Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/14/2020 and 07/13/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings were received on 05/15/2020.  These drawings are accepted.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 7-13 and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable over BORUP et al. (US 20180293400 A1 hereinafter “Borup”, listed IDS) in view of Mathias et al. (US 20170359314 A1 hereinafter “Mathias”).
Regarding claim 1, Borup discloses a non-transitory computer readable storage medium comprising instructions that when executed configure hardware processing circuitry to perform operations comprising (Fig. 5): 
receiving, within a secured environment, a first message from a first source account and addressed to a first destination account, the first message including first data (0049, The method includes receiving a dataset (S401) [“first message”]. For example, the dataset may be one or more files [“first data”] that a user is about to transfer to an external site or user. When the method is embedded within an FTP client, the client receives the file after the user enters an FTP command identifying the file and a destination IP address [“addressed to a first destination account”]); 
identifying, based on the first source account and the first destination account, a first information barrier policy (¶0051-0054, The method next includes analyzing the received dataset (S403) [“identifying a first information barrier policy”, See S404 below]. The analysis may include extracting tokens of text from each of the files of the dataset; The method next includes applying a machine learning model to the extracted tokens of each file to determine whether any of the files includes sensitive data (S404) [“barrier policy”, See more details ¶0037-0039 regarding “policy annotator 304” identifying machine learning model]; The method next includes determining the source and destination for the transfer (S406) [“first source account and the first destination account”]); 
determining, based on the first information barrier policy, the first source account is prohibited from sending sensitive information to the first destination account (¶0055-0058, The method further includes comparing the relevant entities against the policies in the database (S407) [“determining the first source account is prohibited”]. The comparing may consider the determined source and destination location. Then the method determines if any results of the comparing resulted in a match (S408). The system may prevent the transmission of the file [S410, “the first source account is prohibited from sending sensitive information”, determined at S404 above regarding the sensitive data and at S408]);
determining a portion of the first data includes an indication of sensitive information (¶0052, The method next includes applying a machine learning model to the extracted tokens of each file [“indication of sensitive information”] to determine whether any of the files includes sensitive data (S404)); 
¶0052, The method next includes applying a machine learning model to the extracted tokens of each file [“response from the data matching service device”] to determine whether any of the files includes sensitive data (S404) [See more details ¶0033 and ¶0043 regarding the master processor 310 (“the data matching service device”) receives the machine learning model (text of the file) from the file annotator 301]); 
identifying, based on the response, that the portion includes sensitive information; and processing, based on the identifying, the first message (¶0053, If one of the files has been determined to include sensitive data, the method next includes identifying relevant entities among the extracted tokens of the one file (S405)).  
However, it does not explicitly teach “source account”, “destination account” and “transmitting, based on the indication of sensitive information and that the first source account is prohibited from sending sensitive information to the first destination account, the portion to a data matching service device.”
  In a same field of endeavor, Mathias discloses the hardware processing circuitry to perform operations, wherein transmitting, based on the indication of sensitive information and that the first source account is prohibited from sending sensitive information to the first destination account, the portion to a data matching service device (¶0023, cloud service 106 [“data matching service device”] can maintain a data store 112 of user accounts. Data store 112 can include an account record 114 for each user who has established an account with cloud service 106. A user (with userID “User1” in this example) can register a user device (e.g., devices 102, 104) with cloud service 106; ¶0028, it is desirable for source device 102 (also referred to as a “source” device) to be able to provide data object 120 to user device 104 (also referred to as a “destination” device), and the particular content of data object 120 is not relevant. While transferring a data object between devices can be done using a variety of existing protocols and techniques, such protocols and techniques may not provide adequate security. For example, it may be desirable to prevent source device 102 from transferring the data object until the identity of destination device 104 has been verified [analogous to “prohibited from sending sensitive information”]; ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “first source account” “first destination account” and “sensitive information”]). 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Borup with the teachings of Mathias to transmit(ing), based on the indication of sensitive information and that the first source account is prohibited from sending sensitive information to the first destination account, the portion to a data matching service device. One of ordinary skill in the art would have been motivated to make this modification because data object [or sensitive information] can be transferred using processes described herein or similar processes, and the source device and destination device can be any two devices associated with a particular user [or account](¶0102).

Regarding claim 2, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 1, wherein processing the first message comprising blocking, based on the identifying, transmission of the first message to the first destination account ([Borup] ¶0058, If the user is determined to be suspicious, an occurrence of the attempt to transmit the file is registered or recorded (S411). In addition to the recording, the system may prevent the transmission of the file [“blocking, based on the identifying, transmission of the first message”]; [Mathias] ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “first source account” “first destination account” and “first message”]).

