DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on October 06, 2020 has been entered.

In response to Applicant’s claims filed on October 06, 2020, claims 1-20 are now pending for examination in the application.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-9, 11-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmermann et al. (US Pub. No. 20180027006) and Lee et al. (US Pub. No. 20170118282) in further view of Ekstrom et al. (US Pub. No. 20170094018).

Regarding claim 1, Zimmermann et al. teaches a system, comprising: 
at least one computing device comprising a processor and a memory (See Zimmermann et al. Paragraph 597, “one or more machines that execute computer software, program codes, and/or instructions on a processor”), the at least one computing device connected to a client network and configured to implement a local data classification service (See Zimmermann et al. Paragraph 336, “classification services”), wherein the local data classification service provides an execution environment to run a data classification engine, and wherein the local data classification service is configured to: 
classify the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network (See Zimmermann et al. Paragraph 138 “identifying sensitive content”).  Zimmermann et al. does not disclose classify the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network.
However, Lee et al. teaches classify the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network (sensitivity threshold, See Paragraphs 39-42).
Zimmermann et al. (data security) with Lee et al. (data identification).  This would have facilitated machine learning.  See Lee  et al. Paragraph 4.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of endeavor: data security and modeling.  The close relation between both of the references highly suggest an expectation of success.
The Zimmermann et al. reference as modified by Lee et al. does not disclose wherein the management interface for the local data classification service comprises a same interface to classify data as a management interface for a data classification service of a remote provider network.
However, Ekstrom et al. teaches receive a request to classify data at one or more data sources of the client network, wherein the request is initiated from a client device of the client network according to a management interface for the local data classification service of the client network, wherein the management interface for the local data classification service comprises a same interface to classify data as a management interface for a data classification service of a remote provider network (“computing device 270 may provide certain communication/data processing features or components user interface 273 (e.g., mobile/IoT application-based interface, web browser, etc.), I/O components 275, communication logic 277, etc., but rely on one or more components of smart data mechanism 110 at computing device 100 for further processing,” See Paragraph 23 and “users may generate their personal profiles or set preferences to define what type of data is to be classified as private and non-private. These profiles, preferences, etc., may be by inputted or modified by users via user interface 221, as facilitated by rules and criteria logic 207, and stored at one or more repositories, such as database(s) 265. In additional to personal profiles and preferences, certain default rules, policies, conditions, exceptions, etc., may also be access and maintained using rules and criteria logic 207 and stored at database(s) 265. For 
Therefore, it would have been obvious before the effective filing date of invention was made to a person having ordinary skill in the art to modify Zimmermann et al. (data security) and Lee et al. (data identification) with Ekstrom et al. (local and/or remote processing of data).  This would have facilitated classification.  See Ekstrom et al. Paragraph 4.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of endeavor: data security and modeling.  

The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 1.  With respect to claim 2, Zimmerman et al. teaches the system as recited in claim 1, wherein the local data classification service comprises the management interface for the local data classification service to process requests according to the management interface for the data classification service of the remote provider network, and wherein the management interface for the local data classification service is configured to:

receive from the client device of the client network the request to classify data at one or more data sources of the client network (“computing device 270 may provide certain communication/data processing features or components user interface 273 (e.g., mobile/IoT 

	The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 1.  With respect to claim 3, Zimmerman et al. teaches the system as recited in claim 1, wherein the local data classification service is configured to: 
receive from the data classification service of the remote provider network the request to classify data at one or more data sources of the client network (See Zimmermann et al Paragraph 336, “1) a content analysis request is posted by client (a request provides text to analyze); 2) a request is directed to the request handler 904”). 

	The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 1.  With respect to claim 4, Zimmerman et al. teaches the system as recited in claim 1, wherein one or more of the execution environment, the data classification engine, or the local data classification service are obtained from the remote provider network (See Zimmermann et al. Fig. 1). 

