DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This action is in response to the communication filed on January 8, 2020.  Claims 1-20 were originally received for consideration.  No preliminary amendments to the claims have been made.   
2.	Claims 1-20 are currently pending consideration.

Information Disclosure Statement

3.	Attached and initialed copies of Applicant’s IDS (form 1449), received on 7/7/20201, 11/9/2021 and 12/01/2021, is attached to this Office Action.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-19 of U.S. Patent No. US 11,019,101 (Narayanaswamy et al.) 
6.	Although the conflicting claims are not identical, they are not patentably distinct from each other because the ’101 Patent discloses or renders obvious the limitations of the present application as described below.



U.S. Patent 11,019,101
1. A system including one or more processors coupled to memory, the memory loaded with computer instructions to enforce data loss prevention (DLP) policies at an endpoint without needing to perform content sensitivity scan at the endpoint or on server-side, the instructions, when executed on the processors, implement actions comprising:

an endpoint traffic monitor that performs network traffic monitoring by parsing requests directed toward cloud-based services to determine that the requested cloud-based services are those that are previously identified as sensitive cloud-based services;

a file system monitor that performs file system monitoring by detecting write system calls issued by a file system driver of the endpoint to determine download of one or more documents to the endpoint from the sensitive cloud-based services;

a document classifier that labels the documents as sensitive based on a combination of

the inference from the network traffic monitoring that the documents originated from the sensitive cloud-based services, and



a local metadata store at the endpoint that stores the sensitivity labels for the documents as sensitivity metadata; and

an endpoint policy enforcer which, in response to detecting data egress events at the endpoint that would push data in a document from the endpoint to uncontrolled locations,

determines that the document is sensitive based on looking up the sensitivity metadata for the document in the local metadata store and without scanning the document at the endpoint for sensitivity, and enforces a DLP policy at the endpoint based on the determination.

2. A system including one or more processors coupled to memory, the memory loaded with computer instructions to enforce data loss prevention (DLP) policies at an endpoint without
needing to perform content sensitivity scan at the endpoint or on server-side, the instructions, when executed on the processors, implement actions comprising:

an endpoint traffic monitor that performs network traffic monitoring by parsing requests directed toward cloud-based services to 

a file system monitor that performs file system monitoring by detecting write system calls issued by a file system driver of the endpoint to determine download of one or more documents to the endpoint from the sensitive cloud-based services;

a document classifier that labels the documents as sensitive based on a combination of

the inference from the network traffic monitoring that the documents originated from the sensitive cloud-based services, and

the inference from the file system monitoring that the documents were downloaded to the endpoint; and

wherein the sensitivity labels for the documents are stored as sensitivity metadata and used by an endpoint policy enforcer for responding to data egress requests and endpoint DLP policy enforcement in future without scanning the documents at the endpoint for sensitivity.

3. The system of claim 2, wherein the sensitivity metadata is stored in a local metadata store at the endpoint.

4. The system of claim 3, wherein the sensitivity metadata further labels the sensitive cloud- based services as a source of the documents downloaded at the endpoint; and

implementing actions further comprising, in response to detecting a revision or copying of a downloaded document after the download, attaching the sensitivity metadata label from the downloaded document to the revised or copied document, including attaching the sensitivity metadata label identifying the sensitive cloud-based services as the source and updating the local metadata store with the attachment. 

5. The system of claim 4, implementing actions further comprising, in response to detecting a revision or copying of a downloaded document after the download, reevaluating sensitivity of the revised or copied document, generating sensitivity metadata that labels the revised or copied document as sensitive, and updating the local metadata store with the sensitivity metadata generated for the revised or copied document.

6. The system of claim 5, implementing actions further comprising embedding the sensitivity metadata in the downloaded documents.



8. The system of claim 7, wherein the sensitive cloud-based services are identified in at least one sensitivity list stored at the endpoint.

9. The system of claim 8, wherein the sensitive cloud-based services are identified based on their respective unified resource locators (URLs).

