DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.
This Office action is in response to the amendment, arguments and remarks, filed on 4/12/2021, in which claims 1-28 are presented for further examination.
Claim(s) 1, 9, 17 and 28 has/have been amended.

Response to Amendments
Applicant’s amendment to claim 28 has been accepted.  The objection to the claim for informalities has been withdrawn.
Applicant’s amendments to claims 1, 9 and 17 have been accepted.  Support was found in at least [0061], [0062], [0072], [0101], [0102], [0120]-[0122] and [0651]-[0653] of the specification.

Response to Arguments
Applicant’s arguments with respect to claims 1-28, filed on 4/12/2021, have been fully considered but they are not persuasive.  Accordingly, this action has been made FINAL.

Applicant’s arguments, see the middle of page 10 of applicant’s remarks, filed on 4/12/2021, with respect to the rejections of claims 27 and 28 under 35 U.S.C. 112, first paragraph, have been fully considered and are persuasive.  The rejections of claims 27 and 28 have been withdrawn.
Note: Applicant argues that a prima facie rejection for enablement has not been made, see the middle of page 10 of applicant’s remarks, filed on 4/12/2021.  For clarity of the record, there was not a rejection for enablement.  There were only rejections under 35 U.S.C. 112, first paragraph, for new matter.  The specification is 105 pages long.  Applicant has repeatedly made extensive claim amendments and/or added new claims without citing support in the specification.  Applicant could have avoided the previous 35 U.S.C. 112, first paragraph, rejections as well as streamlined the prosecution by citing where applicant believes support is found for the claim amendments and/or additions.  In future responses, it is suggested that applicant cite where in the specification there is support for applicant’s claim amendments and/or additions to expedite prosecution.

Applicant’s arguments with respect to the rejections of claims 1-28 under 35 U.S.C. 103, see the bottom of page 10 to page 12 of applicant’s remarks, filed on 4/12/2021, have been fully considered but they are not persuasive.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s).  See, e.g., In re Berg, In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-28 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-22 of US 9,407,662 B2.  Although the claims at issue are not 
Application: 15/226,872
Patent: US 9,407,662
1.  A method comprising:


providing a plurality of rules to manage information of an information management system, wherein a first rule comprises a condition between a first entity and a second entity;

providing activity data stored in a log associated with the first entity, the second entity, and a third entity the activity data comprising:

a first activity data at a first time indicating sending of the e-mail from the first entity to the third entity; and





a second activity data at a second time indicating sending of the e-mail from the third entity to the second entity, wherein the first time and the second time are different;

inspecting at least the first rule to extract the condition between the first entity and the second entity;

analyzing the log for the first activity data and the second activity data to derive a relationship between the first entity and the second entity, wherein the relationship comprises:









a first correlation between sending of the e-mail from the first entity to the third entity as provided in the first activity data and sending of the e-mail from the third entity to the second entity as provided in the second activity data, the first correlation being based on the sending of the e-mail; and

detecting a potential satisfaction of the condition because of the first correlation in the relationship.


9.  Same as 1.

17.  Same as 1.
A method of operating an information management system comprising:

providing a plurality of rules to manage information of the information management system, wherein a first rule comprises a condition between a first entity and a second entity;

providing activity data stored in a log associated with the first entity, the second entity, and a third entity the activity data comprising:

a first activity data at a first time indicating attaching of a document to an e-mail by the first entity;

a second activity data at a second time indicating sending of the e-mail from the first entity to the third entity; and

a third activity data at a third time indicating sending of the e-mail from the third entity to the second entity, wherein the first time, the second time, and the third time are different;

inspecting at least the first rule to extract the condition between the first entity and the second entity;

analyzing the log for the first activity data, the second activity data, and the third activity data to derive a relationship between the first entity and the second entity, wherein the relationship comprises:



a second correlation between sending of the e-mail from the first entity to the third entity as provided in the second activity data and sending of the e-mail from the third entity to the second entity as provided in the third activity data, the second correlation being based on the sending of the e-mail; and

detecting a potential satisfaction of the condition because of the first correlation and the second correlation in the relationship.