	The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 1.  With respect to claim 5, Zimmerman et al. teaches the system as recited in claim 4, wherein to obtain the one or more of the execution environment and the data classification engine from the remote provider network: 
the at least one computing device is configured to connect to the client network, wherein the at least one computing device is provided by the remote provider network and includes the one or more of the execution environment and the data classification engine, or the at least one computing device is configured to download the one or more of the execution environment and the data classification engine from the remote provider network (See Zimmermann et al. Fig. 1 & 29). 

	Regarding claim 6, Zimmermann et al. teaches a method, comprising: 
of a client network to classify data at one or more data sources of the client network, wherein the request is initiated from a client device of the client network according to a management interface for the local data classification service of the client network, wherein the management interface for the local data classification service comprises a same interface to classify data as a management interface for a data classification service of a remote provider network, and wherein the local data classification service is implemented by a computing device connected to the client network (See Zimmermann et al Paragraph 336, “1) a content analysis request is posted by client (a request provides text to analyze); 2) a request is directed to the request handler 904”); 
obtaining at least some of the data from the one or more data sources of the client network (See Zimmermann et al Paragraph 338, “The extractor may retrieve the blob of content from the referenced external source (possibly using access credentials) and extracts the text”).  Zimmermann et al. does not disclose classifying the obtained data according to different types of sensitivity using the data classification engine without the data being exposed outside of a data isolation boundary of the client network.  
classifying the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network (See Zimmermann et al. Paragraph 138 “identifying sensitive content”).  Zimmermann et al. does not disclose classify the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network.

Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Zimmermann et al. (data security) with Lee et al. (data identification).  This would have facilitated machine learning.  See Lee et al. Paragraph 4.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of endeavor: data security and modeling.  
The Zimmermann et al. reference as modified by Lee et al. does not disclose a same interface.
However, teaches receiving a request at a local data classification service of a client network to classify data at one or more data sources of the client network, wherein the request is initiated from a client device of the client network according to a management interface for the local data classification service of the client network, wherein the management interface for the local data classification service comprises a same interface to classify data as a management interface for a data classification service of a remote provider network, and wherein the local data classification service is implemented by a computing device connected to the client network.
Therefore, it would have been obvious before the effective filing date of invention was made to a person having ordinary skill in the art to modify Zimmermann et al. (data security) and Lee et al. (data identification) with Ekstrom et al. (local and/or remote processing of data).  This would have facilitated classification.  See Ekstrom et al. Paragraph 4.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of 

With respect to claim 7, it is rejected on grounds corresponding to above rejected claim 2, because claim 7 is substantially equivalent to claim 2.

With respect to claim 8, it is rejected on grounds corresponding to above rejected claim 3, because claim 8 is substantially equivalent to claim 3.

The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 6.  With respect to claim 9, Zimmerman et al. teaches the method as recited in claim 6, further comprising: 
generating, by the local data classification service, a report indicating different sensitivity classifications for different portions of the data at the one or more data sources of the client network (See Zimmermann et al. Fig. 28). 

	The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 6.  With respect to claim 11, Lee et al. teaches the method as recited in claim 6, wherein the computing device comprises a storage device, and further comprising: 


The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 6.  With respect to claim 12, Zimmermann et al. teaches the method as recited in claim 6, and further comprising: 
downloading the classification engine from the remote provider network, wherein the classification engine comprises a classification model (See Zimmermann et al. “platform 500 may include various capabilities, such as collection and retention, online detection, offline analysis, forensics and DLP/scanning support. Collection and retention may support collection of all available event data and retention of all available event data, such as in long-term storage. Online detection may support the application of various detection algorithms to incoming events, such as to surface alerts in near real time or real time. Various detection algorithms may include rules, detection of statistical anomalies and implementation of machine learning. Offline analysis may support offline algorithms that process events collected over large time spans, such as to surface alerts, discover patterns and generate models”); and 
classifying the obtained data using the classification model (See Zimmermann et al. “platform 500 may include various capabilities, such as collection and retention, online detection, offline 

