Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	Claims 1- 20 are pending. 

Response to Arguments and Amendments
3.	Applicant’s arguments, see on page 1-3 on remarks, filed 10/22/2021, with respect to the rejection(s) of claim(s) 1-20 under 103 rejections have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Buron Florian (WO 2007/087629 A1).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1-4, 8, 11-14, and 18 are rejected under 35U.S.C 103 as being unpatentable over Oskar Bruening (US8108370), in view of Vion Dury (EP 1329808), Gene Savchuk (US 7467202), and further in view of Buron Florian (WO 2007/087629 A1), hereinafter Florian. 

	Regarding claim 1:
the server 102 hosts a confidential data detection system 104. The confidential data detection system 104 detects confidential information in documents containing free-form text. These documents may be, for example, transported messages (e.g., email messages, Web mail message, instant messages, etc.) and/or documents stored in data repositories. The confidential data detection system 104 detects confidential information in the form of personal identifiers such as credit card numbers, social security numbers, account numbers, employee numbers, IP addresses, driver license numbers, license plate numbers, etc (Bruening, column 4, [lines 12-23]); upon secondary data defined another of the plurality of operands being present in the content ; and an entity engine executable on one or more processors, the entity engine configured to: receive first content for classification into one of the plurality of content types for preventing data breach or exfiltration the search is performed using classified data patterns that include rigid pattern formats of personal identifiers and their variations. The classified data patterns used by the search engine 204 (Bruening, column 5, [lines 15-20]). Examiner interprets that classified data is equivalent with first content limitation in claim 1. Determine that secondary data, defined by a first operand of a first entity definition of the plurality of entity definitions, is present in the first content processing logic searches the document for data that resembles personal identifiers such as credit cards, Social security numbers, IP addresses, etc. Processing logic performs the search using classified data patterns associated with the personal identifiers (Bruening, column 6, [lines 15-20]). And classify the first content into a first content type of the plurality of content types, corresponding to the first entity definition, based on matching the matching element of the first operand to the first content, and matching other operands of the first entity definition to the first content the validators may include, for example, checksum algorithms, checks against valid (or invalid) ranges of numbers within a potential match, checks for a valid prefix or suffix of a potential match, checks for valid digits or number of digits within a potential match, search of the document for one or more keywords, etc. One embodiment of a method for validating detected personal identifier candidates will be discussed in more detail below in conjunction with FIG. 5. If any of the detected personal identifier candidates are valid (block 310), processing logic reports to an appropriate entity that the document contains confidential information and provides a list of validated matches (block 310) (Bruening, column 6, [lines 25-37]). However, Bruening fails to disclose a Boolean expression of a plurality of each of the plurality of operands specifying , at least one operand of the plurality of operands comprising a matching element to be used for matching against content undergoing classification into the respective content type of the plurality of content types; match a matching element of the first operand against the first content, a corresponding threshold score for the respective content type, and specifying a corresponding weight; identify  a weight specified by the second operand used to match the matching element against the first content for classification of the first content into a first content type of the plurality of content type; identifying a threshold score specified by the Boolean expression of the first entity definition corresponding to the first content type; determine that the weight specified for the classification satisfies the threshold score specified by the Boolean expression of the first entity definition; and determining that the weight satisfies the threshold score.
	Dury teaches Boolean expression of a plurality of operands, at least one operand of the plurality of operands comprising a matching element to be used for matching against content undergoing classification into the respective content type of the plurality of content types; match a matching element of the first operand against the first content pattern matching operations make it possible to check a given expression e for whether the expression contains a structural pattern, and to extract a part of its content, in a single operation. A pattern matching operation is made up of three parts: The first part is an expression e against which the filter is to be checked. This part is called the subject. The second and third parts are the pattern-matching operator # and the filter f. The subject can be a variable, a constant, or a more complex expression that will be evaluated prior to matching (Dury, paragraph 27), and further the test operator, noted % in the present example, is used in conjunction with a constant, variable or complex expression, which will be evaluated prior to matching. It tests the occurrence of the value given by its operand at some point in the structure (Dury, paragraph 35). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Dury in order to providing accurate detection of confidential information.
the matches, if any, may be evaluated by a scoring function, and if a preset score threshold is reached, an alert may be generated (Savchuk, column 21, [lines 59-60]), and specifying a corresponding weight; identify a weight specified by the second operand used to match the matching element against the first content for classification of the first content into a first content type of the plurality of content type  the dictionaries for positive and negative sets may then be compared and the words/ phrases may be assigned Bayesian probability estimates. Words/phrases with high estimates can be used to guess the type of the sample document because of their close association either with positive or with negative training samples. Words/phrases from the combined dictionary may be sorted by the resulting weights (Savchuck, column 22, [lines 10-17]); determine that the weight specified for the classification satisfies the threshold score specified by the Boolean expression of the first entity definition; and determining that the weight satisfies the threshold score the final scores may be compared with thresholds, stored in the corresponding alert information record (AIR) lists loaded from keyword files. The largest threshold less or equal to the given score defines what alert may be generated; all the necessary information to generate the alert may store in the corresponding AIR (Saychuck, column 24, [lines 16-22]) and if a preset threshold is reached, an alert may be generated (Saychuck, column 25, [lines 30-21]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Saychuck in order to prevent leaks of information and/or to detect rogue encryption.
	Florian teaches identifying a threshold score specified by the Boolean expression of the first entity definition corresponding to the first content type identifying one or more documents may include determining a canonical expression corresponding to the key words. Identifying the one or more documents may include determining a score for each of the one or more documents (Florian, para 10), and a score may be determined for each document that matches the search query. The score may be based on the canonical and/or Boolean expression for the respective location search query (Florian, para 50). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Florian because the 