14.  Same as 1.

15.  Same as 1.


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim(s) 17 and 19-24 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Microsoft Outlook, where the following screen capture shows that the copyright is between 1995-2003 (hereinafter “Outlook”) in view of Asakura, US 6,460,073 B1 .

    PNG
    media_image1.png
    491
    538
    media_image1.png
    Greyscale

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.


    PNG
    media_image2.png
    494
    625
    media_image2.png
    Greyscale

Outlook Figure 1

Claim 17
Outlook discloses a method comprising:
providing a plurality of rules to manage information of an information management system (Outlook, Fig. 1, where there are 2 rules displayed), wherein a first rule comprises a condition between a first user and a second user (Outlook, Fig. 1, where Rule 2 is between Hung Q. Pham [i.e., first user] and the user, Hubert G. Cheung [i.e., second user]);










providing activity data associated with the first user, the second user and the third user (Outlook, Fig. 1, where the first activity data are the e-mail activities associated with Hung Q. Pham, the second activity data are the e-mail activities associated with the user, Hubert G. Cheung, and the third activity data are the e-mail activities associated with Charles Kim, who is the third entity) the activity data comprising:
a first activity, data at a first time indicating drafting of an e-mail by the first user (Outlook, Fig. 2, where text is being pasted into an e-mail);
a second activity data, at a second time indicating sending of the e-mail from the first user to the third user (Outlook, Fig. 1, where Hung Q. Pham’s e-mail [i.e., first user] is sent to Charles Kim [i.e., third user] forwards the e-mail to Hubert G. Cheung [i.e., second user]);
a third activity data at a third time indicating sending of the e-mail from the third user to the second user (Outlook, Fig. 1, where Hung Q. Pham’s e-mail is forwarded to the user, Hubert G. Cheung), wherein the first time and the second time are different (Outlook, Fig. 1, where Hung Q. Pham’s e-mail is sent to Charles Kim [i.e., third entity] forwards the e-mail to Hubert G. Cheung [i.e., second entity], where forwarding takes time [i.e., different time]), and

inspecting at least a first rule to extract the condition between the first user and the second user (Outlook, Fig. 1, where the relationship between Hung Q. Pham [i.e., first user] and the user, Hubert G. Cheung [i.e., second user] must be gleaned from Rule 2 in order for Rule 2 to be executed);
analyzing the first activity data, the second activity data, and the third activity data to derive a relationship between the first user and the second user (Outlook, Fig. 1, where Rule 2 denotes the activity data between Hung Q. Pham [i.e., first user], the user, Hubert G. Cheung [i.e., second user] and Charles Kim [i.e., third user], which denotes the relationship wherein the relationship comprises:
a first correlation between drafting of the e-mail by the first user as provided in the first activity data and sending of the e-mail from the first user to the third user as provided in the second activity data, the first correlation being based on the first user (Outlook, Fig. 1, where Rule 2 evaluates this condition); and
a second correlation between sending of the e-mail from the first user to the third user as provided in the second activity data and sending of the e-mail from the third user to the second user as provided in the third activity data, the second correlation being based on the sending of the e-mail (Outlook, Fig. 1, where Rule 2 evaluates this condition); and

detecting a potential satisfaction of the condition because of the first correlation in the relationship (Outlook, Fig. 1, where there is satisfaction of the conditions when Rule 2 is actually executed); and

