Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Introduction
This office action is in response to Applicant’s communication filed via RCE on 3/05/2021. Claims 1-8 and 10-20 are pending in the application and have been examined. Claims 1, 3-4, 8, 14, 16-17 and 19 have been amended. 

Continued Examination under 37 CFR 1.114
         A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office Action has been withdrawn pursuant to 37 CFR 1.114.   Applicant’s submission filed on 3/05/2021 has been entered.
 
Response to Arguments
Applicant’s arguments on 35 U.S.C 103:
Applicant’s arguments filed 3/05/2021 have been fully considered.
Applicant Argument #1:
Applicant argues that: “Neither Bhatti nor Himmel are directed to a system for security classification of data requests received (i) from a plurality of data request 
Examiner Response to Argument #1:
The examiner respectfully disagrees.
1-  Bhatti teaches receive requests that require access to data stored within the trusted internal computing network (Col 5, lines 34-36 - the users can access Web pages located at remote sites of the Intranet 13; and Fig. 4 - The access request classification system 100 receives access requests from users) (i) from a plurality of data request channels including electronic mail, telephone, online platform (Col 4, lines 18-25, 45-60 and Fig. 1 –  the data service system 20 is connected to a number of user terminals 11a-n via an interconnect network 12. The interconnect network 12 can be any known network, such as Ethernet, ISDN, T-1 or T-3 link, FDDI, cable or wireless LMDS network, or telephone line network in order to provide a plurality of services to the users such as email, web, web TV, news, web e-commerce, etc.) 
2- Bhatti teaches receive requests that require access to personal data (Para 0119 – Jane Smith, Joe Blow, and Mike Walker may access to a particular personal document of a user, who is owner the document) stored within the trusted internal computing network (Fig. 1b – client devices 102 access to resource data 112 that is stored in resource server 110 via local network LAN 116) (i) from a plurality of data request channels including mobile application (Para 0105 – In one method according to FIG. 5, receiving a request for access to a resource (112) includes a URI (508). Typically, the URI (508) originates from a hyperlink (506) in a web page (504) in a communications application (104) in a client device (102). The communications application can be, for example, a web-enabled cell phone). One skilled in the art would readily understand that a mobile application is a computer program or software application designed to run on a mobile device such as a smartphone or tablet computer, etc. So, Bhatti teaches that the request is received from a plurality of data request channels that including mobile application)
		So, from (1) and (2), a combination of Bhatti and Himmel is directed to a system for security classification of data requests received (i) from a plurality of data request channels including electronic mail, telephone, online platform, and mobile application.
Applicant Argument #2:
Other arguments of the applicant, see pages 9-14, filed on 3/05/2021, with respect to the rejection(s) of claims 1-8 and 10-20 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Midboe Publication No, US 2016/0350674 A1. 





Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-5, 7, 9-11, 13-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bhatti et al. Patent No. US 6,304,906 B1 (Bhatti hereinafter) in view of Himmel et al. Publication No, US 2008/0244697 A1 (Himmel hereinafter) and Midboe Publication No, US 2016/0350674 A1 (Midboe hereinafter).

