DETAILED ACTION

1.	In view of the Appeal Brief filed on 1/04/2021, PROSECUTION IS HEREBY REOPENED.  
To avoid abandonment of the application, appellant must exercise one of the following two options:
(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 CFR 1.113 (if this Office action is final); or,
(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37.  The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal.  If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid.
A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below:
/Jeffrey Nickerson/           Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                             
Response to Arguments
3.    Applicant's arguments filed 1/04/21 with respect to claim 39 are persuasive and, therefore, the pending rejections are withdrawn.  However, new rejections appear below.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


4.	Claims 21-35, and 38-40 are rejected under 35 U.S.C. 103 as being unpatentable over  Patent No.: US 8,966,250 B2 to Shochet et al(hereafter referenced as Shochet), in view of Pub.No.: US 2006/0210071 A1 to Chandran et al(hereafter referenced as Chandran).
Regarding claim 21, Shochet discloses “a method, comprising: storing encryption rules (i.e. encryption based algorithm rule [Col.1/lines 64-66]) and content mappings in memory” (mapping table [Col.1/lines 64-66]); “intercepting, at an edge encryption proxy(i.e. intercepting at application communication interface [Fig.1]), an unencrypted data stream directed to a target device outside of a network on which the edge encryption proxy is located” (the encryption module is associated with a gateway to an external data and/or application server, the module may be functionally associated with a communication module adapted to receive and send network data traffic (e.g. a network proxy) [Col.5/lines 32-36]) ; “parsing the unencrypted data stream to identify a candidate sensitive portion of the unencrypted data stream” (the device may use a parser (e.g. XML parser) to query and extract the value of the sensitive data elements and replace their plain-text values with the encrypted values[Col.16/lines 45-48]); “determining whether the candidate sensitive portion includes sensitive data using the encryption rules and content mapping”(a data sensitivity evaluation module may be provided, and the module may determine a sensitivity level of some or all symbols or groups of symbols within the data file, record, transaction or document [Col.2/lines 6-9]), “wherein the content mapping(memory mapping table [Col.1/lines 64-66]) indicates a path to the sensitive data”(i.e. encryption modules memory mapping table/ algorithm and utilizes data sensitivity evaluation module to indicate sensitivity level [Col.6/lines 35-41]); “responsive to the candidate sensitive portion including the sensitive data, encrypting the sensitive data” (i.e. sensitivity module responds to candidate sensitive data and indicates whether to encrypt sensitive data via encryption module lines 35-41]) ; “replacing the candidate sensitive portion with the encrypted sensitive data” (encryption module replaces sensitive portions with encrypted information [Col.6/lines 64-67]). 
Shochet does not explicitly disclose “and transmitting the encrypted sensitive data with remaining portions of the unencrypted data stream to the target device.” 
However, Chandran in an analogous art discloses “and transmitting the encrypted sensitive data with remaining portions of the unencrypted data stream to the target device” (the security-sensitive data system 670 transmits the data stream with the encrypted security override object to the appropriate computer system and sends data stream with encrypted object security Chandran[Fig.7/item 710]).

Regarding claim 22 in view of claim 21, the references combined disclose “wherein parsing the unencrypted data stream comprises determining that the candidate sensitive portion pertains to data derived from a configured storage location in the network” (determine that data stream to be transmitted includes Security-sensitive portion and identify portion Chandran[Fig.3/item 300]).
Regarding claim 23 in view of claim 22, the references combined disclose “ wherein the configured storage location comprises a database” (Gateway computer
[Chandran 660] comprises system memory [Chandran 662] for storage of applications [Chandran 676] and encryption system [Chandran 678]).