Regarding claim 4, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 1, the operations further comprising (Fig. 5): 
receiving, within the secured environment, a second message from the first source account and addressed to the first destination account, the second message including second data ([Borup] ¶0049, The method includes receiving a dataset (S401) [“second message”]. For example, the dataset may be one or more files [“second data”] that a user is about to transfer to an external site or user. When the method is embedded within an FTP client, the client receives the file after the user enters an FTP command identifying the file and a destination IP address [“addressed to the first destination account”]; [Mathias] ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “first source account” “first destination account” and “second message including second data”]); 
determining a second portion of the second data includes an indication of sensitive information ([Borup] ¶0052-0055, The method next includes applying a machine learning model to the extracted tokens [“indication”] of each file to determine whether any of the files includes sensitive data (S404)); 
transmitting, based on the indication of sensitive information and that the first source account is prohibited from sending sensitive information to the first destination account, the second portion to the data matching service device ([Borup] ¶0052, The method next includes applying a machine learning model to the extracted tokens of each file to determine whether any of the files includes sensitive data (S404) [See more details ¶0033 and ¶0043 regarding the “sensitive technology” selecting a first or second section [“second portion”], and the master processor 310 (“the data matching service device”) receives the machine learning model (text of the file) from the file annotator 301]; [Mathias] ¶0028, it is desirable for source device 102 (also referred to as a “source” device) to be able to provide data object 120 to user device 104 (also referred to as a “destination” device), and the particular content of data object 120 is not relevant [analogous to “prohibited from sending sensitive ”]; ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “first source account” “first destination account” and “second portion” ]);
receiving a second response from the data matching service device ([Borup] ¶0052, The method next includes applying a machine learning model to the extracted tokens of each file [“response from the data matching service device”] to determine whether any of the files includes sensitive data (S404) [See more details ¶0033 and ¶0043 regarding the master processor 310 (“the data matching service device”) receives the machine learning model (text of the file) from the file annotator 301]);
identifying, based on the second response, that the second portion does not include sensitive information ([Borup] ¶0052-0053, The method next includes applying a machine learning model to the extracted tokens of each file to determine whether any of the files includes sensitive data (S404) [See more details ¶0033 regarding the “sensitive technology” selecting a first or second section]); and 
transmitting, based on the second portion not including sensitive information, the second message to the first destination account ([Borup] ¶0056-0058, If there is no match [“based on the second portion not including sensitive information” determined, at S404 above, via the machine learning model], the method enables transfer of the file (S409); [Mathias] ¶0028, it is desirable for source device 102 (also referred to as a “source” device) to be able to provide data object 120 to user device 104 (also referred to as a “destination” device), and the particular content of data object 120 is not relevant [analogous to “based on the second portion not including sensitive information”]; ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “first source account” “first destination account” and “second message”]).

Regarding claim 7, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 1, wherein the determining that the portion includes the indication of sensitive information comprises evaluating a regular expression on the portion or identifying a keyword in the portion ([Borup] ¶0033, A user 314 (e.g., a subject matter export) uses the file annotator 301 to annotate documents 302 with one or more provided labels. the user 314 could use a mouse to select a first section of text of the document that corresponds to a particularly sensitive technology and select a label corresponding to the technology (e.g., “sensitive technology”) [“evaluating a regular expression on the portion or identifying a keyword in the portion”]).

Regarding claim 8, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 1, wherein the data matching service device is configured to compare the portion to second data in a data store, and to determine, based on the comparison, the portion includes sensitive information ([Borup] ¶0036, the master processor 310 [“data matching service device”] would classify the new input document as also referencing the same sensitive technology; ¶0033, the user 314 could use a mouse to select a first section of text of the document that corresponds to a particularly sensitive technology and select a label corresponding to the technology (e.g., “sensitive technology”), and select a second different section of text the same document or a different document that corresponds to personal data and select the label that identifies the section as personal data (e.g., “personal data”)).  

Regarding claim 9, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 8, wherein the data matching service device is configured to determine the portion includes sensitive information if the portion exactly matches the second data ([Borup] ¶0036, the classifier is provided to the master processor 310 [“data matching service device”] so it can later use the classifier on a new input file to determine whether the input file should be classified according to one or more of the labels using in the annotating. For example, if the user 314 annotated several different sections as including references to a certain sensitive technology [See more details ¶0033 regarding the “sensitive technology” selecting a first or second section] and the new input document contains similar data sections [“determine the portion includes sensitive information”], the master processor 310 would classify the new input document as also referencing the same sensitive technology).