Regarding claim 2:
	Burening  disclose  the validators may include, for example, checksum algorithms, checks against valid (or invalid) ranges of numbers within a potential match, checks for a valid prefix or Suffix of a potential match, checks for valid digits or number of digits within a potential match, search of the document for one or more keywords, etc. ( Burening, column 5, [lines 54-60]), but fails to disclose wherein each of the plurality of entity definitions comprises a Boolean expression of a plurality of operands, each operand including a matching element corresponding to one of: a pattern, a term, a dictionary of words or phrases, or another entity definition. However, Dury teaches the second and third parts are the pattern-matching operator # and the filter f. The subject can be a variable, a constant, or a more complex expression that will be evaluated prior to matching (Dury, paragraph 27), and further the test operator, noted % in the present example, is used in conjunction with a constant, variable or complex expression, which will be evaluated prior to matching. It tests the occurrence of the value given by its operand at some point in the structure (Dury, paragraph 35). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Dury in order to providing accurate detection of confidential information.

	Regarding claim 3:
	Burening discloses wherein the dictionary of words or phrases comprises a list of entries each of which comprises a word or a phrase, and a match between the dictionary and corresponding content occurs when the corresponding content matches any entry in the list of entries Validator 710 checks whether the candidate is not part of invalid identifiers. Validators 714 and 728 verify that a certain set of keyword does not exist in the message in the proximity to the candidate. Validators 716 and 738 check for a valid suffix of the candidate. Validator 718 checks the messages for a given list of keyword, and if any keyword is found it checks the candidate for valid patterns. Validator 720 per tains to an IP address and checks whether the format of the IP address is valid and its value is below a predefined number (Burening, column 9, [lines 1-7]).

	Regarding claim 4:
	Burening, Dury, Saychuck and Florian disclose wherein each of the plurality of entity definitions comprises  the Boolean expression of the plurality of operands, each operand specifying a maximum score for determining a matching score for a corresponding content the final scores may be compared with thresholds, stored in the corresponding alert information record (AIR) lists loaded from keyword files. The largest threshold less or equal to the given score defines what alert may be generated; all the necessary information to generate the alert may store in the corresponding AIR (Saychuck, column 24, [lines 16-22]) and if a preset threshold is reached, an alert may be generated (Saychuck, column 25, [lines 30-21]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Saychuck in order to prevent leaks of information and/or to detect rogue encryption.