Regarding claim 1,
Bhatti teaches a system for data security, the system comprising: a trusted internal computing network (Fig. 1 – intranet 13); and a computing platform including a memory and at least one processor in communication with the memory, wherein the memory stores instructions that are executable by the at least processor and configured to:
receive requests that require access to […] data stored within the trusted internal computing network (Col 5, lines 34-36 - the users can access Web pages located at remote sites of the Intranet 13; and Fig. 4 - The access request classification system 100 receives access requests from users) (i) from a plurality of data request channels including electronic mail, telephone, online platform (Col 4, lines 18-25, 45-60 and Fig. 1 –  the data service system 20 is connected to a number of user terminals 11a-n via an interconnect network 12. The interconnect network 12 can be any known network, such as Ethernet, ISDN, T-1 or T-3 link, FDDI, cable or wireless LMDS network, or telephone line network in order to provide a plurality of services to the users such as email, web, web TV, news, web e-commerce, etc.) 
determine (i) an entity associated with the request (Col 7, lines 37-52 – the user associated with the request, i.e. the sender, is determined by the request classifier 110 from the IP address of the request), (ii) an origin associated with the entity (Col 7, lines 37-65 – origin associated with the sender, for example: , and (v) one or more data elements that are required to be accessed, changed, deleted or used based on the request (Col 8, lines 16-24 – the URL address of an access request typically includes a host address and a pathname. The pathname is used to access a particular page (or a portion of data) within that content site. This is important because in this case, the data service system 20 can treat some content more important than other content).
Implement a rules-based engine to determine and assign a data security classification to the request (Abstract – The user access request classification system includes a request classifier that classifies each of the access requests into one of a plurality of classes based on a predetermined classification policy; and Col 7, lines 30-52 – The proxy servers may be used to enhance security of accesses to and from the user terminals, i.e. the proxy servers may assign a data security classification to user access requests) based on the determined (i) entity associated with the request, (ii) origin associated with the entity, and (v) one or more […] data elements that are required to be accessed, changed, deleted or used based on the request (Col 7, lines 30-67 and Col. 8, lines 1-24 – based on the determined information from sender IP address/cookie/browser (such as the sender; user device information, location of the sender information; content serves associated with the data being accessed; and content site for accessing), the request classifier 110 classifies the access requests received into various classes).
route the request in accordance with the assigned data security classification to a data security classification-specific response processing queue (Col 8, lines 25-40 - the classified access requests from the request classifier 110 are then routed to and stored in the corresponding queues 111-111n. These queues 111-111n are buffers for storing the classified access requests so that they can be accepted by the connection manager 114 for processing in accordance with a predetermined scheduling policy).
wherein the instructions are executed prior to or in-line with a point of entry to the trusted internal computing network (Col 5, lines 9-12 – the firewall 23 controls access to and from between the users and the trusted network Intranet 13. Because a point of entry firewall 23 is located inside of the system 20 (see Fig. 2), so all the above instructions, that are executed by the system 20, are executed prior to or in-line with firewall to the trusted network intranet).
Bhatti does not explicitly teach 

receive requests that require access to personal data stored within the trusted internal computing network (i) from a plurality of data request channels including mobile application and (ii) in a plurality of formats including text format and audio format.

for each request received: format and structure the request into a standardized format;
in response to formatting and structuring the request into a standardized format, determine (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data and (iv) one or more owner of the personal data being accessed, changed, deleted or used.

assign a data security classification to the request based on the determined (iii) one or more types of action associated with the request and (iv) one or more owner of the personal data being accessed, changed, deleted or used.

Himmel teaches:

receive requests that require access to personal data (Para 0119 – Jane Smith, Joe Blow, and Mike Walker may access to a particular personal document of a user, who is owner the document) stored within the trusted internal computing network (Fig. 1b – client devices 102 access to resource data 112 that is stored in resource server 110 via local network LAN 116) (i) from a plurality of data request channels including mobile application (Para 0105 – In one method according to FIG. 5, receiving a request for access to a resource (112) includes a URI (508). Typically, the URI (508) originates from a hyperlink (506) in a web page (504) in a communications application (104) in a client device (102). The communications application can be, for example, a web-enabled cell phone).

determine (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data, (iv) one or more owner of the personal data being accessed, changed, deleted or used; and assign a data security classification to the request based on the determined (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data, (iv) one or more owner of the personal data being accessed, changed, deleted or used (Para 0094 – one or more types of action associated with a access request may be determined and assigned a data security classification. For example, Jane Smith, Joe Blow, and Mike Walker may access to a particular personal document of a user, who is owner the document, wherein the requests may classed into “read” request (Jane and Joe's requests), “write” request (Mike's request) or “execute” request (owner's request) based on a particular action associated with the request, wherein a security object granting access to the document having only `read` authorization level would not changing data action, deleting data action, etc. of “write” and “execute” authorization level).

Midboe teaches:

receive requests (Para 0034 and Fig. 2 – request management tool 202 receives one or more service requests 224A-N, each of which comprises a description 226A-N of the service request) (ii) in a plurality of formats including text format and audio format (Para 0043 – A user may describe a service request to a service system. In a web-based service system, the description may be typed, entered, etc., into a freeform text box. In a phone-based service system, or other auditory system (e.g., an Integrated Voice Response (IVR) system), a user may speak into a receiver or microphone enabled computer device).

for each request received: format and structure the request into a standardized format (Para 0044 – entered text or converted speech-to-text may be formatted as an HTML form and submitted to request management system).

in response to formatting and structuring the request into a standardized format, determine one or more types of action associated with the request (Para 0049 – a logistic regression is run (e.g., by regression component 208 of learning tool 204 shown in FIG. 2) to determine a best classification (e.g., a personnel, service queue, help desk, etc., to which to direct a request) for the request).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Midboe. The motivation for doing so is to intelligent service request learning based on a single request input from a user (Midboe, Para. [0001]).  