Regarding claim 10, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 1, the operations further comprising hashing or encrypting the portion before transmitting the portion to the data matching service device ([Mathias] ¶0044-0045, At blocks 242 and 244, source device 102 and destination device 104 can use the public keys exchanged at blocks 238 and 240 to establish an encrypted communication session via the connection on LAN 116. Establishing the encrypted communication session can include bidirectional authentication of devices 102 and 104. At block 248, source device 102 can send the encrypted data object via the connection on LAN 116). 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Borup with the teachings of Mathias to encrypt(ing) the portion before transmitting the portion to the data matching service device. One of ordinary skill in the art would have been motivated to make this modification because it may allow establishing the encrypted communication session at blocks 242 and 244, with the pair verify process using the public keys that were exchanged at blocks 238 and 240 [or respectively “source account” “destination account”] (¶0044). 

Regarding claim 11, the combination of Borup and Mathias discloses The non-transitory computer readable storage medium of claim 1, the operations further comprising: 
determining a first group membership of the first source account ([Mathias] ¶0023, cloud service 106 can maintain a data store 112 of user accounts. Data store 112 can include an account record 114 for each user who has established an account with cloud service 106); 
determining a second group membership of the first destination account, wherein the first information barrier policy is identified based on the first group membership and the second group membership ([Mathias] ¶0023, cloud service 106 can maintain a data store 112 of user accounts [“first or second group membership”]. Data store 112 can include an account record 114 for each user who has established an account with cloud service 106. Account record 114 [“barrier policy”] can be keyed to a user identifier (user ID) and can store various information about the user and/or the account; ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “source account” “destination account”]).

Regarding claim 12 and 16, they are a method and a system that respectively corresponds to claim 1. Therefore, the claims are rejected for at least the same reasons.

Regarding claim 13, it is a method claim that corresponds to claim 4. Therefore, the claim is rejected for at least the same reasons.

Regarding claim 17, it is a system claim that corresponds to claim 7. Therefore, the claim is rejected for at least the same reasons.

Regarding claim 18, it is a system claim that corresponds to claim 8. Therefore, the claim is rejected for at least the same reasons.

Regarding claim 19, it is a system claim that corresponds to claim 9. Therefore, the claim is rejected for at least the same reasons.

Regarding claim 20, it is a system claim that corresponds to claim 11. Therefore, the claim is rejected for at least the same reasons.


Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over BORUP et al. (US 20180293400 A1 hereinafter “Borup”, listed IDS) in view of Mathias et al. (US 20170359314 A1 hereinafter “Mathias”) as applied to claim 1 above, and further in view of Bowen (US 20180234256 A1, listed IDS).
Regarding claim 3, the combination of Borup and Mathias discloses all features of the method of claim 1 except “anonymizing, based on the identifying and the first information barrier policy, the sensitive information in the first message; and transmitting the anonymized sensitive information to the first destination account.”
In a same field of endeavor, Bowen discloses the non-transitory computer readable storage medium of claim 1, wherein processing the first message comprises (Fig. 8):  
anonymizing, based on the identifying and the first information barrier policy, the sensitive information in the first message (¶0066, If the system determines that sensitive information is included in the message, the system may modify 808 the message to remove at least part of the sensitive information. For example, a system may be configured to partially modify the following types of sensitive information: social security numbers (obfuscating the first 5 digits, but allowing the last 4 digits to be transmitted) [“first information barrier policy”]); and 
transmitting the anonymized sensitive information to the first destination account (¶0066, The preserved section of the sensitive information may be transmitted to a recipient).
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Borup and Mathias with the teachings of Bowen to inhibit(ing) transmission, based on the absence, of the second data to the data matching service device. One of ordinary skill in the art would have been motivated to make this modification because the system may identify a first section of the sensitive information to modify [or anonymizing the sensitive information] and identify a second section of the sensitive information that may be preserved (i.e., not modified) (¶0066).


Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over BORUP et al. (US 20180293400 A1 hereinafter “Borup”, listed IDS) in view of Mathias et al. (US 20170359314 A1 hereinafter “Mathias”) as applied to claim 1 above, and further in view of Zappier et al.  (US 20180204213 A1 hereinafter “Zappier”).
Regarding claim 5, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 1, the operations further comprising (Fig. 5): 
receiving, within the secured environment, a second message from the first source account and addressed to the first destination account, the second message including second data ([Borup] ¶0049, The method includes receiving a dataset (S401) [“second message”]. For example, the dataset may be one or more files [“second data”] that a user is about to transfer to an external site or user. When the method is embedded within an FTP client, the client receives the file after the user enters an FTP command identifying the file and a destination IP address [“addressed to the first destination account”]; [Mathias] ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “first source account” “first destination account” and “second message”]); 
determining an absence of sensitive information in the second data ([Borup] ¶0052-0055, The method next includes applying a machine learning model to the extracted tokens of each file to determine whether any of the files includes sensitive data (S404));
transmitting, based on the absence, the second message to the first destination account ([Mathias] ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “first source account” “first destination account” and “second message”]). 
Although Borup discloses that the master processor 310 performs a deep analysis of the file to be transferred after the user established the machine learning models” (¶0043), it does not explicitly disclose “inhibiting transmission, based on the absence, of the second data to the data matching service device.”
In a same field of endeavor, Zappier discloses non-transitory computer readable storage medium of claim 1, wherein inhibiting transmission, based on the absence, of the second data to the data matching service device (¶0031,  by providing for automatic reconciliation of data relating to the resource transfer [“based on the absence”], the system is able to prevent transaction errors caused by incorrect or invalid data while further removing the incidence of unnecessary duplication of data [“inhibiting transmission to the data matching service device”]); 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Borup and Mathias with the teachings of Zappier to inhibit(ing) transmission, based on the absence, of the second data to the data matching service device. One of it may improve the computing efficiency of the systems involved in performing and facilitating the resource transfer (¶0031).