	Regarding claim 8:
	Burening, Dury, Saychuck and Florian disclose wherein the entity engine is configured to determine that the secondary data is present in the first content, the secondary data comprising one or more terms relevant to a context of the corresponding matching element the search engine 204 searches documents 202 for data resembling personal identifiers such as credit card numbers, Social security numbers, account numbers, employee numbers, IP addresses, driver license numbers, license plate numbers, etc. The search is performed using classified data pat terns that include rigid pattern formats of personal identifiers and their variations. The classified data patterns used by the search engine 204 are configurable by a pattern list configurator 210 (Burening, column 5, [lines 11-20]).

Regarding claim 11:
Claim 11 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 12:
Claim 12 is rejected under the same reason set forth in rejection of claim 2.

Regarding claim 13:
Claim 13 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 14:
Claim 14 is rejected under the same reason set forth in rejection of claim 4.

Regarding claim 18:
Claim 18 is rejected under the same reason set forth in rejection of claim 8.

5.	Claims 5-6, 10, 15-16, and 20 are rejected under 35U.S.C 103 as being unpatentable over Oskar Bruening (US8108370), in view of Vion Dury (EP 1329808), Gene Savchuk (US 7467202), Buron Florian (WO 2007/087629 A1), further in view of Charles Lamanna (US 9495639), hereinafter Lamanna.

	Regarding claim 5:
	Bruening discloses wherein the entity engine is configured to classify the first content into the first content type corresponding to the first entity definition validators 732,734 and 736 pertains to social security numbers and check for their valid format and valid group number. Validator 740 pertains to U.K. driver license numbers and checks whether the candidate is a valid U.K. driver license number (Bruening, column 9, lines 12-17]), but fail to disclose if all operands of the first entity definition matches to the first content within a predefined proximity window. However, Lamanna teaches the application may recognize a pattern 206 as a keyword match within proximity window 202. Alternatively, the application may be configured to recognize regex adjacent or within a predefined distance to a proximity window. The application may recognize another pattern 208 adjacent to proximity window 204 (Lamanna, column 5, [lines 13-18]), and further teaches a pattern 306 outside a proximity window 322 to an evidence may not be matched. In another example, pattern 308 may not be fully within a proximity window 324 to any evidence. As a result, the pattern 308 may not be matched. In another example, pattern 312 may be within proximity window 326 to evidence 310 and 314. As a result, the pattern 312 may be matched (Lamanna, column 5, [lines 49-56]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Lamanna in order to maintain and secure documents in order to comply with the business requirements (Lamanna, column 1, [lines 20-25]).

Regarding claim 6:
	Bruening discloses wherein the entity engine is configured to determine that the matching element of the second operand matches the first content when the matching element matches to elements the confidential data detection system 104 applies a list of validators to the potential matches and determines which of the potential matches are likely to be valid personal identifiers. The validators may include, for example, checksum algorithms, checks against valid (or invalid) ranges of numbers within a potential match, checks for a valid prefix or suffix of a potential match, checks for valid digits or number of digits within a potential match (Burening, column 4, [lines 36-45]), but fail to within the first content over a predetermined minimum number of occurrences. However, Lamanna teaches an entity rule may be evaluated from an analysis of a collection of patterns, an affinity rule may be evaluated from an analysis of a collection of evidences. The entity and affinity rules may be used to process documents and compare against predetermined thresholds for rule assessment (Lamanna, column 8, [lines 48-55]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Lamanna in order to maintain and secure documents in order to comply with the business requirements (Lamanna, column 1, [lines 20-25]).