10. A computer-implemented method of enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint or on server-side, the method including: combining network traffic monitoring of user interaction with cloud-based services

identified as sensitive with file system monitoring of document download to the endpoint from the sensitive cloud-based services; the combination of the network traffic monitoring and the file system monitoring generating sensitivity metadata that labels documents downloaded to the endpoint from the sensitive cloud- based services as sensitive and persisting the sensitivity metadata in a local metadata store at the endpoint; and in response to detecting data egress events at the endpoint that would push 

11. The computer-implemented method of claim 10, wherein the sensitivity metadata further labels the sensitive cloud-based services as a source of the documents downloaded at the endpoint; and further including, in response to detecting a revision or copying of a downloaded document after the download, attaching the sensitivity metadata label from the downloaded document to the revised or copied document, including attaching the sensitivity metadata label identifying the sensitive cloud-based services as the source and updating the local metadata store with the attachment.

12. The computer-implemented method of claim 11, further including, in response to detecting a revision or copying of a downloaded document after the download, reevaluating sensitivity of the revised or copied document, generating sensitivity metadata that labels the revised or copied document as sensitive, and updating the local metadata store with the sensitivity 

13. The computer-implemented method of claim 10, further including embedding the sensitivity metadata in the downloaded documents.

14. The computer-implemented method of claim 10, wherein the sensitive cloud-based services are identified based on their functionality and sensitive nature of data they store.

15. The computer-implemented method of claim 14, wherein the sensitive cloud-based services are identified in at least one sensitivity list stored at the endpoint.

16. The computer-implemented method of claim 15, wherein the sensitive cloud-based services are identified based on their respective unified resource locators (URLs).

17. A non-transitory computer readable storage medium impressed with computer program instructions to enforce data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint or on server-side, the instructions, when executed on a processor, implement a method comprising: combining network traffic monitoring of user interaction with cloud-based services identified as sensitive with file system monitoring 
determining that the document is sensitive based on looking up the sensitivity metadata for the document in the local metadata store and without scanning the document at the endpoint for sensitivity; and enforcing a data loss prevention policy at the endpoint based on the determination.

18. The non-transitory computer readable storage medium of claim 17, wherein the sensitivity metadata further labels the sensitive cloud-based services as a source of the documents downloaded at the endpoint; and

implementing the method further comprising, in response to detecting a revision or copying of a downloaded document after the download, attaching the sensitivity metadata label from the downloaded document to the revised or copied document, including attaching the sensitivity 

19. The non-transitory computer readable storage medium of claim 18, implementing the method further comprising, in response to detecting a revision or copying of a downloaded document after the download, reevaluating sensitivity of the revised or copied document, generating sensitivity metadata that labels the revised or copied document as sensitive, and updating the local metadata store with the sensitivity metadata generated for the revised or copied document.

20. The non-transitory computer readable storage medium of claim 19, implementing the method further comprising embedding the sensitivity metadata in the downloaded documents. 







combining active proxy analysis of object deposit, retrieval, and sharing via the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and storing metadata of the objects, wherein the active proxy analysis includes: u
sing a proxy interposed between the user systems and the independent object stores, actively controlling manipulation of proxy-subject objects on the independent object stores by applying rules that utilize the active proxy analysis and sensitivity metadata to actively control the deposit, retrieval, and sharing via the independent object stores by the user systems; and wherein the inspection includes: inspecting proxy-bypassing objects on the independent object stores, and classifying and storing sensitivity metadata of the proxy-bypassing objects deposited and retrieved by users able to bypass the proxy and machines not subject to the proxy; and making 

















2. The method of claim 1, wherein the policy enforcement includes actively rejecting object sharing requests of first objects in the independent object stores, wherein the method further includes: applying rules that utilize logs or a metadata store to identify improper sharing of the first objects; and using an application programming interface (API) to cancel the identified improper sharing of the first objects.
3. The method of claim 1, wherein the policy enforcement includes retroactively cancelling object sharing of second objects from the independent object stores by inspecting logs or a metadata store from the independent object stores, wherein the method further includes: applying rules that utilize logs or the metadata store to identify improper sharing of the second objects; and using an application programming interface (API) to cancel the identified improper sharing of the second objects.
4. The method of claim 1, wherein the policy enforcement includes actively controlling retrieval of third objects from the independent object stores, wherein the method further includes: applying rules that access object threat metadata that identifies the third objects as malicious; and blocking retrieval of the identified malicious third objects.

