Foley-Liu-Keene combination further teaches:
The method of Claim 2, the system of Claim 14, 
wherein said step of generating an event includes intercepting (Foley, [0008] Each file system is instrumented with the lightweight software agent that intercepts (or, more generally, captures) the relevant file system access activity) and filtering events from at least one of said data source types (Foley, [0049] Typically, a policy (or "security policy") has one or more rules that allow administrators (or "users") to filter for specific operations, for specific files, or the like (i.e. to data sources)).

Regarding claim 6, similarly claim 18, Foley-Liu-Keene combination further teaches:
The method of Claim 5, the system of Claim 17, 
wherein said steps of intercepting and filtering events from said at least one of said data source types includes installing an agent on-site with said local data storage system, said agent being configured to intercept and filter said events ((Foley, [0008] Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. And [0049] Typically, a policy (or "security policy") has one or more rules that allow administrators (or "users") to filter for specific operations, for specific files, or the like (i.e. to data sources)). And [0052] [0052] As seen FIG. 6, preferably the file system interception is performed in association with the software TAP agent 602 in the monitored file system 600).

Regarding claim 7, similarly claim 19, Foley-Liu-Keene combination further teaches:
The method of Claim 1, the system of Claim 13, 
wherein said step of generating an event includes capturing metadata associated with one or both of said file system operation and said data object (Foley, [0049] In one particular embodiment, the file system access data that is collected includes one or more of the following: file name, file size, data created, owner, read user, write user, user privileges and rights, permissions, changes or other modifications to the data or to file system metadata, timestamps, and the like).

Regarding claim 8, similarly claim 20, Foley-Liu-Keene combination further teaches:
The method of Claim 7, the system of Claim 19,
wherein said step of capturing metadata includes capturing metadata identifying a particular user performing said file system operation on said data object (Foley, [0049] Preferably, the audited data includes information about the users performing a particular file system access operation, ...  In one particular embodiment, the file system access data that is collected includes one or more of the following: file name, file size, data created, owner, read user, write user, user privileges and rights, permissions, changes or other modifications to the data or to file system metadata, timestamps, and the like).

Regarding claim 9, similarly claim 21, Foley-Liu-Keene combination further teaches:
		The method of Claim 8, the system of Claim 20,
		wherein said step of executing said set of remediation actions on said local data storage system includes altering permissions associated with said particular user (Foley, [0008] In addition, preferably the collector also applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action. The given action typically is one of: issuing an alert, performing an audit activity, restricting access to a file system resource (i.e. altering permissions),…). 

Regarding claim 10, similarly claim 22, Foley-Liu-Keene combination further teaches:
		The method of Claim 1, the system of Claim 13,
		wherein said step of receiving over said WAN one or more communications from said data 3governance server includes receiving one or more control messages indicating said set of remediation actions to be executed on said local data storage system (Foley, [0051] Preferably, policies are oriented towards large-scale data collection for auditing purposes, or for intrusion detection, in which case notifications (i.e. messages) may be provided when sensitive information has been accessed or modified.  The notifications may take the form of visible notifications, such as via the GUI, through emails or text messages, raising alerts, or any other user-configured notification mechanism).

Claims 3-4, 11-12, 15-16, 23-24 are rejected under 35 U.S.C. 103 as being unpatentable over Foley-Liu-Keene combination as applied above, further in view of Wijayaratne et al (US20140040196A1, hereinafter, “Wijayaratne”).
Regarding claim 3, similarly claim 15, Foley-Liu-Keene combination teaches:
The method of Claim 2, the system of Claim 14, 
While Foley-Liu-Keene combination teaches file monitoring and auditing (i.e. scanning) of file system but does not explicitly teach scanning at different times, however in the same field of endeavor Wijayaratne teaches: 
wherein said step of generating events includes scanning at least one of said data source types at different times (Wijayaratne, [0046] The RFS 202 can be initially created and synchronized with the LFS 204 using a full file system scan (FFS) wherein the LFS 204 is initially copied to remote cloud 102 and stored as RFS 202, for example, when an account is opened with a remote cloud service provider. Subsequently (i.e. different times), the LFS 204 and the CFS 202 can be periodically synchronized using bi-directional snapshot-based synchronizations.  For example, a full rescan sync (FRS) process can be used to "walk" the LFS 204 and the RFS 202 and create metadata snapshots of these file systems). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Wijayaratne in the file monitoring and auditing system of Foley-Liu-Keene by synchronization to the remote file system or local file system. This would have been obvious because the person having 