Regarding claim 2, the system of claim 1,
Bhatti teaches
wherein the point of entry further comprises: a firewall that monitors and controls network traffic (i) inbound to the trusted internal computing network from an untrusted external computing network, and (ii) outbound from the trusted internal computing network to the untrusted external computing network based on predetermined security rules (Col 5, lines 9-12 and Fig. 2 – the firewall 23  firewall 23 is located inside of  the system 20 to control access to and from between the users and the trusted network Intranet 13; and Col 7 lines 30-52 - wherein the request classifier 110 of the system 20 classifies the access requests received into various classes and controls the traffics based on predetermined classification policy).
wherein the instructions are executed prior to or in-line with the firewall monitoring and controlling the network traffic (Fig. 2 – firewall 23 is located inside of  the system 20, so all the above instructions, that are executed by the system 20, are executed prior to or in-line with firewall to the trusted network intranet).

Regarding claim 3, the system of claim 1,
Bhatti teaches
wherein the instructions further comprise machine learning instructions configured to progressively learn information including at least one selected from the group of (i) an entity associated with the request, (ii) an origin associated with the entity, (iii) one or more owner of the personal data being accessed (iv) a one or more types of action associated with the request, and (v) one or more personal data elements that are required to be accessed based on the request (Col 7, lines 37-52 and Col 8 lines16-24 – the unique sender IP address of the user and/or contents accessed information of the access request is selected in order to classify the request by the access request classifier 110).

Regarding claim 4, the system of claim 3,
Bhatti teaches
wherein the instructions are further configured to determine at least one selected from the group of (i) an entity associated with the request, (ii) an origin associated with the entity, (iii) one or more owner of the personal data being accessed (iv) a one or more types of action associated with the request, and (v) one or more personal data elements that are required to be accessed based on the request  (Col 7, lines 37-52 and Col 8 lines16-24 – the unique sender IP address of the user and/or contents accessed information of the access request is determined in order to classify the request by the access request classifier 110).

Regarding claim 5, the system of claim 3,
Bhatti teaches
wherein the machine learning instructions are further configured to progressively learn data security classifications to assign to a request based on previous execution of the machine learning instructions (Col 7, lines 30-52 – based on the determined sender IP address and/or contents accessed information of the access request previous execution, the request classifier 110 classifies the access requests received into various classes). 


Regarding claim 7, the system of claim 1,
Bhatti does not explicitly teach 

wherein the instructions are further configured to receive the request by intercepting a voice call in which a caller provides the request.

Midboe teaches:

wherein the instructions are further configured to receive the request by intercepting a voice call in which a caller provides the request (0043 – A user may describe a service request to a service system. In a web-based service system, the description may be typed, entered, etc., into a freeform text box. In a phone-based service system, or other auditory system (e.g., an Integrated Voice Response (IVR) system), a user may speak into a receiver or microphone enabled computer device).

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Midboe. The motivation for doing so is to intelligent service request learning based on a single request input from a user (Midboe, Para. [0001]).  

Regarding claim 10, the system of claim 1,
Bhatti teaches
wherein the instructions further comprise machine learning instructions configured to progressively learn routing information based on previous responses processed by the instructions (Col 8, lines 25-40 - based on previous responses processed by the instructions of classification the access requests, the classified access requests from the request classifier 110 are then stored in the corresponding queues 111-111n, wherein each queue corresponds to one or more of the classes specified by the predetermined classification policy).

Regarding claim 11, the system of claim 10,
Bhatti teaches
wherein the instructions are further configured to determine a routing for the response based on the learned routing information (Col 8, lines 25-40 - based on previous responses processed by the instructions of classification the access requests, the classified access requests from the request classifier 110 are then stored in the corresponding queues 111-111n, wherein each queue corresponds to one or more of the classes specified by the predetermined classification policy. These queues 111-111n are buffers for storing the classified access requests so that they can be accepted by the connection manager 114 for processing in accordance with a predetermined scheduling policy).