6. The method of claim 1, wherein the policy enforcement includes actively controlling deposit of fifth objects to the independent object stores, wherein the method further includes: applying rules that access user system at-risk metadata that identifies user systems as compromised; and blocking deposit of the fifth objects by the identified compromised user systems.
7. The method of claim 1, wherein the policy enforcement includes preserving integrity of sixth objects in the independent object stores, wherein the method further includes: storing a true file type of sixth objects based on the active proxy analysis; determining changes in the true file type during the inspection of objects in the independent object stores; and triggering a security action in response to the determination.
8. The method of claim 1, wherein the policy enforcement includes preserving integrity of sixth objects in the independent object stores, further including: storing a true file type of sixth objects based on inspection; determining changes in the 
9. The method of claim 1, further including: actively controlling manipulation of the objects by applying multi-part policies that utilize the stored metadata.
10. The method of claim 1, wherein the active proxy analysis of object deposit, retrieval, and sharing via the independent object stores includes: using a cross-application monitor to detect a cloud computing service (CCS) application programming interface (API) in use; and determining object metadata of objects in the CCS by parsing a data stream based on the CCS API and identifying activities that include manipulation of the objects; and wherein the method further includes: generating for display, visual representation data for the objects in the CCS that graphically summarize: number of privately owned objects; number of publicly accessible objects; number of intra-organizationally shared objects; number of extra-organizationally shared objects; true file types of the objects; and number of policy violations.
11. A non-transitory computer readable storage medium impressed with computer program instructions to establish a middle ware object security layer between an organization's user systems and independent object stores, wherein the instructions, when executed on a processor, implement a method comprising: combining 
12. The non-transitory computer readable storage medium of claim 11, wherein the policy enforcement includes actively rejecting object sharing requests of first objects in the independent object stores, wherein the method further comprises: applying rules that utilize logs or a metadata store to identify improper sharing of the first objects; and using an application 
13. The non-transitory computer readable storage medium of claim 11, wherein the policy enforcement includes retroactively cancelling object sharing of second objects from the independent object stores by inspecting logs or a metadata store from the independent object stores, wherein the method further comprises: applying rules that utilize logs or the metadata store to identify improper sharing of the second objects; and using an application programming interface (API) to cancel the identified improper sharing of the second objects.
14. The non-transitory computer readable storage medium of claim 11, wherein the policy enforcement includes actively controlling retrieval of third objects from the independent object stores, wherein the method further comprises: applying rules that access object threat metadata that identifies the third objects as malicious; and blocking retrieval of the identified malicious third objects.
15. The non-transitory computer readable storage medium of claim 11, wherein the policy enforcement includes actively controlling retrieval of fourth objects from the independent object stores, wherein the method further comprises: applying rules that access user system at-risk metadata that identifies user systems as compromised; and blocking retrieval of the 



16. The non-transitory computer readable storage medium of claim 11, wherein the policy enforcement includes actively controlling deposit of fifth objects to the independent object stores, wherein the method further comprises: applying rules that access user system at-risk metadata that identifies user systems as compromised; and blocking deposit of the fifth objects by the identified compromised user systems.


17. The non-transitory computer readable storage medium of claim 11, wherein the method further comprises: actively controlling manipulation of the objects by applying multi-part policies that utilize the stored metadata.





18. A system including one or more processors coupled to memory, the memory loaded with computer instructions to establish a middle ware object security layer between an organization's user systems and independent object stores, wherein the instructions, when executed on the one or more processors, implement a method comprising: combining active proxy analysis of object deposit, retrieval, and sharing via the independent object stores with inspection of objects in the independent object stores, each of the analysis and inspection generating and storing metadata of the objects, wherein the active proxy analysis includes: using a proxy interposed between the user systems and the 




19. The system of claim 18, wherein the method further comprises: actively controlling manipulation of the objects by applying multi-part policies that utilize the stored metadata.





Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786. The examiner can normally be reached M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Darnell Jayne can be reached on 571-272-7723. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/KAVEH ABRISHAMKAR/
02/28/2022Primary Examiner, Art Unit 3649