On the other hand, Asakura discloses controlling document usage, based on first and second information usage rules of the plurality of rules (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is comprising:
intercepting a first e-mail being sent from the first user to a third user (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail);
evaluating the first information usage rule to determine, based on the first user and the third user, whether to allow sending the first e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
determining, based on evaluating the first information usage rule, to allow sending the first e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
storing in a log that the sending of the first e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users);
intercepting a second e-mail being sent from the third user to the second user (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail);
evaluating the second information usage rule to determine, based on the third user and the second user, whether to allow sending the second e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
determining, based on evaluating the second information usage rule, to allow sending the second e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email); and
storing in the log that the sending of the second e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users); and
after determining to allow sending the first e-mail and the second e-mail (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail), determining whether an activity data correlation rule of the plurality of rules has been satisfied (Asakura, Claim 7, see transfer propriety data and the access intervals which correspond to average values of intervals);
corresponding to a first log entry that the sending of the first e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users and see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
corresponding to a second log entry that the sending of the second e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users and see transfer proprietary data which indicates whether or not it is appropriate to transfer the email).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Asakura’s 
On the other hand, Agbabian discloses stored in a log (Agbabian, Col. 23, lines 45-55, see viewing log and alert events); and
based on the detected potential satisfaction of the condition, automatically implementing a remedial action of at least one of: implementing a policy in the information management system, disallowing a user from connecting to the information management system, or restricting a user from being allowed to perform certain actions to information managed by the information management system (Agbabian, Col. 26, lines 58-65, see policy, set of specific conditions the policy applies and the specific rules or actions to be applied when those conditions are met), and
the activity data is generated from one or more policy enforcers installed as at least one of add-ins, plug-ins, scripts, macros, libraries, or extension programs on computing devices used to send the e-mail from the first entity to the third entity or from the third entity to the second entity (Agbabian, Col. 10, lines 23-42, see security management agent and the use of a library for the security event package, where “used to send the e-mail from the first entity to the third entity or from the third entity to the second entity” is intended use).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate 
On the other hand, Neiditsch discloses the second entity is outside an organization of the first user and the third user (Neiditsch, abstract, see external users; and Neiditsch, [0097], see inferring document permissions and, thus, the permissions of internal and external users).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Neiditsch’s teachings to the combination of Outlook, Asakura and Agbabian.  A skilled artisan would have been motivated to do so in order to have an easy-to-use and low-effort electronic filing solution with built-in safeguards to promote accurate, comprehensive and secure filing of content, see Neiditsch, [0031].  In addition, both/all of the references (Outlook, Asakura, Agbabian and Neiditsch) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.

Claim 19
With respect to claim 19, the combination of Outlook, Asakura, Agbabian and Neiditsch discloses wherein automatically implementing the remedial action comprises transforming, based on the relationship between the first entity and the second entity, a second policy to generate a transformed second policy (Agbabian, Col. 66, lines 4-19, see time when the rule wherein before transformation of the second policy, a first access attempt to information managed by the information management system is allowed upon evaluation of the second policy and after transformation of the second policy, a second access attempt to information managed by the information management system is denied upon evaluation of the transformed second policy (Agbabian, Col. 19, line 63-Col. 20, line 9, see granting and denying access).

Claim 20
With respect to claim 20, the combination of Outlook, Asakura, Agbabian and Neiditsch discloses wherein the first activity data stored in the log is stored on a memory buffer of a first computing device, separate from a second computing device storing the activity data stored in the log (Agbabian, Col. 22, lines 16-21, see separate databases; and Agbabian, Col. 16, line 62-Col. 17, line 16, see output buffer, where separating the memory is a design choice not affecting patentability, see In re Japikse, 181 F.2d 1019, 86 USPQ 70 (CCPA 1950) (Claims to a hydraulic power press which read on the prior art except with regard to the position of the starting switch were held unpatentable because shifting the position of the starting switch would not have modified the operation of the device.)), and the first activity data is transferred from the first computing device to the second device according to at least one of a predetermined time interval or when a user logged onto the first computing device logs off the first computing device (Agbabian, Col. 16, lines 36-46, see checking the flush time after logging events).

Claim 21
comprising determining to include the first activity data, based upon a first rule of the plurality of rules that is evaluated when the sending of the e-mail from the first entity to the third entity is made, in the log,
wherein the first rule specifies that the first activity data is to be logged (Agbabian, Col. 13, lines 51-59).

