DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 12/29/2020.
Claims 1, 9 and 19 have been amended.
Claims 1-19 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 7/17/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Terminal Disclaimer
The terminal disclaimer filed on 7/17/2020 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Arguments
The double patenting rejection has been withdrawn as the terminal disclaimer has been approved and recorded.
The rejection under 35 U.S.C. 112(b) of claims 1-19 has been withdrawn as the claims have been amended.
Applicant's arguments filed on 12/29/2020 have been fully considered but they are not persuasive. 
Applicant argues on page 11 of the Remarks that there is not implicit or explicit disclosure in Lad that teach selectively applying the DLP security policies or the content blades on only certain type of data requests.  Examiner respectfully disagrees Lad does teach selectively applying the DLP security policies or the content blades on only certain type of data requests (Lad: column 4 lines 54-64; column 5 lines 5-11; and column 6 lines 53-54, “DLP uses existing content blades to identifying any sensitive portion of the data being sent out. The file containing sensitive data is then provided to the integrated encryption and/or tokenization agent, along with the location of the sensitive data in the file”… “the user may wish to only encrypt select portions of the data (for example, portions that are deemed sensitive)”… “only the identified/intercepted sensitive portion of the outgoing set of data is encrypted”, {Examiner notes: the user is selectively encrypt only sensitive data based on a particular policy of a plurality of policies is mapped to selectively applying the DLP profile to particular type of the determined function or activity})).  Therefore, Lad reference does teach the disputed limitation.
Applicant argues on page 11 of the Remarks that selectively applying its DLP security policies and content blades based on any functions or activities, or their equivalents. Lad simply blindly analyses all data requests emitted.  Examiner respectfully disagrees.  Lad does teach selectively applying its DLP security policies and content blades based on any functions or activities (Lad: column 4 lines 43-53; and column 5 lines 57-65, “the DLP agent includes capabilities of intercepting data that is exiting the system while being saved on 
Applicant further argues on page 11 of the Remarks that Lad is silent as to whether its content blades can be customized.  Examiner respectfully disagrees.  Lad does teach its content blades can be customized (Lad: column 6 lines 24-34, “the policy of the DLP agent can be configured to flag or identify files containing certain content (as described in applicable content blades) as sensitive, to consider movement of such files to outside of the machine as a policy violation, and to trigger a customized action in response to a policy violation. The customized action can invoke the DPM agent with the file name and location of sensitive data as input. The DPM agent can also use the DPM server to tokenize/encrypt the data as applicable”).  Therefore, Lad reference does teach the disputed limitation.
Applicant’s arguments with respect to claim(s) 1-19 have been considered but are moot.

Claim Objections
Regarding claims 3 and 13, these claims recite the limitations “to determine whether the file is password protected; and selectively applying the DLP profile to the content in the file if the file is password protected”.  It is unclear how the password of the file is identified and detected.  According to the Applicant’s specification, it discloses several places that discuss the password but nowhere in that specification discloses how the file is detected based on password protected.  Further clarification is required.
Claims 4 and 14 are objected to because of the following informalities:  these claims recite “include common sensitive string patterns, including multi-part string patterns and sub-string patters”.  They should be changed to “include common sensitive string patterns including multi-part string patterns and sub-string patterns”.  Appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 9-10, 12 and 19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Lad et al. (US 9917817) (hereinafter Lad).