Regarding claim 13, the system of claim 1,
Bhatti teaches
wherein the instructions are further configured to receive the request from an entity external to the trusted internal computing network or from an entity internal to the trusted internal computing network (Col 5, lines 34-36 - the users can access Web pages located at remote sites of the Intranet 13; and Fig. 4 - The access request classification system 100 receives access requests from users).

Regarding claim 14,
Bhatti teaches an apparatus configured for data security, the apparatus comprising: a computing platform including a memory and at least one processor in communication with the memory, wherein the memory stores instructions that are executable by the at least processor and configured to:
receive requests that require access to […] data stored within the trusted internal computing network (Col 5, lines 34-36 - the users can access Web pages located at remote sites of the Intranet 13; and Fig. 4 - The access request classification system 100 receives access requests from users) (i) from a plurality of data request channels including electronic mail, telephone, online platform (Col 4, lines 18-25, 45-60 and Fig. 1 –  the data service system 20 is connected to a number of user terminals 11a-n via an interconnect network 12. The interconnect network 12 can be any known network, such as Ethernet, ISDN, T-1 or T-3 link, FDDI, cable or wireless LMDS network, or telephone line network in order to provide a plurality of services to the users such as email, web, web TV, news, web e-commerce, etc.) 
determine (i) an entity associated with the request (Col 7, lines 37-52 – the user associated with the request, i.e. the sender, is determined by the request classifier 110 from the IP address of the request), (ii) an origin associated with the entity (Col 7, lines 37-65 – origin associated with the sender, for example: user device information, location of the sender information, etc., is determined by the request classifier 110 from the cookie/ browser or IP address of the request), and (v) one or more [,,,] data elements that are required to be accessed, changed, deleted or used based on the request (Col 8, lines 16-24 – the URL address of an access request typically includes a host address and a pathname. The pathname is used to access a particular page (or a portion of data) within that content site. This is important because in this case, the data service system 20 can treat some content more important than other content).
Implement a rules-based engine to determine and assign a data security classification to the request (Abstract – The user access request classification system includes a request classifier that classifies each of the access requests into one of a plurality of classes based on a predetermined classification policy; and Col 7, lines 30-52 – The proxy servers may be used to enhance security of accesses to and from the user terminals, i.e. the proxy servers may assign a data security classification to user access requests) based on the determined (i) entity associated with the request, (ii) origin associated with the entity, and (v) one or more […] data elements that are required to be accessed, changed, deleted or used based on the request (Col 7, lines 30-67 and Col. 8, lines 1-24 – based on the determined information from sender IP address/cookie/browser (such as the sender; user device information, location of the sender information; content serves associated with the data being accessed; and content site for accessing), the request classifier 110 classifies the access requests received into various classes).
route the request in accordance with the assigned data security classification to a data security classification-specific response processing queue (Col 8, lines 25-40 - the classified access requests from the request classifier 110 are then routed to and stored in the corresponding queues 111-111n. These queues 111-111n are buffers for storing the classified access requests so that they can be accepted by the connection manager 114 for processing in accordance with a predetermined scheduling policy).
wherein the instructions are executed prior to or in-line with a point of entry to the trusted internal computing network (Col 5, lines 9-12 – the firewall 23 controls access to and from between the users and the trusted network Intranet 13. Because a point of entry firewall 23 is located inside of  the system 20 (see Fig. 2), so all the above instructions, that are executed by the system 20, are executed prior to or in-line with firewall to the trusted network intranet).
Bhatti does not explicitly teach 

receive requests that require access to personal data stored within the trusted internal computing network (i) from a plurality of data request channels including mobile application and (ii) in a plurality of formats including text format and audio format.

for each request received: format and structure the request into a standardized format;
in response to formatting and structuring the request into a standardized format, determine (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data and (iv) one or more owner of the personal data being accessed, changed, deleted or used.

assign a data security classification to the request based on the determined (iii) one or more types of action associated with the request and (iv) one or more owner of the personal data being accessed, changed, deleted or used.