Regarding claim 10:
	Bruening discloses manage the first content for data loss prevention If any of the detected personal identifier candidates are valid (block 310), processing logic reports to an appropriate entity that the document contains confidential information and provides a list of validated matches (block 310) (Burening, column 6, [lines 34-39]), but fail to disclose according to a severity level assigned to the first content type. However, Lamanna teaches the confidence level may be used with a threshold to inform an action to take. In an example scenario, an application may encrypt credit card numbers upon determining a high confidence level that the document has credit card numbers (Lamanna, column 4, [lines 60-67]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Lamanna in order to maintain and secure documents in order to comply with the business requirements (Lamanna, column 1, [lines 20-25]).

Regarding claim 15:
Claim 15 is rejected under the same reason set forth in rejection of claim 5.

Regarding claim 16:
Claim 16 is rejected under the same reason set forth in rejection of claim 6.

Regarding claim 20:
Claim 20 is rejected under the same reason set forth in rejection of claim 10.


6.	Claims 7 and 17 are rejected under 35U.S.C 103 as being unpatentable over Oskar Bruening (US8108370), in view of Vion Dury (EP 1329808), Gene Savchuk (US 7467202), Buron Florian (WO 2007/087629 A1), further in view of Cecil Lynch (US9824236), hereinafter Lynch.

Regarding claim 7:
	Burening discloses wherein the entity engine is configured to determine that the matching element of the second operand matches the first content one embodiment of a method for validating detected personal identifier candidates will be discussed in more detail below in conjunction with FIG. 5. If any of the detected personal identifier candidates are valid (block 310), processing logic reports to an appropriate entity that the document contains confidential information and provides a list of validated matches (block 310) (Bruening, column 6, [lines 25-37]), but fail to disclose by determining that the matching element matches a string of characters in the first content, and validating each of a plurality of subgroups of the string of characters. Lynch teaches the cohesion crawler determines that the two records (EMR #11 and EMR #12) actually belong together because of the hash of the common SSN in each, thus joining all of George’s records together notwithstanding instances of George’s two addresses causing two subgroups (Lynch, column 13, [lines 1-4]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Lynch in order to protect the identity of the individual associated with the record (Lynch, column 1, [lines 8-10]).  

Regarding claim 17:
Claim 17 is rejected under the same reason set forth in rejection of claim 7.

7.	Claims 9 and 19 are rejected under 35U.S.C 103 as being unpatentable over Oskar Bruening (US8108370), in view of Vion Dury (EP 1329808), Gene Savchuk (US 7467202), Buron Florian (WO 2007/087629 A1), further in view of Greg Lesiecki (US9058380).

Regarding claim 9:
	Bruening, Dury and Savchuk disclose the validators may include, for example, checksum algorithms, checks against valid (or invalid) ranges of numbers within a potential match, checks for a valid prefix or Suffix of a potential match, checks for valid digits or number of digits within a potential match, search of the document for one or more keywords, etc. ( Burening, column 5, [lines 54-60]), but fail to disclose wherein the secondary data comprises terms or identifiers that correlates to a homonymic context of the corresponding matching element. However, Lesiecki teaches post-filters can determine whether one word is a synonym, Substitution, nickname, or homonym of another word. Post-filters can adjust matching scores if these words are found and make up part of a matching score. The particular values by which each word or type of word are adjusted are configurable (Lesiecki, column 17, [lines 61-66]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Burening with that of Lesiecki in order to provide effective list filtering systems that may be customized to each company/organization based on industry, individual entity risk, geographical location (Lesiecki, column 1, [lines 45-50]).

Regarding claim 19:
Claim 19 is rejected under the same reason set forth in rejection of claim 9.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556. The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor Nickerson Jeffrey L can be reached on 4692959235.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either obtained from either Private PAIR or Public PAIR. Status information for 

/THANH H LE/             Examiner, Art Unit 2432                                                                                                                                                                                           

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436