DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
Claims 1, 10, 19 have been amended.  Therefore, claims 1-3, 6-12 and 15-21 are pending.

Claim Objections 
Independent claims 1, 10, 19 are objected for the following informalities - 
The independent claims recite –
“one or more data items are moved from a production environment database”.  
At this point in the claim there are no indication that any items are still remains in the production environment database or if the production environment database comprise any data items whatsoever.
Claim further states – “the one or more data items in the production environment database” in the complete limitation – “compare the sanitized version of the one or more data items from the development environment database with the one or more data items in the production environment database”. Thus, there is insufficient antecedent basis for this limitation in the claim as it is not clear to what “the one or more data items that in the production environment database” are referring back to.  
The applicant advised to change the “moved from” to perhaps “copied from” and indicate that there are items still remained in the production database.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-3, 6-12 and 15-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over KUCHIBHOTLA et al. (US 2016/0092535) in view of Liden et al. (US 2016/0063269) and in further view of McDonald et al. (US 2006/0080554) and in further view of Surkatty (US 9,703,974).

Regarding claim 1, KUCHIBHOTLA teaches a system for monitoring lower level environment for unsanitized data, the system comprising: at least one non-transitory storage device; and at least one processing device coupled to the at least one non-transitory storage device, wherein the at least one processing device is configured to: 
continuously monitor data movement ([0079], [0095]-[0096], [0099], [0103]) between a production environment and a development environment ([0065], [0107], [0222]); 
receive an indication that one or more data items are moved from a production environment database in the production environment into a development environment database in the development environment ([0080], [0082], [0085]); 
implement one or more sanitization algorithms on the one or more data items that are moved from the production environment database to the development environment database ([0078], [0091], [0160]); 
generate a sanitized version of the one or more data items based on at least implementing the one or more sanitization algorithms ([0091]); 

initiate a retrieval query with the development environment database ([0182], [0185], [0196]); 
retrieve the sanitized version of the one or more data items from the development environment database based on at least the retrieval query ([0188], [0206]-[0207], where “The test master may therefore comprises a sanitized version of the production data” [0062] i.e. user can retrieve or search for the test master data, and some of the test master data clones have been sanitized, thus the user can retrieve the one or more sanitized data items); 





KUCHIBHOTLA does not explicitly teach, however Liden discloses –
retrieve the sanitized version of the one or more data items from the 
compare the sanitized version of the one or more data items from the 

retrieve matched data based on at least determining the match ([0089], [0093], [0095]-[0096]), 
transmit control signals configured to cause a user device associated with a user to display the matched data ([0089], [0093], [0095]-[0096]).
It would have been obvious to one of ordinary skill in the art at the time of invention to modify the teachings of KUCHIBHOTLA to include comparing data as disclosed by Liden.  Doing so would prevent from divulging the sensitive information to non-authorized individuals (Liden [0001]).

NOTE development environment database or production environment database are the intended use for any of the data storages.  Wherein there is no difference in functionality in comparing data from databases intended for different purposes.   The present invention requires sanitizing data moved from the production to a test database twice.  Such functionality is fully disclosed by McDonald as indicated below -
McDonald discloses retrieve the sanitized version of the one or more data items from the development environment database based on at least the retrieval query ([0045], [0057], [0067], [0163] as in some data in sanitized data set “produce a sanitized data set that meets his or her needs at that time. But the requester needs may change. Suppose, for instance, that requester requires that a previously un-restricted data item in the data set be sanitized because it has been re-classified as restricted”, wherein identifying such items in the sanitized dataset requires a search for such items i.e. “identifies the pieces of restricted data … that need to be sanitized” [0057]); 

compare the sanitized version of the one or more data items from the development environment database with the one or more data items in the production environment database ([0162]-[0163]); 
determine a match between the sanitized version of the one or more data items from the development environment database and the one orPage 3 of 11 more data items in the production environment database based on at least the comparing ([0162]-[0163]).
It would have been obvious to one of ordinary skill in the art at the time of invention to modify the teachings of KUCHIBHOTLA to include sanitize records twice as disclosed by McDonald.  Doing so would provide infrastructure used to deliver services to clients in the normal course of the environment's day-to-day activities (McDonald [0003]).

Further NOTE the limitation – “the matched data indicates a presence of unsanitized data in the development environment indicating a breach” is construed to be an intended use for the matched data.  Both Liden and McDonald teach identifying data in the sanitized set that needs to be re sanitized again. "An intended use or purpose usually will not limit the scope of the claim because such statements usually do no more than define a context in which the invention operates." Boehringer Ingelheim Vetmedica, Inc. v. Schering-Plough Corp., 320 F.3d 1339,1345 (Fed. Cir. 2003). Although "[s]uch statements often ... appear in the claim's preamble," a statement of intended use or purpose can appear elsewhere in a claim. See In re Stencel, 828 F.2d 751,754 (Fed. Cir. 1987). Here, determining a match for purposes of detecting a breach is indistinguishable from determining a match for some other purpose.
However, to merely obviate such reasoning, Surkatty teaches wherein the matched data indicates a presence of unsanitized data (C5L3-12) in the development environment indicating a breach (C3L41-42 “detecting a violation (e.g., of a condition of the rule)”, C4L65-67).