Claim 22
With respect to claim 22, the combination of Outlook, Asakura, Agbabian and Neiditsch discloses wherein the first rule specifies that logging the first activity data includes an e-mail is sent and an identifier corresponding to the first user (Agbabian, Col. 57, lines 9-20; and Agbabian, Col. 13, lines 51-59, see user name).

Claim 23
With respect to claim 23, the combination of Outlook, Asakura, Agbabian and Neiditsch discloses wherein the first correlation comprises identifying the third entity as an entity in common with first and second activity data and the second correlation comprises identifying an e-mail identifier for the e-mail as an e-mail in common with second and third activity data (Agbabian, Col. 44, lines 47-62; and Agbabian, Col. 45, line 51-Col. 46, line 2).

Claim 24
With respect to claim 24, the combination of Outlook, Asakura, Agbabian and Neiditsch discloses wherein the first activity data is generated at a first computing device, the second activity data is generated at a second computing device, and the first and second activity data are transmitted to a third computer to be included in the log, wherein the first, second, and third computing devices are different computing devices (Agbabian, Col. 13, lines 51-59; Agbabian, Col. 22, lines 49-57; and Agbabian, Fig. 10, see clients).

Claim(s) 18 is/are rejected under 35 U.S.C. 103(a) as being unpatentable over Outlook in view of Asakura in further view of Agbabian in further view of Neiditsch in further view of Peled, et al., US 2005/0288939 A1 (hereinafter “Peled”).

Claim 18
Claim 18 incorporates all the limitations above.
On the other hand, Peled discloses wherein the condition comprises that the first entity is not permitted to send an e-mail to the second entity (Peled, [0298] and [0299], where it is determined whether the classified information can be sent to a particular recipient).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Peled’s teachings to the combination of Outlook, Asakura, Agbabian and Neiditsch.  A skilled artisan would have been motivated to do so in order to create a system for flexible and efficient policy management and enforcement, see Peled, [0015].  In addition, both/all of the references (Outlook, Asakura, Agbabian, Neiditsch and Peled) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.

Claim(s) 1, 3-5, 7-9, 11-13, 15, 16 and 25-28 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Outlook in view of Asakura in further view of Agbabian in further view of Neiditsch in further view of McCloghrie et al., US 6,286,052 B1 (hereinafter “McCloghrie”).

Claim 1
Outlook discloses a method comprising:
providing a plurality of rules to manage information of an information management system (Outlook, Fig. 1, where there are 2 rules displayed), wherein a first rule comprises a condition between a first entity and a second entity (Outlook, Fig. 1, where Rule 2 is between Hung Q. Pham [i.e., first entity] and the user, Hubert G. Cheung [i.e., second entity]);










providing activity data associated with the first entity, the second entity and the third entity (Outlook, Fig. 1, where the first activity data are the e-mail activities associated with Hung Q. Pham, the second activity data are the e-mail activities associated with the user, Hubert G. Cheung, and the third activity data are the e-mail activities associated with Charles Kim, who is the third entity) the activity data comprising:
a first activity data at a first time indicating sending of an e-mail from the first entity to the third entity (Outlook, Fig. 1, where Hung Q. Pham [i.e., first entity] sends an e-mail with an attachment to Charles Kim [i.e., third entity]);
a second activity data at a second time indicating sending of the e-mail from the third entity to the second entity (Outlook, Fig. 1, where Hung Q. Pham’s e-mail is sent to Charles Kim [i.e., third entity] forwards the e-mail to Hubert G. Cheung [i.e., second entity]), wherein the first time and the second time are different (Outlook, Fig. 1, where Hung Q. Pham’s e-mail is sent to Charles Kim [i.e., third entity] forwards the e-mail to Hubert G. Cheung [i.e., second entity], where forwarding takes time [i.e., different time]) and 
inspecting at least a first rule to extract the condition between the first entity and the second entity (Outlook, Fig. 1, where the relationship between Hung Q. Pham [i.e., first entity] and the user, Hubert G. Cheung [i.e., second entity] must be gleaned from Rule 2 in order for Rule 2 to be executed), 
analyzing the first activity data and the second activity data to derive a relationship between the first entity and the second entity (Outlook, Fig. 1, where Rule 2 denotes the activity data between Hung Q. Pham [i.e., first entity], the user, Hubert G. Cheung [i.e., second entity] and Charles Kim [i.e., third entity], which denotes the relationship between Hung Q. Pham [i.e., first entity] and the user, Hubert G. Cheung [i.e., second entity]), wherein the relationship comprises:
a first correlation between sending of the e-mail from the first entity as provided in the first activity data and sending of the e-mail from the third entity to the second entity as provided in the second activity data, the first correlation being based on the sending of the e-mail (Outlook, Fig. 1, where Rule 2 evaluates this condition); and

