DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 6/1/2021.
Claims 2-3, 9-10 and 16-17 have been withdrawn.
Claims 1, 8, 15 and 18-20 have been amended.
Claims 1, 4-8, 11-15 and 18-20 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Formalities
Claims 2-3, 9-10 and 16-17 have a status identifier of “Withdrawn”. Claims with a status identifier of withdrawn are required to include the claim language.  If the claims were intended to be cancelled, then the indicator should be changed to cancelled. Claims with a status identifier of cancelled do not require claim language.
In the interest of furthering prosecution, the examiner has examined the claims 2-3, 9-10 and 16-17presented as cancelled status. For future correspondence, please 

Response to Arguments
The objections to claims 16-20 have been withdrawn as the claims have been amended as suggested.
The rejection under nonstatutory double patenting has been withdrawn as the terminal disclaimer has been approved and recorded.
Applicant’s arguments, filed on 6/1/2021, with respect to claims 1-2, 6, 8-9, 13, 15-16 and 20 have been fully considered and are persuasive.  The 102 and 103 rejections of claims 1-2, 6, 8-9, 13, 15-16 and 20 have been withdrawn. 

Allowable Subject Matter
Claims 1, 4-8, 11-15 and 18-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 

Claim 1:	A computer-implemented method of monitoring and controlling exfiltration of documents stored on a cloud computing service (CCS), the method including: 
using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use; and 
a function or an activity being performed via the CCS API on a document; 

applying a content inspection rule to find strings and interrelated strings in the content that are subject to content control; 
providing a triplet of an organization ID of an organization that uses the CCS, a CCS ID, and a region ID as input to a first key-manager, and in response to the input, the first key-manager generating a triplet-key; and 
encrypting the document, using a per-document key derived by applying a key derivation function (KDF) to the triplet-key, a document identifier (ID), and a salt, responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

Claim 8:	A computer-implemented system that monitors and controls exfiltration of documents stored on a cloud computing service (CCS), the system comprising: 
a processor and a non-transitory computer readable storage medium storing computer instructions configured to cause the processor to: 
use a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use; and 
a function or an activity being performed via the CCS API on a document; 

apply a content inspection rule to find strings and interrelated strings in the content that are subject to content control; 
provide a triplet of an organization ID of an organization that uses the CCS, a CCS ID, and a region ID as input to a first key-manager, and in response to the input, the first key- manager generating a triplet-key; and 
encrypt the document, using a per-document key derived by applying a key derivation function (KDF) to the triplet-key, a document identifier (ID), and a salt, responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

Claim 15:	One or more non-transitory computer readable media having instructions stored thereon for performing a method of monitoring and controlling exfiltration of documents stored on a cloud computing service (CCS), the method including: 
using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use; and 
a function or an activity being performed via the CCS API on a document; determining the function or the activity being performed via the CCS API by parsing a data stream based on the CCS API and identifying content in the document being transmitted to the CCS; 

providing a triplet of an organization ID of an organization that uses the CCS, a CCS ID, and a region ID as input to a first key-manager, and in response to the input, the first key-manager generating a triplet-key; and 
encrypting the document, using a per-document key derived by applying a key derivation function (KDF) to the triplet-key, a document identifier (ID), and a salt, responsive to finding the strings and interrelated strings subject to content control in the parsed stream.

Closest prior arts reviewed after conducting a complete search are as follows:

Lad (US 9917817) discloses “implementation of an integrated application that monitors outgoing data from a sender (or user) for any sensitive information, and subsequently intercepts and encrypts such sensitive data prior to emitting the data from the sender's end-point. In at least one embodiment of the invention, the definition of what constitutes sensitive data can be determined by relevant data loss prevention (DLP) policies in the form of content blades”.
Chennuru (US 9716724) discloses “a cloud based data loss prevention (DLP) system ("cloud DLP system") implements offline scanning of content stored in a cloud-based service belonging to an enterprise in accordance with the enterprise's policy and control. The cloud DLP system provides alerts or remediation in response to detection of non-compliance cloud content. In some embodiments, the cloud DLP system is 
Li (US 9697349) discloses “data loss prevention (DLP) systems may be implemented with collaborative services that may be integrated with or work in coordination with productivity services. Administrators may be enabled to configure DLP policies in the collaborative service to mitigate their organization's information disclosure risks, along with the detection and remediation of sensitive information. Access blocking may be a feature of the DLP system, where provision of access blocking may include determining if a detected action associated with content processed by the collaborative service matches access blocking criteria defined by DIP policy rules. In response to the determination that the action matches at least one access blocking criterion defined by the DLP policy rules, a block access tag associated with the content may be activated, previously defined permissions associated with the content may be ignored or altered, and access to the content may be restricted to a number of predefined users.”.

Prior arts reviewed and made of record fail to individually disclose the claimed invention as a whole recited in claims 1, 8 and 15.  Also, the reviewed prior arts in combination together fail to render the claimed invention as a whole obvious.
Claims 4-7, 11-14, and 18-20 depend upon respective independent claims above and are therefore allowed by virtue of their dependencies.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/TRANG T DOAN/Primary Examiner, Art Unit 2431