The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. teaches all the limitations of claim 11.  With respect to claim 13, Zimmermann et al. teaches the method as recited in claim 11, further comprising: 
downloading updates for the classification model from the remote provider network; and 
applying the updates to the classification model (See Zimmermann et al. Paragraph 173 “an ability to deploy updates to part of the UBA data processing pipeline with minimal downtime and no data loss, as well as performance measurements and metrics for each stage and component of the UBA data processing pipeline”). 


discovering, by the local data classification service, a plurality of data sources of the client network, wherein the plurality of data sources comprises the one or more data sources, wherein the computing device and the one or more data sources of the client network are within the data isolation boundary (See Zimmermann et al. Paragraph 576 “The cyber intelligence platform 6500 can use data from the CSF 100 and from other sources, so that the data can be presented to an analyst”). 

	Regarding claim 15, Zimmermann et al. teaches a shippable storage device, comprising: 
a data store (See Zimmermann et al. Paragraph 179 “data stores”); and 
a processor and a memory (See Zimmermann et al. Paragraph 597, “one or more machines that execute computer software, program codes, and/or instructions on a processor”) configured to implement a local data classification service for a client network connected to the shippable storage device, wherein the local data classification service provides an execution environment to run a data classification engine, and wherein the local data classification service is configured to: 

obtain at least some of the data from the one or more data sources of the client network (See Zimmermann et al Paragraph 338, “The extractor may retrieve the blob of content from the referenced external source (possibly using access credentials) and extracts the text”); 
classify the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network (See Zimmermann et al. Paragraph 138 “identifying sensitive content”);   
store one or more portions of the obtained data at the data store of the shippable storage device based on the different types of sensitivity classifications for different portions of the obtained data (See Lee et al. Paragraph 69, “By migrating the segment of data from the private cloud to the public cloud, an organization that controls the data may gain storage capacity, and the ability to scale services on-demand, without compromising the security of sensitive data”).  Zimmermann et al. does not disclose classify the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network.

Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Zimmermann et al. (data security) with Lee et al. (data identification).  This would have facilitated machine learning.  See Lee  et al. Paragraph 4.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of endeavor: data security and modeling.  

The Zimmermann et al. reference as modified by Lee et al. does not disclose wherein the management interface for the local data classification service comprises a same interface to classify data as a management interface for a data classification service of a remote provider network.
However, Ekstrom et al. teaches receive a request to classify data at one or more data sources of the client network, wherein the request is initiated from a client device of the client network according to a management interface for the local data classification service of the client network, wherein the management interface for the local data classification service comprises a same interface to classify data as a management interface for a data classification service of a remote provider network (“computing device 270 may provide certain communication/data processing features or components user interface 273 (e.g., mobile/IoT application-based interface, web browser, etc.), I/O components 275, communication logic 277, etc., but rely on one or more components of smart data mechanism 110 at 
Therefore, it would have been obvious before the effective filing date of invention was made to a person having ordinary skill in the art to modify Zimmermann et al. (data security) and Lee et al. (data identification) with Ekstrom et al. (local and/or remote processing of data).  This would have facilitated classification.  See Ekstrom et al. Paragraph(s) 11-15.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of endeavor: data security and modeling.  

	The Zimmermann et al. reference as modified by Lee et al. teaches all the limitations of claim 15.  With respect to claim 16, Lee et al. teaches the shippable storage device as recited in claim 15, wherein the local data classification service comprises a function registered for invocation in the execution environment in response to detection of a defined event, and wherein the local data classification service is configured to: 

invoke the function in response to the detection of the defined event (See Zimmermann et al. Paragraph 568 “the machine learning engine 6510 of the platform 6500 can learn to classify not only events, but other things, such as types of users, types of organizations and the like, reflecting various attributes that are collected through the CSF 100, including the AFW 300. The machine learning engine will also be able to classify and identify the sensitive data of a user, a group and/or an organization”); and 
execute, by the function, the data classification engine in the execution environment to classify the obtained data (See Zimmermann et al. Paragraph 568 “the machine learning engine 6510 of the platform 6500 can learn to classify not only events, but other things, such as types of users, types of organizations and the like, reflecting various attributes that are collected through the CSF 100, including the AFW 300. The machine learning engine will also be able to classify and identify the sensitive data of a user, a group and/or an organization”). 
With respect to claim 17, it is rejected on grounds corresponding to above rejected claim 2, because claim 17 is substantially equivalent to claim 2.