Regarding claim 4, similarly claim 16, Foley-Liu-Keene combination teaches:
The method of Claim 2, the system of Claim 14, 
While Foley-Liu-Keene combination does not explicitly teach callbacks from an application, however in the same field of endeavor Wijayaratne teaches: 
wherein said step of generating an event includes registering for callbacks from an application associated with at least one of said data source types (Wijayaratne, [0046] The steady-state synchronization (i.e. “callback”) process of FIG. 2B enables the RFS 202 and LFS 204 to remain synchronized in near real-time as the RFS 202 and LFS 204 are synchronized for consecutive event synchronization periods). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Wijayaratne in the file monitoring and auditing system of Foley-Liu-Keene by synchronization to the remote file system or local file system. This would have been obvious because the person having ordinary skill in the art would have been motivated for clients to maintain local and remote access for up-to-date data (Wijayaratne, [0009]).

Regarding claim 11, similarly claim 23, Foley-Liu-Keene combination teaches:
The method of Claim 1, the system of Claim 13,

wherein said step of providing said event to said data governance server includes providing metadata of a file system associated with said local data storage system to facilitate the creation or updating of a derivative data set by said data governance server (Wijayaratne, [0046] a full rescan sync (FRS) process can be used to "walk" the LFS 204 and the RFS 202 and create metadata snapshots of these file systems at a time Ts. These snapshots can then be compared and the differences used to bi-directionally synchronize the two file systems; and [0059] File events include creating a file (CREATE), updating a file (UPDATE), deleting a file (UNLINK), and renaming a path (RENAME). And [0137] intersection of column 1006 (UPDATE) and row 1016 (UPDATE) can be reduced to a single UPDATE that corresponds to the second (T+1) update.  The intersection of column 1008 (UNLINK) and row 1014 (CREATE) can be reduced to a single UPDATE event); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Wijayaratne in the file monitoring and auditing system of Foley-Liu-Keene by creating metadata snapshot to the remote file system as event records. This would have been obvious because the person having ordinary skill in the art would have been motivated to generate and synchronize the event based snapshot as event records between local and remote data file systems “to provide local and remote data access and remote data security” (Wijayaratne, [Abstract], [0044], [0046]).

Regarding claim 12, similarly claim 24, Foley-Liu-Keene-Wijayaratne combination further teaches:
The method of Claim 11, the system of Claim 23, wherein said step of providing said event to said data governance server includes providing at least a portion of said data object to facilitate the creation or updating of a derivative data set by said data governance server (Wijayaratne, [0045] FIG. 2A illustrates a snapshot-based (i.e. “at least a portion of”) method of synchronizing a remote file system (RFS) 202 stored on remote cloud 102 and a local file system (LFS) 204 stored on local cloud 104. And [0059] File events include creating a file (CREATE), updating a file (UPDATE), deleting a file (UNLINK), and renaming a path (RENAME). And [0137] intersection of column 1006 (UPDATE) and row 1016 (UPDATE) can be reduced to a single UPDATE that corresponds to the second (T+1) update (i.e. derivative data).  The intersection of column 1008 (UNLINK) and row 1014 (CREATE) can be reduced to a single UPDATE event).