Regarding claim 24 in view of claim 22, the references combined disclose “wherein the configured storage location comprises a column, field, or table.”(symbol based mapping table  Shochet[Fig.1]). 
claim 25 in view of claim 22, the references combined disclose “wherein the configured storage location is defined in the encryption rules” (symbol based encryption module Shochet[Fig.1] that can be removable peripheral inclusive of  data storage and encryption logic Shochet [Col.5/lines 10-13)
Regarding claim 26 in view of claim 21, the references combined disclose “wherein the edge encryption proxy provides a transition from a relatively secured portion including the network to a relatively unsecured portion between the edge encryption proxy and the target device” (the security-sensitive data system [Chandran 670] includes a data interchange services component [Chandran 672] and a communication services component [Chandran 674]. The data interchange services component [Chandran 672] identifies a security sensitive portion of data. The communication services component [Chandran 674] determines that a portion is identified as security sensitive and calls the encryption system [Chandran 678] to encrypt or decrypt the portion of security-sensitive data Chandran[par.0041]). 
Regarding claim 27 in view of claim 26, the references combined disclose “wherein the relatively unsecured portion comprises the Internet” (The communication
path 150 may comprise any type of network, Such as, for example, a Storage Area
Network (SAN), a Local Area Network (LAN), Wide Area Network (WAN), the
Internet, an Intranet Chandran [par.0020]).
Regarding claim 28 in view of claim 21, the references combined disclose “wherein the encryption rules stored in memory comprise: a selective encryption (mapping table Shochet [Col.1/lines 64-66]) storing information about storage locations for the unencrypted data stream” ( i.e. the mapping table is user organization specific and stores specific information regarding selective encrypted content Shochet[Col.1/lines 65-Col.2/line 1) ; “and a communication encryption configuration database storing information about various rules determining when to secure the unencrypted data stream for various transmissions” (encryption module determines which tables or algorithm keys to use may and who symbols to select for encryption, may depend of the specific application Shochet [Col.2/lines 33-35]).
Regarding claim 29 in view of claim 28, the references combined disclose “wherein the memory is located on the network. (the communication path 150 may
comprise any type of network, Such as, for example, a Storage Area Network
(SAN), a Local Area Network (LAN), Wide Area Network (WAN), the Internet, an Intranet, etc. Chandran [par.0020]).
Regarding claim 30 in view of claim 28 the references combined disclose “comprising, receiving at the edge encryption proxy(i.e. intercepting at application communication interface Shochet[Fig.1]), the encryption rules” (mapping table Shochet[Col.1/lines 64-66]), “wherein the memory is located outside the network“ (local gateway system memory Chandran [Fig.6/item 662]).
Regarding claim 31 in view of claim 21 the references combined disclose, “wherein receiving the unencrypted data stream includes receiving the unencrypted data stream from an in-network device in the network.”(receive data stream from communication path 150 between client100 and data server120 [Chandran [Fig.1]).
claim 32 in view of claim 21 the references combined disclose “ wherein encrypting the sensitive data comprises maintaining the sensitive data in the network (Object data stream structure 256 contains security-sensitive data and is
encrypted Chandran[Par.0025]) without the encryption while using the encrypted sensitive data in communications with the target device. (Chandran[FIG. 3] illustrates
logic performed by the security sensitive data system 110, 130 of the network when transmitting a data stream to a device).
Regarding claim 33 in view of claim 21, the references combined disclose
“comprising: receiving partially encrypted data at the edge encryption proxy” (determine
that data stream that has been received includes security-sensitive portion
Chandran [Fig.4/item 400]); “decrypting encrypted portions of the partially encrypted
data using the edge encryption proxy; and utilizing the decrypted portions of the partially
encrypted data as unsecured data in the network.” (decrypt security-sensitive portion of data stream Chandran [Fig.4/item 402]). 