Himmel teaches:

receive requests that require access to personal data (Para 0119 – Jane Smith, Joe Blow, and Mike Walker may access to a particular personal document of a user, who is owner the document) stored within the trusted internal computing network (Fig. 1b – client devices 102 access to resource data 112 that is stored in resource server 110 via local network LAN 116) (i) from a plurality of data request channels including mobile application (Para 0105 – In one method according to FIG. 5, receiving a request for access to a resource (112) includes a URI (508). Typically, the URI (508) originates from a hyperlink (506) in a web page (504) in a communications application (104) in a client device (102). The communications application can be, for example, a web-enabled cell phone).

determine (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data, (iv) one or more owner of the personal data being accessed, changed, deleted or used; and assign a data security classification to the request based on the determined (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data, (iv) one or more owner of the personal data being accessed, changed, deleted or used (Para 0094 – one or more types of action associated with a access request may be determined and assigned a data security classification. For example, Jane Smith, Joe Blow, and Mike Walker may access to a particular personal document of a user, who is owner the document, wherein the requests may classed into “read” request (Jane and Joe's requests), “write” request (Mike's request) or “execute” request (owner's request) based on a particular action associated with the request, wherein a 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Himmel. The motivation for doing so is to have improved ways of choosing and using security control data to secure resources through computer systems (Himmel, Para. [0007]).  
Midboe teaches:

receive requests (Para 0034 and Fig. 2 – request management tool 202 receives one or more service requests 224A-N, each of which comprises a description 226A-N of the service request) (ii) in a plurality of formats including text format and audio format (Para 0043 – A user may describe a service request to a service system. In a web-based service system, the description may be typed, entered, etc., into a freeform text box. In a phone-based service system, or other auditory system (e.g., an Integrated Voice Response (IVR) system), a user may speak into a receiver or microphone enabled computer device).

for each request received: format and structure the request into a standardized format (Para 0044 – entered text or converted speech-to-text may be formatted as an HTML form and submitted to request management system).

in response to formatting and structuring the request into a standardized format, determine one or more types of action associated with the request (Para 0049 – a logistic regression is run (e.g., by regression component 208 of learning tool 204 shown in FIG. 2) to determine a best classification (e.g., a personnel, service queue, help desk, etc., to which to direct a request) for the request).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Midboe. The motivation for doing so is to intelligent service request learning based on a single request input from a user (Midboe, Para. [0001]).  

Regarding claims 15-17,
Claims 15-17 are analyzed and interpreted as an apparatus of claims 2-4.

Regarding claim 19,
Bhatti teaches a computer-implemented method for providing data security, the computer- implemented method is implemented by one or more processing devices and comprising:
receiving requests that require access to […] data stored within the trusted internal computing network (Col 5, lines 34-36 - the users can access Web pages located at remote sites of the Intranet 13; and Fig. 4 - The access request classification system 100 receives access requests from users) (i) from a plurality of data request channels including electronic mail, telephone, online platform (Col 4, lines 18-25, 45-60 and Fig. 1 –  the data service system 20 is connected to a number of user terminals 11a-n via an interconnect network 12. The interconnect network 12 can be any known network, such as Ethernet, ISDN, T-1 or T-3 link, FDDI, cable or wireless LMDS network, or telephone line network in order to provide a plurality of services to the users such as email, web, web TV, news, web e-commerce, etc.) 
determining (i) an entity associated with the request (Col 7, lines 37-52 – the user associated with the request, i.e. the sender, is determined by the request classifier 110 from the IP address of the request), (ii) an origin associated with the entity (Col 7, lines 37-65 – origin associated with the sender, for example: user device information, location of the sender information, etc., is determined by the request classifier 110 from the cookie/ browser or IP address of the request), and (v) one or more data elements that are required to be accessed, changed, deleted or used based on the request (Col 8, lines 16-24 – the URL address of an access request typically includes a host address and a pathname. The pathname is used to access a particular page (or a portion of data) within that content site. This is important because in this case, the data service system 20 can treat some content more important than other content).
determining, by a rules-based engine, a data security classification and assigning the data security classification to the request (Abstract – The user access request classification system includes a request classifier that classifies each of the access requests into one of a plurality of classes based on a predetermined classification policy; and Col 7, lines 30-52 – The proxy servers may be used to enhance security of accesses to and from the user terminals, i.e. the proxy servers may assign a data security classification to user access requests) based on the determined (i) entity associated with the request, (ii) origin associated with the entity, and (v) one or more […] data elements that are required to be accessed, changed, deleted or used based on the request (Col 7, lines 30-67 and Col. 8, lines 1-24 – based on the determined information from sender IP address/cookie/browser (such as the sender; user device information, location of the sender information; content serves associated with the data being accessed; and content site for accessing), the request classifier 110 classifies the access requests received into various classes).
routing the request in accordance with the assigned data security classification to a data security classification-specific response processing queue (Col 8, lines 25-40 - the classified access requests from the request classifier 110 are then routed to and stored in the corresponding queues 111-111n. These queues 111-111n are buffers for storing the classified access requests so that they can be accepted by the connection manager 114 for processing in accordance with a predetermined scheduling policy).
wherein the method is executed prior to or in-line with a point of entry to the trusted internal computing network (Col 5, lines 9-12 – the firewall 23 controls access to and from between the users and the trusted network Intranet 13. Because a point of entry firewall 23 is located inside of the system 20 (see Fig. 2), so all the above instructions, that are executed by the system 20, are executed prior to or in-line with firewall to the trusted network intranet).
Bhatti does not explicitly teach 

