Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims:
Claims 1-20 are pending in this application.

Formal Drawings
The formal drawings received on 05/21/2020 have been entered.

Information Disclosure Statement
The information disclosure statement submitted 05/21/2020 and 04/13/2021 has been considered.

Internet Communications
Applicant is encouraged to file an Internet Communications form to authorize correspondence during prosecution.  To facilitate processing of the internet communication authorization or withdraw of authorization, the Office strongly encourages use of Form PTO/SB/439, available at www.uspto.gov/patent/patents-forms. The form may be filed via EFS-Web using the document description Internet Communications Authorized or Internet Communications Authorization Withdrawn to facilitate processing.   

Examiner Comments
Additionally, the following limitations do not make the scope indeterminate, however there seems to be some inconsistencies.  Clarification is requested.  
Claim 1, 8, and 15 recites and/or “from a first user device, a first feedback from a first predetermined party.  However, it seems that the two would be the same user/party, see fig. 5. Clarification is requested.
Allowable Subject Matter
Claim 4, 11, and 18 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective 
Claims 1-3, 5-10, 12-17 and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brisebois et al. (US 2017 / 0329972), hereinafter Brisebois, reference cited in Applicants IDS, and further in view of Schneier et al. (US 2007 / 0162973), hereinafter Schneier.

Regarding claims 1, 8 and 15, 
Brisebois teaches a method, comprising: obtaining, by a computer processor and from a first user device, a first feedback from a first predetermined party regarding a first data loss prevention (DLP) event through a graphical user interface (GUI) (Applicants specification provides for feedback to be escalating for further review (see para. 20).  Here, see paras. 33 and 82, obtaining via the reporting module 318  an interface to display information pertaining to violations of DLP policies and associated context information, wherein the information may include SME assessments/escalation (i.e. first feedback) from an expert (i.e. first user) regarding alert associated with DLP event); 
wherein the first DLP event corresponds to a transfer of a data file by a second user device within a network (see para. 87, wherein the DLP violation event may correspond to a user in the company network (i.e. second user within a network) emailing a document);
determining, by the computer processor, whether the first DLP event is authorized using the first feedback (see para. 82, determining by reporting module whether the expert feedback/escalation (see also para. 33) results in event being eligible for enforcement actions (i.e. event is authorized)); 
and transmitting, by the computer processor and automatically in response to the selection of the security action, a command that initiates the security action (see para. 82, he user permission manager 316 can determine, via access profiles, enforcement actions that the designated users are authorized to perform. Responsive to selections by the designated users, the credentials module 320 can execute those enforcement actions on the communications platforms 326 using the stored administrative credentials). 
Brisebois fails to teach transmitting automatically in response to determining a DLP event is not authorized a request for a second feedback, by a second predetermined pary selected automatically according to a routing queue, obtaining in response to feedback a selection of a security action regarding the first DLP event.
However, in analogous art Schneier teaches transmitting, by the computer processor and automatically in response to determining that the first DLP event is not authorized, a request for a second feedback by a second predetermined party using the GUI (see para. 81, determining whether the incident (i.e. event) needs to be escalated, the incident can be transferred to another analyst (or security engineer) for investigation, wherein incidents can be escalated automatically (see also para. 99)); 
wherein the second predetermined party is selected for the request automatically according to a routing queue (see para. 89 and 91-97, an incident may be escalated from security analysts to senior security analysts to security engineers and finally to the network intelligence and engineering organizations of the MSM service itself, When escalation criteria are met, workflow procedures can be defined to perform one or more actions escalating from first level support to second level support to manager of the day escalating to upper management (i.e. routing queue)),
(see para. 82, Once an analyst (or security engineer) is capable of handling the ticket, he or she determines, in step 535, the symptoms, vulnerabilities and recommended solutions associated with the incident the analyst (or security engineer) determines an appropriate response level, and in step 545, he or she initiates such a response);  
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to modify Brisebois to include transmitting automatically in response to determining a DLP event is not authorized a request for a second feedback, by a second predetermined pary selected automatically according to a routing queue, obtaining in response to feedback a selection of a security action regarding the first DLP event as taught in Schneier.  One would do so for the benefit of determining if incident needs to be transferred to another analyst (see para. 99).    
Amdt. dated Sept. 1, 2020
Regarding claims 2, 9 and 16,
Brisebois in view of Schneier teaches the limitations as described in claims 1, 8 and 15 above.
However, it fails to teach determining a predetermined organization associated with the first user device, wherein the routing queue is determined among a plurality of routing queues based on the predetermined organization, and 31PATENT APPLICATIONwherein the routing queue automatically transmits a plurality of requests for feedback regarding the first DLP event to a plurality of predetermined parties.
further teaches determining a predetermined organization associated with the first user device, wherein the routing queue is determined among a plurality of routing queues based on the predetermined organization, and 31PATENT APPLICATIONwherein the routing queue automatically transmits a plurality of requests for feedback regarding the first DLP event to a plurality of predetermined parties using the GUI (see paras. 91-97, When escalation criteria are met, workflow procedures can be defined to perform one or more actions. Examples of such actions include: sending notification of the problem to the appropriate group or individual; reassigning the problem; escalating from first level support to second level support to manager of the day; escalating to upper management; generating a report for the problem; and incrementing or decrementing the priority of the problem (i.e. queue is determined based on organization)).Appl. No.16/232,819 
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to modify Brisebois to include determining a predetermined organization associated with the first user device, wherein the routing queue is determined among a plurality of routing queues based on the predetermined organization, and 31PATENT APPLICATIONwherein the routing queue automatically transmits a plurality of requests for feedback regarding the first DLP event to a plurality of predetermined parties as taught in Schneier.  One would do so for the benefit of determining if incident needs to be transferred to another analyst (see para. 99).    