Regarding claim 34, Shochet discloses “a tangible, non-transitory, and computer-readable medium having stored thereon instructions, that when executed, are configured to cause one or more processors to: store encryption rules (i.e. encryption based algorithm rule [Col.1/lines 64-66]) and content mapping in memory” (mapping table [Col.1/lines 64-66]); “ intercept, at an edge encryption proxy” (i.e. intercepting at application communication interface [Fig.1]), “an unencrypted data stream directed to a target device outside of a network on which the edge encryption proxy is located” (the encryption module is associated with a gateway to an external data and/or application server, the module may be functionally associated with a communication module adapted to receive and send network data traffic (e.g. a network proxy) [Col.5/lines 32-36]);  “a candidate sensitive portion of the unencrypted data stream as potential sensitive data” (sensitivity evaluation module may estimate or determine a sensitivity level of Some given data [Col.6/lines 38-39]) ; “identify a rule condition of the encryption rules and the content mapping corresponding to the candidate sensitive portion” (a data sensitivity evaluation module may be provided, and the module may determine a sensitivity level of some or all symbols or groups of symbols within the data file, record, transaction or document [Col.2/lines 6-9]; “determine whether the candidate sensitive portion includes sensitive data using the rule condition and the content mapping” (a data sensitivity evaluation module may be provided, and the module may determine a sensitivity level of some or all symbols or groups of symbols within the data file, record, transaction or document [Col.2/lines 6-9]), “wherein the content mapping (memory mapping table [Col.1/lines 64-66]) indicates a path to the sensitive data”(i.e. encryption modules memory mapping table/ algorithm and utilizes data sensitivity evaluation module to indicate sensitivity level [Col.6/lines 35-41]); responsive to the candidate sensitive portion including the sensitive data, encrypt the sensitive data” (i.e. sensitivity module responds to candidate sensitive data and indicates whether to encrypt sensitive data via encryption module lines 35-41]); “replace the candidate sensitive portion with the encrypted sensitive data” (encryption module replaces sensitive portions with encrypted information [Col.6/lines 64-67]).
Shochet does not explicitly disclose “and transmit the encrypted sensitive data with remaining portions of the unencrypted data stream to the target device”
(the security-sensitive data system 670 transmits the data stream with the encrypted security override object to the appropriate computer system send data stream with encrypted object security override object Chandran[Fig.7/item 710]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Shochet’s appliance system for encrypting sensitive data with Chandran’s encryption of security-sensitive data in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shochet teaches a proxy system which stores encryption rules, mappings and a process of encrypting sensitive data,  Chandran also discloses a process for encrypting sensitive data, but further teaches transmitting the encrypted sensitive data with remaining portions of the unencrypted data stream to a computer system providing further data integrity, and both are from the same field of endeavor.
Regarding claim 35 in view of claim 34, the references combined disclose “wherein the encryption rules (i.e. encryption based algorithm rule [Col.1/lines 64-66]) stored in memory(stored within interface module Shochet[Fig.]) comprise: selective encryption configuration table (symbols based mapping table Shochet [Fig.1]) storing information about storage locations for the unencrypted data stream” (data processing module processes both encrypted and unencrypted data from at least a portion of one or more data files, records, transactions Shochet [Col.3/lines 10-12]); “and a communication encryption configuration database storing (encryption module determines which tables or algorithm keys to use may and who symbols to select for encryption, may depend of the specific application Shochet[Col.2/lines 33-35]).
Regarding claim 38 in view of claim 34, the references combined disclose “wherein the rule condition  comprises communication of the unencrypted data stream is to take place over hypertext transfer protocol using at least one of a type of communication, a uniform resource locator, and request method indicated in the encryption rules” (the device may detect the application according to the domain name in the request. According to the URL the device may detect the request type, and according to the request type, it may "know what sensitive data elements that should be encrypted are included in the request Shochet[Col.16/lines 36-41]).
Regarding claim 39, Shochet discloses “a system comprising: one or more processors; and a memory storing instructions that, when executed, are configured to cause the one or more processors to: store encryption rules(i.e. encryption based algorithm rule [Col.1/lines 64-66]) in a table storing(mapping table [Col.1/lines 64-66]) information indicating secured memory locations that are to be secured in communications outside of a network” (the encryption module is associated with a gateway to an external data and/or application server, the module may be functionally associated with a communication module adapted to receive and send network data traffic (e.g. a network proxy) [Col.5/lines 32-36]); “intercept, at an edge encryption proxy(i.e. intercept at interface device [Fig.1]), “an unencrypted (i.e. intercept unencrypted data stream records or documents[Fig.1]) , wherein the edge encryption proxy is located in the network(i.e. interface device is located within network [the module may be functionally associated with a communication module adapted to receive and send network data traffic (e.g. a network proxyCol.5/lines 34-36]); “identify at least a portion of the unencrypted data stream derived from the secured memory locations as containing sensitive data using content mapping indicating a path to the sensitive data” (the device may use a parser (e.g. XML parser) to query and extract the value of the sensitive data elements and replace their plain-text values with the encrypted values[Col.16/lines 45-48]) ; “encrypt the data derived from the secured memory locations using the encryption rules”(encryption module utilizes encryption based algorithm [Fig.1]) ; “replace unencrypted data from the secured memory locations with the encrypted data to form a partially encrypted stream with portions of the unencrypted data stream not derived from the indicated secured memory locations” (the encryption module may be adapted to encrypt at least a portion of one or more fields of a data file, record, transaction or document stored to a relational database Shochet[Col.2/lines 63-66]).