Regarding claim 1, Lad discloses a computer-implemented method of monitoring and controlling enterprise information stored on a cloud computing service (CCS), the method including: using a cross-application monitor to determine a function or an activity being requested by a client via an application programming interface (API) of a cloud computing service (CCS), wherein the function or activity is determined based on parsing API data exchanged via the API of the CCS (Lad: column 4 lines 43-53; and column 5 lines 57-65, “the DLP agent includes capabilities of intercepting data that is exiting the system while being saved on universal serial bus (USB) devices, being sent out as emails, being uploaded to the cloud, etc. The DLP agent accomplishes this through a signed kernel module that injects a dynamic link library (DLL) into all processes running on the system. The injected DLL, in turn, is responsible for intercepting system-level application programming interface (API) calls made by the application to monitor the applications for actions leading to data being leaked out”); selectively applying a data loss prevention (DLP) profile to content associated with function or activity and being downloaded to the client or uploaded to the CCS based on at least the determined function or activity such that the DLP profile is applied when the determined function or activity is of type that indicates that the API data contains inspectable content being transmitted by the determined function or activity (Lad: column 4 lines 54-64; column 5 lines 5-11; and column 6 lines 53-54, “DLP uses existing content blades to identifying any sensitive portion of the data being sent out. The file containing sensitive data is then provided to and not applied when the determined function or activity is of type that indicates that the API data does not contain the inspectable content (Lad: column 5 lines 5-11, “the user may wish to only encrypt select portions of the data (for example, portions that are deemed sensitive).”, {Examiner notes: the data portions that are not sensitive, DLP policy in this situation will not apply is mapped to not applied when the determined function or activity is of type that indicates that the API data does not contain the inspectable content }), wherein the DLP profile is configured with custom inspection rules that use predefined data identifiers and custom data identifiers (Lad: column 6 lines 5-10; and column 6 lines 25-28, “the user can choose a symmetric key encryption algorithm, its mode and key size depending on the symmetric key encryption schemes implemented”); identifying information in the content that is deemed sensitive by the DLP profile as result of finding string matches for at least one of the predefined data identifiers and the custom data identifiers (Lad: column 6 lines 28-34, “to flag or identify files containing certain content (as described in applicable content blades) as sensitive, to consider movement of such files to outside of the machine as a policy violation, and to trigger a customized action in response to a policy violation”); and triggering a security action to prevent exfiltration of the sensitive information (Lad: column 6 lines 28-60, “to consider movement of such files to outside of the machine as a policy violation, and to trigger a customized action in response to a policy violation”… “when the DLP agent 209 intercepts sensitive outgoing data (for example, outgoing data directed towards the storage provider 214), the integrated application 206 triggers a mechanism to filter out the intercepted sensitive data and tokenizes or encrypts the intercepted sensitive data using the DPM agent 207”. {Examiner notes: Encrypting the intercepted sensitive data is mapped to triggering the security action to prevent exfiltration of the sensitive information.  The encrypted sensitive data only reveals the decrypted sensitive data to only authorized entities}).
Regarding claim 9, claim 9 discloses a method claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 9 and rejected for the same reasons.
Regarding claim 19, claim 19 discloses a medium claim that is substantially equivalent to the method of claim 1.  Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 19 and rejected for the same reasons.
Regarding claims 2 and 12, Lad discloses including: using the cross-application monitor to determine a file type of a file for which the function or the activity is being requested (Lad: column 4 lines 54-64; column 5 lines 5-11; and column 6 lines 53-54, “the user may wish to only encrypt select portions of the data (for example, portions that are deemed sensitive)”… “only the identified/intercepted sensitive portion of the outgoing set of data is encrypted”); and selectively applying the DLP profile to the content in the file based on at least the determined file type 
Regarding claim 10, Lad discloses wherein the security action is further restricting access of files that contain the sensitive information (Lad: column 6 lines 24-34, “to flag or identify files containing certain content (as described in applicable content blades) as sensitive, to consider movement of such files to outside of the machine as a policy violation, and to trigger a customized action in response to a policy violation. The customized action can invoke the DPM agent with the file name and location of sensitive data as input. The DPM agent can also use the DPM server to tokenize/encrypt the data as applicable”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Lad in view of Tsai et al. (US 20140344573) (hereinafter Tsai).
Regarding claim 3, Lad does not explicitly disclose the following limitations which are disclosed by Tsai, further including: using the cross-application monitor to determine whether the file is password protected (Tsai: paragraphs 0040 and 0043, “monitor and determine by password collecting module 30 as to whether the application is executing a file encryption procedure. Go to block 204 when the determination is affirmative”); and selectively applying the DLP profile to the content in the file if the file is password protected (Tsai: paragraphs 0053-0054, “determine preliminarily by DLP module 40 as to whether to attempt to decrypt (for example, by comparing meta data of encrypted files and meta data of passwords collected by password collecting module 30) with the passwords collected by password collecting module 30 according to the identified meta data of the encrypted files. Go to block 404 to attempt to decrypt when the determination is affirmative, otherwise go to block 450 to execute a predetermine policy, for example, refusing to send the encrypted files to extranet 50, or sending messages to request encrypted file senders to provide passwords”).  Lad and Tsai are analogous art because they are from the same field of endeavor, data protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Lad and Tsai before him or her, to modify the system of Lad to include the policy which prevents the content of the file being sent of Tsai.  The suggestion/motivation for doing so would have been to provide data leakage protection (Tsai: paragraph 0002).