Regarding claims 3. 10 and 17,
Brisebois in view of Schneier teaches the limitations as described in claims 1, 8 and 15 above.
further teaches wherein the second user device comprises an endpoint agent that monitors data that is accessed by the second user device based on a first security policy, and wherein the endpoint agent transmits a DLP message to a DLP manager in response to detecting a second file transfer regarding data that corresponds to the first security policy (see paras. 34, for events that have been assigned a risk value that satisfies a threshold (e.g., high risk value), the risk assessment engine 106 may send an alert to one or more experts in the particular subject matter when an event occurs again on this pre-assigned rule).Appl. No.16/232,819 

Regarding claims 5, 12 and 19,
Brisebois in view of Schneier teaches the limitations as described in claims 1, 8 and 15 above.
Brisebois further teaches wherein the command is transmitted to the second user device, and wherein the security action causes the data file on the second user device to be inaccessible until a DLP manager unlocks the data file (see paras. 88 the action selected by the expert may cause the credentials of one or more participants associated with the event to be revoked, locking them out of all enterprise systems, and preventing them from accessing any additional data).Appl. No.16/232,819 

Regarding claims 6, 13 and 20,
Brisebois in view of Schneier teaches the limitations as described in claims 1, 8 and 15 above.
Brisebois further teaches determining a plurality of DLP events corresponding to unauthorized disclosures by email outside the network,  (see paras. 44 and 82, In this example, the business logic security manager 214 may examine email to determine whether it is addressed to an email address designated as personal (e.g., email addressed to family members) and if the email is identified as personal, the email may be discarded by the data collection system 202 or not processed any further by the SME system 102 and the reporting module 318 provides an interface to display to designated users (e.g., the experts 152 of FIG. 1) information pertaining to violations of DLP policies and associated context information. The reporting module 318 may generate alerts (e.g., the alert 150) and/or reports using, for example, any of the communications platforms 32).Appl. No.16/232,819 

Regarding claims 7 and 14,
Brisebois in view of Schneier teaches the limitations as described in claims 1 and 8 above.
Brisebois further teaches wherein the first predetermined party is a cybersecurity investigator, and wherein the second predetermined party is a human resources (HR) entity (see paras. 30, 33 and 35, wherein user roles can be considered to determine SME  expertise of each user, the user's organization rank (e.g., for enterprise employees, the rank may be determined via Active Directory data), the user's organization, position, level, manager, wherein alerts may be sent to expert in the subject matter (i.e. cybersecurity analyst or HR) for further action/feedback required).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. All references listed on 892 are related to device profile determination.
US 9,300,693 B1– Manmohan, preventing data loss over virtualized networks

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EMAD H SIDDIQI whose telephone number is (469)295-9126.  The examiner can normally be reached on M-F 9 am-5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on 571-272-3980.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KEVIN T BATES/Supervisory Patent Examiner, Art Unit 2458                                                                                                                                                                                                        
/Emad Siddiqi/Examiner, Art Unit 2458