receiving requests that require access to personal data stored within the trusted internal computing network (i) from a plurality of data request channels including mobile application and (ii) in a plurality of formats including text format and audio format.

for each request received: formatting and structuring the request into a standardized format;
in response to formatting and structuring the request into a standardized format, determining (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data and (iv) one or more owner of the personal data being accessed, changed, deleted or used.

assigning a data security classification to the request based on the determined (iii) one or more types of action associated with the request and (iv) one or more owner of the personal data being accessed, changed, deleted or used.

Himmel teaches:

receiving requests that require access to personal data (Para 0119 – Jane Smith, Joe Blow, and Mike Walker may access to a particular personal document of a user, who is owner the document) stored within the trusted internal computing network (Fig. 1b – client devices 102 access to resource data 112 that is stored in resource server 110 via local network LAN 116) (i) from a plurality of data request channels including mobile application (Para 0105 – In one method according to FIG. 5, receiving a request for access to a resource (112) 

determining (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data, (iv) one or more owner of the personal data being accessed, changed, deleted or used; and assigning a data security classification to the request based on the determined (iii) one or more types of action associated with the request, wherein the types of action include accessing data, changing data, deleting data, using data, (iv) one or more owner of the personal data being accessed, changed, deleted or used (Para 0094 – one or more types of action associated with a access request may be determined and assigned a data security classification. For example, Jane Smith, Joe Blow, and Mike Walker may access to a particular personal document of a user, who is owner the document, wherein the requests may classed into “read” request (Jane and Joe's requests), “write” request (Mike's request) or “execute” request (owner's request) based on a particular action associated with the request, wherein a security object granting access to the document having only `read` authorization level would not changing data action, deleting data action, etc. of “write” and “execute” authorization level).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Himmel. The motivation for doing so is to have improved ways of choosing and using security control data to secure resources through computer systems (Himmel, Para. [0007]).  
Midboe teaches:

receiving requests (Para 0034 and Fig. 2 – request management tool 202 receives one or more service requests 224A-N, each of which comprises a description 226A-N of the service request) (ii) in a plurality of formats including text format and audio format (Para 0043 – A user may describe a service request to a service system. In a web-based service system, the description may be typed, entered, etc., into a freeform text box. In a phone-based service system, or other auditory system (e.g., an Integrated Voice Response (IVR) system), a user may speak into a receiver or microphone enabled computer device).

for each request received: formatting and structuring the request into a standardized format (Para 0044 – entered text or converted speech-to-text may be formatted as an HTML form and submitted to request management system).

in response to formatting and structuring the request into a standardized format, determining one or more types of action associated with the request (Para 0049 – a logistic regression is run (e.g., by regression component 208 of learning tool 204 shown in FIG. 2) to determine a best classification (e.g., a personnel, service queue, help desk, etc., to which to direct a request) for the request).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Midboe. The motivation for doing so is to intelligent service request learning based on a single request input from a user (Midboe, Para. [0001]).  

Regarding claim 20, 

Claim 20 is analyzed and interpreted as a computer-implemented method of claim 2.

Claims 6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Bhatti in view of Himmel and Midboe, and further in view of Satish Patent No. US 8,205,239 B1 (Satish hereinafter).

Regarding claim 6, the system of claim 5,
Bhatti does not explicitly teach 

wherein the instructions are further configured to determine the data security classification by predicting the data security classification based on at least one selected from the group of (i) the learned data security classifications, (ii) metadata included in the request, and (iii) composite metadata compiled within the trusted internal computing network.