Further NOTE an analogous prior art Nachenberg et al. (US 2018/0268135) likewise discloses the matched data indicates a presence of unsanitized data in the development environment indicating a breach [0013], [0023], [0032].  It would have been obvious to one of ordinary skill in the art at the time of invention to modify the teachings of KUCHIBHOTLA to indicate a breach as disclosed by Nachenberg.  Doing so would provide the secure data application for breach monitoring (Nachenberg [0030]).

Claims 10 and 19 recite substantially the same limitations as claim 1, and is rejected for substantially the same reasons.

Regarding claims 2, 11 and 20, KUCHIBHOTLA as modified teaches the system, the method and the product, wherein the at least one processing device is further configured to: 
retrieve the one or more data items from the production environment database (McDonald [0037]-[0038], [0051], [0162]); and 
implement one or more sanitization algorithms on the one or more data items (Surkatty C9L4-9, see Table, C10L13-16McDonald [0057]-[0058]).  

Regarding claims 3 and 12, KUCHIBHOTLA as modified teaches the system and the method, wherein the at least one processing device is further configured to:

implement at least one of the one or more sanitization algorithms on the position of the one or more restricted data items, thereby restricting access to the one or more data items in the production environment database (McDonald [0059], [0067]-[0068], Surkatty C7L60-62, C9L4-9).  

Regarding claims 6 and 15, KUCHIBHOTLA as modified teaches the system and the method, wherein the at least one processing device is further configured to: 
implement a root cause analysis (Surkatty C11L38-39, 48-67, C12L44-62) to determine a source of the breach (Surkatty C13L7-20), wherein implementing further comprises determining one or more devices that have accessed the development environment database during a predetermined past period (Surkatty C11L48-52, C12L59-63, C13L7-20, 45-53, C8L43).  

Regarding claims 7 and 16, KUCHIBHOTLA as modified teaches the system and the method, wherein the at least one processing device is further configured to: 
generate an alert based on at least determining the match, wherein the alert comprises the matched data (Surkatty C4L14-18, McDonald [0046], [0153]) and the one or more devices that have accessed the development environment database during the predetermined past period (Surkatty C8L43, C11L48-52, C12L59-63, C13L7-20, 45-53, McDonald [0046], [0150]).  

Regarding claims 8 and 17, KUCHIBHOTLA as modified teaches the system and the method, wherein the at least one processing device is further configured to:

initiate the retrieval query with the development environment database to retrieve the one or more additional data items based on at least receiving the indication that the one or more additional data items have been added to the fir development environment database (Surkatty C11L33-40, C15L15-16, C10L61-62, C14L33-34, McDonald [0162]); and compare the one or more additional data items to the one or more data items (Surkatty C4L15-18, C8L41-49, C15L1-6) associated with the production environment (McDonald [0027]-[0028]) to determine the match (Surkatty C5L2-8, C8 see Table).  

Regarding claims 9 and 18, KUCHIBHOTLA as modified teaches the system and the method, wherein the at least one processing device is further configured to: 
automatically initiate the retrieval query (Surkatty C5L42-44, C6L35-40) with the development environment database (McDonald F1:104, [0010], [0062], [0167], Surkatty C6L19-22) at predetermined periodic intervals (Surkatty C7L4-5, C10L61-67);
determine one or more data items associated with the lower level environment that were not retrieved during the retrieval query initiated in a preceding period (Surkatty C10L7-51, C14L34-67, McDonald [0050]-[0051]); and 
compare the one or more data items that were not retrieved during the retrieval query initiated in the preceding period with the one or more data items (Surkatty C4L15-18, C8L41-49, C10L7-51, C15L1-6, McDonald [0051]-[0052], [0163]) associated with the production environment database (McDonald [0027]-[0028]) to determine the match (Surkatty C5L2-8, C8 see Table).  


retrieving the one or more data items from the production environment (McDonald F3, [0022]); and implementing one or more sanitization algorithms on the one or more records (McDonald F3, 5, [0030]-[0031], [0038] “sanitizer can perform real-time sanitization operations on a retrieved portion of the production data set prior to storage”, Surkatty C9L4-9, C10L2-3).

Response to Arguments
Applicant's arguments, filed 04/27/2021 and 05/06/2021, in regard to the presently amended claims are addressed in the updated rejections to the claims above.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aleksandr Kerzhner can be reached on 571-270-1760.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/POLINA G PEACH/Primary Examiner, Art Unit 2165                                                                                                                                                                                                        May 12, 2021