Claim 25 is rejected under 35 U.S.C. 103 as being unpatentable over Foley et al (US20170024408A1, hereinafter, "Foley"), in view of Liu (US9166993B1, hereinafter, “Liu”), further in view of John et al (US20060179140A1, hereinafter, “John”).
Regarding claim 25, Foley teaches:
An event collection system deployable on a file storage system, 2said event collection system (Foley, [0008] each file system is instrumented with the lightweight software agent that intercepts (or, more generally, captures) the relevant file system access activity. File access rules are enforced by the software agent… The centralized monitoring (of the sets of file servers) is provided by a security manager… which is operative to receive from each of the plural file systems audit trail data) comprising:  
3a hardware processor configured to execute code, said code including a set of 4instructions which cause said hardware processor to execute associated actions (Foley, [0027] Data processing system 200 is an example of a computer, such as server 104 or client 110 in FIG. 1, in which computer-usable program code or instructions ... data processing system 200 includes communications fabric 202, which provides communications between processor unit 204…), 5a network adapter electrically coupled to establish a network connection [to a data 6governance service over a wide-area network (WAN)], said data governance 7service being located geographically remotely from said event collection system (Foley, see Fig. 3, as example, European data centers, American data centers, which are data centers (i.e. file storage system where software agent locates) with storages at geographically remote locations. And [Claim 2] The method as described in claim 1 further including sending the audit trail data to a central location (i.e. where data governance service locates) remote from the plural file systems (i.e. where event collection by software agent locates)); (See Liu for data governance service over WAN below) 
8and 9memory for storing data and said code, said data and said code comprising 10a plurality of source connector routines each including a subset of said set of 11instructions (Foley, [0008] Each file system is instrumented with the lightweight software agent (i.e. source connector routine) that intercepts (or, more generally, captures) the relevant file system access activity. And Fig. 2 memory 206) configured to monitor a corresponding one of a plurality of 12particular data sources on said file storage system (Foley, [0008] each of the plural file systems are provided with a security policy, wherein the security policy defines one or more file system access activities to be monitored at the file system) and to generate an event 13responsive to a file system operation being executed on a data object 14associated with said one of said plurality of particular data sources, said event 15being indicative of said file system operation, and 16a data governance interface including another subset of said set of instructions 17configured to push said event and not said data object to said data governance 18service (Foley, [0008] The centralized monitoring (of the sets of file servers) is provided by a security manager appliance (sometimes referred to as a "collection server" or just "collector"), which is operative to receive from each of the plural file systems audit trail data (i.e. event to said data 14governance system without providing said data object). Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. And [0043] the software TAP agent is configured to send traffic (i.e. push) to one collector only); 
and wherein 19said one of said plurality of particular data sources includes first source, data 20of a first type (Foley, [0049] Typically, a policy (or "security policy") has one or more rules that allow administrators (or "users") to filter for specific operations, for specific files, or the like (i.e. to include particular data sources)). Examiner notes that first data source is interpreted as first file system such as the file system of European data center. The second data source is interpreted as the second file system; 
22a second one of said plurality of particular data sources includes second source 23data of a second type different than said first type; 24a first one of said source connector routines is source] (Foley, [Abstract] Each file system is instrumented with a software agent (which is software TAP agent) that intercepts the relevant file system access activity. And [0049] The file system-resident agent preferably also performs some degree of classification on the data it collects. ). Examiner notes that it is inherent that the software TAP agent is compatible with the data it collects and generates the audit trail data. Further, claim language “but not said … data source” is interpreted as the software depends on the data type, as taught by John below); 
and 27said first one of said source connector routines is configured to receive responsive 28to said event being received by said data governance service a request to 29provide a first data object of said first type corresponding to said event to said 30data governance service, and to provide said first data object of said first type Page 8 of 28App. Serial No.: 15/488,125Atty. Docket No.: 0143-023D231to said data governance service, said data object of said first type originating from said first data source (Foley, [0008] Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy.  And [0086] preferably the collector provides (to the agent(s)) the one or more file access rules (of a policy) that are to be evaluated.  This architecture provides a further significant advantage by enabling the file access rules to be processed on the file server itself). Examiner notes that Foley teaches a file monitoring and auditing system with policy specific to the file systems or data source i.e. first data source, second data source. 

		[a network adapter electrically coupled to establish a network connection] to a data 6governance service over a wide-area network (WAN) (Liu, see Fig. 1, Data Governance System 130 (i.e. data governance service), Client Computing System 102 connection through network 103. And Col. 5 lines 11-14, the data governance system can be part of a cloud computing system. And Col. 5 lines 7-10, Network 103 may include, for example, …, a wide area network (WAN), a global area network (GAN) such as the Internet).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Liu in the file monitoring and auditing system of Foley by delivering data governance service such as anomaly detection over a public internet between data governance system and client computing systems. This would have been obvious because the person having ordinary skill in the art would have been motivated to implement Foley’s system for an enterprise system with public network as suggested by Liu for cloud-based services delivered over a public internet (i.e. public WAN) using information across several users in a collaborative and dynamic environment (Liu, Col. 3 lines 55-67 and Fig. 1).

[a second one of said plurality of particular data sources includes second source 23data of a second type different than said first type; 24a first one of said source connector routines is compatible with said first data 25source], but not said second data source; [26a second one of said source connector routines is compatible with said second data source], but not said first data source (John, [0056] The manner of obtaining the data from event log 30 depends on the type of software used to create and maintain event log 30.  For example, if an authentication service 26 is used to create and maintain event log 30, and is implemented using a Microsoft brand operating system, such as Microsoft Windows Server 2003, that provides the Active Directory software application, then control software 58 includes program code that uses the SMB protocol to obtain event log 30 from authentication service 26).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of John in the file monitoring and auditing system of Foley-Liu by using software program that is compatible with software type that generates the event logs. This would have been obvious because the person having ordinary skill in the art would have been motivated to use compatible software to obtain the event logs for network traffic monitoring (John, [Abstract], [0056]).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MICHAEL M LEE/Examiner, Art Unit 2436   

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436