Satish teaches:

wherein the instructions are further configured to determine the data security classification by predicting the data security classification based on at least one selected from the group of (i) the learned data security classifications, (ii) metadata included in the request, and (iii) composite metadata compiled within the trusted internal computing network (Col 2, lines 20-43 – when the access request of the user is for content from a network site of 

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Satish. The motivation for doing so is to adaptive applying of security policies for the access of network sites based on risk score of one or more users.


Regarding claim 18, the apparatus of claim 14,
Bhatti teach 

the machine learning instructions configured to progressively learn data security classifications to assign to a request based on previous execution of the machine learning instructions (Col 7, lines 30-52 – based on the determined sender IP address and/or contents accessed information of the access request previous execution, the request classifier 110 classifies the access requests received into various classes)

Bhatti does not explicitly teach 

wherein the instructions are further configured to determine the data security classification by predicting the data security classification based on at least one selected from the group of (i) the learned data security classifications, (ii) metadata included in the request, and (iii) composite metadata compiled within the trusted internal computing network.

Satish teaches:

wherein the instructions are further configured to determine the data security classification by predicting the data security classification based on at least one selected from the group of (i) the learned data security classifications, (ii) metadata included in the request, and (iii) composite metadata compiled within the trusted internal computing network (Col 2, lines 20-43 – when the access request of the user is for content from a network site of unknown security risk, the processor may select the security profile based on a security reputation of other users that have requested access to the network site. So, the risk score related to the access request of the user is predicted based on  security reputation information of other users that have the same access requests).

.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Bhatti in view of Himmel and Midboe, and further in view of Edwards et al. Patent No. US 10,554,809 B1 (Edwards hereinafter).

Regarding claim 8, the system of claim 7,
Bhatti does not explicitly teach 

wherein the instructions are further configured to determine (i), (ii), (iii), (iv) and (v) by (a) inputs provided by the caller during the voice call, (b) voice analysis processing, (c) a call origin location, and (d) machine learning processing.

Midboe teaches:

wherein the instructions are further configured to determine (i), (ii), (iii), (iv) and (v) by (a) inputs provided by the caller during the voice call, (b) voice analysis processing, and (d) machine learning processing (Para 0042-0043 – a user may speak into a receiver or microphone enabled computer device, and the speech of a user may be converted to text or any computer-readable language using any known voice-to-text algorithm; and a supervised machine learning algorithm is applied to a service request system which interprets a user's request).

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Midboe. The motivation for doing so is to intelligent service request learning based on a single request input from a user (Midboe, Para. [0001]).  
Edwards teaches:

wherein the instructions are further configured to determine (i), (ii), (iii), (iv) and (v) by (c) a call origin location (Col 6 lines 49-62 and Fig(s). 1, 11 – based on information of the requested call, LBS 113 determines the mobile device’s 

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Edwards. The motivation for doing so is to restrict and control the ability voice call of residents to communicate with non-residents that are located within geographic areas defined with the location-based service (Edwards, Abstract).


Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Bhatti in view of Himmel and Midboe, and further in view of Ling et al. Publication No. US 2018/0013730 A1 (Ling hereinafter).
- 29 -DOCS 123144-014UT1/2670836.1
Regarding claim 12, the system of claim 1,
Bhatti does not explicitly teach 

wherein the instructions are further configured to respond to the request by accessing a source of truth database to retrieve verified data elements associated with performing the request .

Ling teaches:

wherein the instructions are further configured to respond to the request by accessing a source of truth database to retrieve verified data elements associated with performing the request (Para 0018 and Fig. 1 - a requestor might submit a request to retrieve data from enterprise node 101 inside a trusted network as enterprise network 108. Based on security rules, the request can be denied or otherwise, the requested data can be accessed by the requestor; and Para 0019-0022 – the enterprise node 101 is a database server which stores security data as personally identifiable information (e.g., at a hospital, school, government agency, etc.) or other confidential information (e.g., trade secrets, agreements, customer or supplier information, financial information, national security information, etc.), wherein different users may have varying access privileges to the stored security data).

It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Bhatti to include the teachings of Ling. The motivation for doing so is to adaptive applying of security rules for the access private data that stored inside a trusted network.




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DA T. TON whose telephone number is (571)272-9956.  The examiner can normally be reached on Mon-Fri (9am-5pm).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Oscar A. Louie can be reached on 571-270-1684.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 

/DA T TON/Acting Patent Examiner of Art Unit 2445                                                                                                                                                                                                        

/YOUNES NAJI/Primary Examiner, Art Unit 2445