detecting a potential satisfaction of the condition because of the first correlation in the relationship (Outlook, Fig. 1, where there is satisfaction of the conditions when Rule 2 is actually executed); and

On the other hand, Asakura discloses controlling document usage, based on first and second information usage rules of the plurality of rules (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail and see transfer device determining rule and transmitting information quantity determining rule), comprising:
intercepting a first e-mail being sent from the first entity to a third entity (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail);
evaluating the first information usage rule to determine, based on the first entity and the third entity, whether to allow sending the first e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
determining, based on evaluating the first information usage rule, to allow sending the first e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
storing in a log that the sending of the first e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users);
intercepting a second e-mail being sent from the third entity to the second entity (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail);
evaluating the second information usage rule to determine, based on the third entity and the second entity, whether to allow sending the second e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
determining, based on evaluating the second information usage rule, to allow sending the second e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email); and
storing in the log that the sending of the second e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users); and
after determining to allow sending the first e-mail and the second e-mail (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail), determining whether an activity data correlation rule of the plurality of rules has been satisfied (Asakura, Claim 7, see transfer propriety data and the access intervals which correspond to average values of intervals).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Asakura’s teachings to Outlook’s system.  A skilled artisan would have been motivated to do so in order to provide and email transmitting and receiving system which anticipates whether or not the user is in an environment allowing access to the system and 
On the other hand, Agbabian discloses stored in a log (Agbabian, Col. 23, lines 45-55, see viewing log and alert events); and
based on the detected potential satisfaction of the condition, automatically implementing a remedial action of at least one of: implementing a policy in the information management system, disallowing a user from connecting to the information management system, or restricting a user from being allowed to perform certain actions to information managed by the information management system (Agbabian, Col. 26, lines 58-65, see policy, set of specific conditions the policy applies and the specific rules or actions to be applied when those conditions are met).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Agbabian’s teachings to the combination of Outlook and Asakura.  A skilled artisan would have been motivated to do so in order to have an integrated approach to network security management, see Agbabian, Col. 1, lines 26-38.  In addition, both/all of the references (Outlook, Asakura and Agbabian) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.
On the other hand, Neiditsch discloses wherein the first rule specifies that content of the e-mail should not be transmitted to members outside of an organization (Neiditsch, 
that the second entity, without the first rule explicitly identifying the second entity as being outside of the organization, is a member outside of the organization (Neiditsch, abstract, see external users; and Neiditsch, [0097], see inferring document permissions and, thus, the permissions of internal and external users).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Neiditsch’s teachings to the combination of Outlook, Asakura and Agbabian.  A skilled artisan would have been motivated to do so in order to have an easy-to-use and low-effort electronic filing solution with built-in safeguards to promote accurate, comprehensive and secure filing of content, see Neiditsch, [0031].  In addition, both/all of the references (Outlook, Asakura, Agbabian and Neiditsch) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.
On the other hand, McCloghrie discloses the activity data stored in the log comprises activity data generated based on one or more policy engines executing separately from applications used to send the e-mail from the first entity to the third entity and from the third entity to the second entity (McCloghrie, Col. 5, lines 20-34, see policy enforcers; McCloghrie, Col. 5, lines 35-37, see local policy cache to eliminate querying policy server [i.e., 

Claims 3 and 11
With respect to claims 3 and 11, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses wherein the first and second activity data is received at a server from a first device of the first entity, and the second activity data is received at the server from a second device of the third entity (Outlook, where Outlook is configured to be used with many servers).