The Zimmermann et al. reference as modified by Lee et al. teaches all the limitations of claim 15.  With respect to claim 20, Zimmermann et al. teaches the shippable storage device as recited in claim 15, wherein the local data classification service is configured to: 

provide to the client network or the provider network an indication that the one or more portions of the obtained data have been classified and stored at the data store of the shippable storage device (See Zimmermann et al. Fig. 28). 

Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmermann et al. (US Pub. No. 20180027006) and Lee et al. (US Pub. No. 20170118282) and Ekstrom et al. (US Pub. No. 20170094018) in further view of Gventer et al. (US Pub. No. 20140059696).

	The Zimmermann et al. reference as modified by Lee et al. and Ekstrom et al. (teaches all the limitations of claim 6.  With respect to claim 10, Zimmermann et al. teaches the method as recited in claim 6, wherein the computing device comprises a data store, and further comprising: 
storing, by the local data classification service, one or more portions of the data at the data store based on the sensitivity classifications indicated for the different portions of the data (See Lee et al. Paragraph 47, “content of a unit of data may include any substantive information within the unit of data. For example, if a given file is determined to include a social security number, a 
	However, Gventer teaches shipping the computing device to a location associated with the provider network (See Gventer et al. Fig. 2). 
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Zimmermann et al. (data security) and Lee et al. (data identification) and Ekstrom et al. (local and/or remote processing of data) with Gventer et al. (data security).  This would have facilitated data security.  See Gventer et al. Paragraphs 3 and 4.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of endeavor: data security and modeling.  

Claim(s) 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zimmermann et al. (US Pub. No. 20180027006) and Lee et al. (US Pub. No. 20170118282) and Ekstrom et al. (US Pub. No. 20170094018) in further view of Nagaraju et al. (US Pub. No. 20180034715).


However, Nagaraju et al. teaches shippable storage device as recited in claim 18, wherein the local data classification service is configured to: 
receive the request in accordance with a message queuing telemetry transport (MQTT) protocol (See Nagaraju et al. Paragraph 103 “MQTT”). 
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Zimmermann et al. (data security) and Lee et al. (data identification) and Ekstrom et al. (local and/or remote processing of data) with Nagaraju et al. (data security).  This would have facilitated data security.  See Nagaraju et al. Paragraphs 2-6.  In addition, the references teach features that are directed to analogous art and they are directed to the same field of endeavor: data security and modeling.  

Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.

In response to applicants’ comments,” Without conceding propriety of the rejection and in a genuine effort to advance prosecution of the instant application, Applicant has amended claim 1”, receive a request to classify data at one or more data sources of the client network, wherein the request is 

Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US PG-PUB 20150326601 is directed to assessment type-variable enterprise security impact analysis:   [0076] The data management service 130 monitors and manages data on the enterprise databases 120. The data management service 130 may identify and classify sensitive data records, provide an interface illustrating sensitivity of enterprise databases 120, and apply protection policies to data records on enterprise databases 120. The data management service 130 includes an enterprise policy store 131, a classification engine 134, a proliferation tracking module 135, an assessment module 136, a user interface module 137, a security engine 138, and an access monitoring module 139. The functionality of the illustrated components may be distributed (in whole or in part) among a different configuration of modules. Some described functionality may be optional; for example, in one embodiment the data management service 130 does not include an access monitoring module 139.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS E ALLEN whose telephone number is (571)270-3562.  The examiner can normally be reached on Monday through Thursday 830-630.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hosain Alam can be reached on (571) 272-3978.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/NICHOLAS E ALLEN/Examiner, Art Unit 2154