Claims 4-8 and 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Lad in view of Hastings (US 9197628) hereinafter Hastings).
Regarding claims 4 and 14, Lad does not explicitly disclose the following limitations which are disclosed by Hastings, wherein the predefined data identifiers include common sensitive string patterns including multi-part string patterns and sub-string patterns (Hastings: column 10 lines 40-51, “a regular expression of the sensitive information or a string that should be matched in the content of the requests or command. The following are exemplary regular expressions that may be used to identify the existence of a credit card number or a social security number within a field: Visa Credit Card Numbers: ^4[0-9][12](?:[0-9][3])?$ Master Card Credit Card Numbers: ^5[1-5][0-9][14]$ Social Security Number (SSN): ^([[:digit:]] [3][-][[:digit:]][2][-][[:digit:]][4]|[[:digit:]][9])$”).  Lad and Hastings are analogous art because they are from the same field of endeavor, data protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Lad and Hastings before him or her, to modify the system of Lad to include the regular expressions are configured to detect existence of one or more forms of sensitive information of Hastings. The suggestion/motivation for doing so would have been to prevent accidental or intentional dissemination of confidential or sensitive documents and/or information to unauthorized users (Hastings: column 3 lines 24-26).
Regarding claims 5 and 15, Lad does not explicitly disclose the following limitations which are disclosed by Hastings, wherein the custom data identifiers include custom string patterns and regular expressions (Hastings: column 10 lines 35-67, “Each sensor may also include or otherwise be associated with an action that should be applied to the traffic if the string or regular expression is matched. The different actions may be defined based on the sensitivity levels of the data. For the most sensitive data leak, the traffic may be blocked. Other actions, such as logging or passing the data traffic may be taken for less sensitive data. The action may be applied 
Regarding claims 6 and 16, Lad as modified discloses wherein the regular expressions support a plurality of string match pattern operators
Regarding claims 7 and 17, Lad as modified discloses wherein the regular expressions support a plurality of string match count operators (Hastings: column 2 lines 43-55; and column 10 lines 35-67, “The DLP rule is defined in terms of a regular expression and/or a string that are configured to detect existence of one or more forms of sensitive information carried by the packets” … “Each sensor may also include or otherwise be associated with an action that should be applied to the traffic if the string or regular expression is matched”, {Examiner notes, the regular expressions support the plurality of metacharacter match pattern operators (see https://en.wikipedia.org/wiki/Regular_expression)}).  The same motivation to modify Lad in view of Hastings, as applied in claim 5 above, applies here.
Regarding claims 8 and 18, Lad as modified discloses wherein the regular expressions support a plurality of metacharacter match pattern operators (Hastings: column 2 lines 43-55; and column 10 lines 35-67, “The DLP rule is defined in terms of a regular expression and/or a string that are configured to detect existence of one or more forms of sensitive information carried by the packets” … “Each sensor may also include or otherwise be associated with an action that should be applied to the traffic if the string or regular expression is matched”, {Examiner notes, the regular expressions support the plurality of metacharacter match pattern operators (see https://en.wikipedia.org/wiki/Regular_expression)}).  The same motivation to modify Lad in view of Hastings, as applied in claim 5 above, applies here.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Lad in view of Distelberg et al. (US 5452460) (hereinafter Distelberg).
Regarding claim 11, Lad does not explicitly disclose the following limitation which is disclosed by Distelberg, wherein the security action is modifying ownership of files that contain the sensitive information (Distelberg: column 7 lines 15-34, “access permission and ownership of the file is immediately and atomically changed to allow only the authorized user to read and write to the pty slave file. Additionally, any user within a group of users defined by the operating system of the host computer may write to the open pty slave file. Symbolically, the kernel changes the access permission from typically "rw.rw.rw." to "rw..w. . . . ". Furthermore, the kernel changes the pty slave file ownership from the current owner name, typically, but not necessarily "root" to the effective UID of a process presently requesting access to the file”).  Lad and Distelberg are analogous art because they are from the same field of endeavor, access protection. Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Lad and Distelberg before him or her, to modify the system of Lad to include changing ownership of the file of Distelberg. The suggestion/motivation for doing so would have been to only permit access to pty master and slave files when the status of those files fulfills certain conditions (rules). Additionally, the technique changes the permission codes and ownership of the pty slave file before any unauthorized process may attempt to open the same pty slave file (Distelberg: column 5 lines 22-35).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/TRANG T DOAN/Primary Examiner, Art Unit 2431