Shochet does not explicitly disclose “and transmit partially encrypted stream to the target device.”
However, Chandran in an analogous art discloses “and transmit the encrypted sensitive data with remaining portions of the unencrypted data stream to the target (the security-sensitive data system 670 transmits the data stream with the encrypted security override object to the appropriate computer system send data stream with encrypted object security override object Chandran[Fig.7/item 710]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Shochet’s appliance system for encrypting sensitive data with Chandran’s encryption of security-sensitive data in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shochet teaches a proxy system which stores encryption rules, mappings and a process of encrypting sensitive data,  Chandran also discloses a process for encrypting sensitive data, but further teaches transmitting the encrypted sensitive data with remaining portions of the unencrypted data stream to a computer system providing further data integrity, and both are from the same field of endeavor.
Regarding claim 40 in view of claim 39, the references combined disclose “wherein the secured memory location comprises a column, field, or table” (symbol based mapping table  Shochet[Fig.1]).  

5.	Claims 36 and 37 are rejected under 35 U.S.C. 103 as being unpatentable over Patent No.: US 8,996,250 B2 to Shochet et al(hereafter referenced as Shochet), in view of Pub.No.: US 2006/0210071 A1 to Chandran et al(hereafter referenced as Chandran), in further view of Patent Number 5,063,523 to Vrenjak.
claim 36 in view of claim 34, neither Shochet nor Chandran explicitly disclose “wherein the rule condition comprises an operand reference, a relational operator, and a target value.” 
However, Varenjak in an analogous art discloses “wherein the rule condition comprises an operand reference” (i.e. event table 40 which includes an operand Varenjak [Col.6/lines 4-5]), a relational operator (i.e. 2 digit relational operator within the field code Varenjak [Col.6/lines 18-26]), and a target value (and the operand field which is used to specify the target value Varenjak [Col.6/lines 25-26])” 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Shochet’s appliance system for encrypting sensitive data and Chandran’s encryption of security-sensitive data with Varenjak’s network management comprising a process utilizing event rule handling which uses user defined rules in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shochet teaches a proxy system which stores encryption rules, mappings and a process of encrypting sensitive data, Chandran also discloses a process for encrypting sensitive data, Varenjak teaches an event rule handling process within a network, and all are from the same field of endeavor. 
Regarding claim  37 in view of claim 36, the references combined discloses “wherein determining whether the candidate sensitive portion includes the sensitive data using the rule condition comprises(symbol based encryption algorithm rule Shochet[Fig.1]): “identifying the rule condition matching the candidate sensitive portion of the unencrypted data stream based on the operand reference” (a data sensitivity evaluation module may be provided, and the module may determine/identify a sensitivity level of some or all symbols or groups of symbols within the data file, record, transaction or document Shochet[Col.2/lines 6-9]) ; “and determining that the rule condition is met in the unencrypted data stream on a condition of the candidate sensitive portion having a relationship to the target value, wherein the relationship is by the relational operator” (a data sensitivity evaluation module may be provided, and the module may determine a sensitivity level of some or all symbols or groups of symbols within the data file, record, transaction or document [Col.2/lines 6-9]).	


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159.  The examiner can normally be reached on Mon-Fri 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/MICHAEL D ANDERSON/           Examiner, Art Unit 2432