Claims 4 and 12
With respect to claims 4 and 12, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses wherein the analyzing the first activity data and the second third activity data comprises matching the third entity as provided in the first activity data with the third entity as provided in the second activity data (Outlook, Fig. 1, where Rule 2 evaluates this).

Claim 5 and 13
With respect to claims 5 and 13, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses wherein the first entity is a first user and the second entity is a second user (Outlook, Fig. 1, where Hung Q. Pham is the first user and the user, Hubert G. Cheung is the second user).

Claims 7 and 15
With respect to claims 7 and 15, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses wherein the first entity is a first application program and the second entity is a second application program (Outlook, Fig. 1, where an e-mail is sent by Hung Q. Pham [i.e., first entity] via an e-mail application to the user, Hubert G. Cheung [i.e., second entity] which receives the e-mail via an e-mail application).

Claims 8 and 16
With respect to claims 8 and 16, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses wherein the inspecting at least the first rule to extract the condition between the first entity and second entity comprises inspecting a plurality of rules (Outlook, Fig. 1, where multiple rules are displayed).


    PNG
    media_image3.png
    695
    882
    media_image3.png
    Greyscale

Outlook Fig. 2

Claim 9
Outlook discloses a method of operating an information management system comprising:
providing a first rule comprising a condition between a first entity and a second entity (Outlook, Fig. 1, where there are 2 rules displayed and where Rule 2 is between Hung Q. Pham [i.e., first entity] and the user, Hubert G. Cheung [i.e., second entity]), 






providing activity data associated with the first entity, the second entity and the third entity (Outlook, Fig. 1, where the first activity data are the e-mail activities associated with Hung Q. Pham, the second activity data are the e-mail activities associated with the user, Hubert G. Cheung, and the third activity data are the e-mail activities associated with Charles Kim, who is the third entity) the activity data comprising:
a first activity data at a first time indicating inputting of information into an e-mail by the first entity (Outlook, Fig. 2, where text is being pasted into an e-mail);
a second activity data at a second time indicating sending of the e-mail from the third entity to the third entity (Outlook, Fig. 1, where Hung Q. Pham’s e-mail is sent to Charles Kim [i.e., third entity] forwards the e-mail to Hubert G. Cheung [i.e., second entity]);
a third activity data at a third time indicating sending of the e-mail from the third entity to the second entity (Outlook, Fig. 1, where Hung Q. Pham’s e-mail is forwarded to the user, Hubert G. Cheung), wherein the first time, the second time, and the third time are different (Outlook, Fig. 1, where Hung Q. Pham’s e-mail is sent to Charles Kim [i.e., third 

inspecting at least a first rule to extract the condition between the first entity and the second entity (Outlook, Fig. 1, where the relationship between Hung Q. Pham [i.e., first entity] and the user, Hubert G. Cheung [i.e., second entity] must be gleaned from Rule 2 in order for Rule 2 to be executed);
analyzing the first activity data, the second activity data, and the third activity data to derive a relationship between the first entity and the second entity (Outlook, Fig. 1, where Rule 2 denotes the activity data between Hung Q. Pham [i.e., first entity], the user, Hubert G. Cheung [i.e., second entity] and Charles Kim [i.e., third entity], which denotes the relationship between Hung Q. Pham [i.e., first entity] and the user, Hubert G. Cheung [i.e., second entity]), wherein the relationship comprises:
a first association between inputting of information into an e-mail by the first entity as provided in the first activity data and sending of the e-mail from the first entity to the third entity as provided in the second activity data, the first association being based on the first entity (Outlook, Fig. 1, where Rule 2 evaluates this condition);
a second association between sending of the e-mail from the first entity to the third entity as provided in the second activity data and sending of the e-mail from the third entity to the second entity as provided in the third activity data, the second association being based on the sending of the e-mail (Outlook, Fig. 1, where Rule 2 evaluates this condition); and
detecting a potential satisfaction of the condition because of the first association and the second association in the relationship (Outlook, Fig. 1, where there is satisfaction of the conditions when Rule 2 is actually executed); and