Regarding claim 14, it is a method claim that corresponds to claim 5. Therefore, the claim is rejected for at least the same reasons.


Claims  6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over BORUP et al. (US 20180293400 A1 hereinafter “Borup”, listed IDS) in view of Mathias et al. (US 20170359314 A1 hereinafter “Mathias”) as applied to claim 1 above, and further in view of Bowen (US 20180234256 A1, listed IDS), in view of Zappier et al.  (US 20180204213 A1 hereinafter “Zappier”).
Regarding claim 6, the combination of Borup and Mathias discloses the non-transitory computer readable storage medium of claim 1, the operations further comprising (Fig. 5): 
receiving, within the secured environment, a second message from a second source account and addressed to a second destination account, the second message including second data ([Borup] ¶0049, The method includes receiving a dataset (S401) [“second message”]. For example, the dataset may be one or more files [“second data”] that a user is about to transfer to an external site or user. When the method is embedded within an FTP client, the client receives the file after the user enters an FTP command identifying the file and a destination IP address [“addressed to the first destination account”]; [Mathias] ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “second source account” “second destination account” and “second message including second data”]); 
[Borup] ¶0055, The method further includes comparing the relevant entities against the policies in the database (S407). The comparing may consider the determined source and destination location; [Mathias] ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “second source account” “second destination account”]).
transmitting, based on the second source account being permitted to send sensitive information to the second destination account, the second message to the second destination account ([Mathias] ¶0080, any device that can be registered to a user account at a cloud service can act as a source device or a destination device for a data object [respectively “second source account” “second destination account” and “sensitive information”]).
However, the combination of Borup and Mathias does not explicitly teach “determining, based on the second information barrier policy, the second source account is permitted to send sensitive information to the first destination account.” 
In a same field of endeavor, Bowen discloses non-transitory computer readable storage medium of claim 1, determining, based on the second information barrier policy, the second source account is permitted to send sensitive information to the first destination account (¶0066, the system may modify 808 the message to remove at least part of the sensitive information. For example, a system may be configured to partially modify the following types of sensitive information [“based on the second information barrier policy”]. More generally, the system may identify a first section of the sensitive information to modify and identify a second section of the sensitive information that may be preserved (i.e., not modified). The preserved section of the sensitive information may be transmitted to a recipient [“permitted to send sensitive information”]).
the preserved section of the sensitive information may be transmitted to a recipient through modifying a message including sensitive information (¶0066).
However, the combination of Borup, Mathias and Bowen does not explicitly teach “inhibiting transmission, based on the second source account being permitted to send sensitive information to the second destination account, of second data to the data matching service device.”
In a same field of endeavor, Zappier discloses non-transitory computer readable storage medium of claim 1, wherein inhibiting transmission, based on the second source account being permitted to send sensitive information to the second destination account, of second data to the data matching service device (¶0031, by providing for automatic reconciliation of data relating to the resource transfer [analogous to “based on the second source account being permitted”], the system is able to prevent transaction errors caused by incorrect or invalid data while further removing the incidence of unnecessary duplication of data [“inhibiting transmission to the data matching service device”]); 
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Borup, Mathias and Bowen with the teachings of Zappier to inhibit(ing) transmission, based on the absence, of the second data to the data matching service device. One of ordinary skill in the art would have been motivated to make this modification because it may improve the computing efficiency of the systems involved in performing and facilitating the resource transfer (¶0031).

Regarding claim 15, it is a method claim that corresponds to claim 6. Therefore, the claim is rejected for at least the same reasons.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUH whose telephone number is (571)270-5524.  The examiner can normally be reached on campus 9:00 AM- 5:00 PM, alternate Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/A.S./Examiner, Art Unit 2493

/Michael Simitoski/Primary Examiner, Art Unit 2493