On the other hand, Asakura discloses controlling document usage, based on first and second information usage rules of the plurality of rules (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail and see transfer device determining rule and transmitting information quantity determining rule), comprising:
intercepting a first e-mail being sent from the first user to a third user (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail);
evaluating the first information usage rule to determine, based on the first user and the third user, whether to allow sending the first e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
determining, based on evaluating the first information usage rule, to allow sending the first e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
storing in a log that the sending of the first e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users);
intercepting a second e-mail being sent from the third user to the second user (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate whether or not it is appropriate to transfer the mail);
evaluating the second information usage rule to determine, based on the third user and the second user, whether to allow sending the second e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email);
determining, based on evaluating the second information usage rule, to allow sending the second e-mail (Asakura, Col. 9, lines 9-56, see transfer proprietary data which indicates whether or not it is appropriate to transfer the email); and
storing in the log that the sending of the second e-mail was allowed (Asakura, Col. 9, lines 9-56, see monitoring the content of a log file which store operational logs of the user and for extracting user access data which represents arrival, transmission and reception of email addressed to users); and
after determining to allow sending the first e-mail and the second e-mail (Asakura, Col. 9, lines 9-56, see monitoring email and generating transfer propriety data which indicate determining whether an activity data correlation rule of the plurality of rules has been satisfied (Asakura, Claim 7, see transfer propriety data and the access intervals which correspond to average values of intervals).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Asakura’s teachings to Outlook’s system.  A skilled artisan would have been motivated to do so in order to provide and email transmitting and receiving system which anticipates whether or not the user is in an environment allowing access to the system and automatically controls whether or not the email addressed to the user is transmitted, see Asakura, Col. 2, lines 35-47.  In addition, both/all of the references (Outlook and Asakura) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.
On the other hand, Agbabian discloses stored in a log (Agbabian, Col. 23, lines 45-55, see viewing log and alert events); and
based on the detected potential satisfaction of the condition, automatically implementing a remedial action of at least one of: implementing a policy in the information management system, disallowing a user from connecting to the information management system, or restricting a user from being allowed to perform certain actions to information managed by the information management system (Agbabian, Col. 26, lines 58-65, see policy, set of specific conditions the policy applies and the specific rules or actions to be applied when those conditions are met).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Agbabian’s teachings to the combination of Outlook and Asakura.  A skilled artisan would have been motivated to do so in order to have an integrated 
On the other hand, Neiditsch discloses wherein the first rule specifies that content of the e-mail should not be transmitted to members outside of an organization (Neiditsch, abstract, see external users; Neiditsch, [0018], sending electronic communication internally and externally; Neiditsch, [0090] and [0091], see explicit security permissions; Neiditsch, [0097], see inferring document permissions and, thus, the permissions of internal and external users; and Neiditsch, [0102]-[0104], see in addition to or in substitution of any explicit permissions, attaching the permissions to a document and publishing to the extranet to allow users the property permissions to access), without explicitly identifying that the second entity as being outside of the organization (Neiditsch, abstract, see external users; and Neiditsch, [0097], see inferring document permissions and, thus, the permissions of internal and external users).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Neiditsch’s teachings to the combination of Outlook, Asakura and Agbabian.  A skilled artisan would have been motivated to do so in order to have an easy-to-use and low-effort electronic filing solution with built-in safeguards to promote accurate, comprehensive and secure filing of content, see Neiditsch, [0031].  In addition, both/all of the references (Outlook, Asakura, Agbabian and Neiditsch) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.
the activity data is generated at least in part from one or more policy enforcers detecting operations on the application programming level to send the e-mail from the first entity to the third entity or from the third entity to the second entity (McCloghrie, Col. 5, lines 20-34, see policy enforcers; McCloghrie, Col. 10, line 54-Col. 11, line 12, see retrieving application-level information and application-level API calls, where “to send the e-mail from the first entity to the third entity and from the third entity to the second entity” is intended use).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate McCloghrie’s teachings to the combination of Outlook, Asakura, Agbabian and Neiditsch.  A skilled artisan would have been motivated to do so in order to be able to distinguish among multiple traffic flows especially those originating from the same host or server, see McCloghrie, Col. 3, line 64-Col. 4, line 22.  In addition, both/all of the references (Outlook, Asakura, Agbabian, Neiditsch and McCloghrie) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.

Claim 25
With respect to claim 25, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses comprising:
performing a Lightweight Directory Access Protocol (LDAP) lookup to determine that the second entity is a member outside of the organization, wherein the relationship that the second entity is a member outside of the organization is based at least in part on the LDAP lookup (Agbabian, Col. 20, lines 27-43, see LDAP directory; Neiditsch, abstract; 

Claim 26
With respect to claim 26, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses wherein the log comprises at least one activity data indicating an enforcement action to allow an operation (Agbabian, Col. 23, lines 45-55).

Claim 27
With respect to claim 27, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses comprising:
causing determining, based on one or more policies evaluated at the first time, that the sending of the e-mail from the first entity to the third entity is to be logged (Agbabian, Col. 23, lines 45-55);
causing generating the first activity data to be stored in the log (Agbabian, Col. 23, lines 45-55); and
storing the first activity data in the log (Agbabian, Col. 23, lines 45-55).

Claim 28
With respect to claim 28, the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie discloses comprising:
identifying, based on the information input into the e-mail, that the first activity data is confidential (Neiditsch, [0089]);
searching to determine whether the information input into the e-mail is included in additional activity data stored in the log (Agbabian, Col. 23, lines 45-55); and
determining that the information input into the e-mail is included in the second activity data (Agbabian, Col. 23, lines 45-55).

Claim(s) 2, 6, 10 and 14 is/are rejected under 35 U.S.C. 103(a) as being unpatentable over Outlook in view of Asakura in further view of Agbabian in further view of Neiditsch in further view of McCloghrie in further view of Peled.

Claims 2 and 10
Claims 2 and 10 incorporate all the limitations above.
On the other hand, Peled discloses wherein the condition comprises that the first entity is not permitted to send an e-mail to the second entity (Peled, [0298] and [0299], where it is determined whether the classified information can be sent to a particular recipient).  It would have been obvious to one of ordinary skill in the art at the time the invention was made to incorporate Peled’s teachings to the combination of Outlook, Asakura, Agbabian, Neiditsch and McCloghrie.  A skilled artisan would have been motivated to do so in order to create a system for flexible and efficient policy management and enforcement, see Peled, [0015].  In addition, both/all of the references (Outlook, Asakura, Agbabian, Neiditsch, McCloghrie and Peled) disclose features that are directed to analogous art and they are directed to the same field of endeavor, such as controlling access to content.  This close relation between/among the references highly suggests an expectation of success.

Claims 6 and 14
With respect to claims 6 and 14, the combination of Outlook, Asakura, Agbabian, Neiditsch, McCloghrie and Peled discloses wherein the first entity is a first device and the second entity is a second device (Peled, [0301], where the activities of mobile devices are monitored).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Point of Contact
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUBERT G CHEUNG whose telephone number is (571)270-
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neveen Abel-Jalil can be reached on (571) 270-0474.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




Examiner: Hubert Cheung
/Hubert Cheung/Assistant Examiner, Art Unit 2152
Date: May 13, 2021
/NEVEEN ABEL JALIL/Supervisory Patent Examiner, Art Unit 2152