DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This action is in response to the amendment filed on November 23, 2021.  Claims 1-20 were received for consideration.  Per the Examiner’s Amendment below, claims 4-5 are cancelled and claims 1, and 14 are amended.
2.	Claims 1-3, and 6-20 are allowed as amended below. 



EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Sikander Khan (Reg. No. 78,888) on February 11, 2022. 

The application has been amended as follows: 

1.	(Currently Amended)  A computer-implemented method of enforcing data loss prevention policies at an endpoint without needing to perform content sensitivity scan at the endpoint, the method including:

the endpoint policy enforcer having access to a cloud-based metadata store that includes sensitivity metadata previously generated in advance of the requests to classify the documents as sensitive or non-sensitive based on deep inspection of the documents;
wherein the sensitivity metadata data that was generated by an inspection service that inspected the documents while the documents were resident in a cloud-based document store;
wherein the sensitivity metadata data that was generated by an inspection service that inspected the documents while the documents were in transit to or from a cloud-based document store;
in response to receiving a data egress request for a document, the endpoint policy enforcer determining sensitivity of the document by retrieving the sensitivity metadata for the document from the cloud-based metadata store; and
the endpoint policy enforcer enforcing a data loss prevention policy at the endpoint based on the retrieved sensitivity metadata and without performing a content sensitivity scan of the document at the endpoint.
2.	(Original)  The computer-implemented method of claim 1, further including determining that the retrieved sensitivity metadata identifies the document as sensitive and blocking the data egress request.
3.	(Original)  The computer-implemented method of claim 1, further including determining that the retrieved sensitivity metadata identifies the document as non-sensitive and allowing fulfillment of the data egress request.

Claim 4 (Cancelled)

Claim 5 (Cancelled) 


7.	(Original)  The computer-implemented method of claim 1, further including the endpoint policy enforcer having access to a local metadata store of the sensitivity metadata at the endpoint that is periodically synchronized with the cloud-based metadata store.
8.	(Original)  The computer-implemented method of claim 7, wherein the endpoint policy enforcer first retrieves the sensitivity metadata for the document from the local metadata store and, if no sensitivity metadata is available for the document in the local metadata store, then retrieves the sensitivity metadata from the cloud-based metadata store.
9.	(Original)  The computer-implemented method of claim 8, further including, when no sensitivity metadata is available for the document, the endpoint policy enforcer invoking a local anchor pattern scanner running on the endpoint that
preliminarily classifies the document as sensitive or non-sensitive based on an anchor pattern check;
sends the document that scored positive on the anchor pattern check to a cloud-based content sensitivity scanner that confirmatory classifies the document as sensitive or non-sensitive based on deep inspection; and
receives sensitivity metadata identifying the confirmatory sensitivity classification.
10.	(Original)  The computer-implemented method of claim 9, further including, when the local anchor pattern scanner preliminarily classifies the document as non-sensitive based on the anchor pattern check, allowing fulfillment of the data egress request.
11.	(Original)  The computer-implemented method of claim 9, further including updating the local metadata store to include the sensitivity metadata that identifies the confirmatory sensitivity classification for further data loss prevention policy enforcement at the endpoint.
12.	(Original)  The computer-implemented method of claim 9, further including keeping the data egress request on hold until the confirmatory sensitivity classification is received.

14.	(Currently Amended)  A computer-implemented method of controlling exfiltration of data in documents via an endpoint, the method including:
in response to detecting data egress events at the endpoints that would push the data in the documents from the endpoint to uncontrolled locations,
accessing a cloud-based metadata store and retrieving sensitivity metadata previously generated in advance of the data egress events to classify the documents as sensitive or not sensitive based on deep inspection of the documents;
wherein the sensitivity metadata data that was generated by an inspection service that inspected the documents while the documents were resident in a cloud-based document store;
wherein the sensitivity metadata data that was generated by an inspection service that inspected the documents while the documents were in transit to or from a cloud-based document store; and
enforcing data loss prevention policies at the endpoint based on the retrieved sensitivity metadata and without scanning the documents at the endpoint for sensitivity.
15.	(Original)  The computer-implemented method of claim 14, further including the endpoint having access to a local metadata store of the sensitivity metadata that is periodically synchronized with the cloud-based metadata store.
16.	(Original)  A device for enforcing data loss prevention policies at an endpoint, the device comprising:
a local metadata store maintained at the endpoint and configured to periodically receive from a cloud-based metadata store sensitivity metadata previously generated to classify documents as sensitive or non-sensitive based on deep inspection of the documents;
a local anchor pattern scanner running on the endpoint and configured to preliminarily classify the 
an endpoint policy enforcer running on the endpoint and configured to respond to data egress requests that would push data in the documents from the endpoint to uncontrolled locations based on sensitivity of the documents determined
by a look up of the local metadata store,
followed by a look up of the cloud-based metadata store for documents not identified in the look up of the local metadata store,
followed by preliminary sensitivity classification by the local anchor pattern scanner of documents not identified in the look ups of the local metadata store and the cloud-based metadata store, and
followed by confirmatory sensitivity classification by the cloud-based content sensitivity scanner of documents that scored positive on the anchor pattern check.
17.	(Original)  A non-transitory computer readable storage medium impressed with computer program instructions, the instructions, when executed on a processor, implement the method of claim 1.
18.	(Original)  A non-transitory computer readable storage medium impressed with computer program instructions, the instructions, when executed on a processor, implement the method of claim 14.
19.	(Original)  A system including one or more processors coupled to memory, the memory loaded with computer instructions, the instructions, when executed on the processors, implement actions of claim 1.
20.	(Original)  A system including one or more processors coupled to memory, the memory loaded with computer instructions, the instructions, when executed on the processors, implement actions of claim 14.



Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
The Examiner’s amendment above overcomes all the outstanding prior art rejections and the Terminal Disclaimer, filed on November 23, 2021, overcomes the outstanding Double Patenting rejection.  Therefore, the claims are allowable. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAVEH ABRISHAMKAR whose telephone number is (571)272-3786. The examiner can normally be reached M-F 9-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Darnell Jayne can be reached on 571-272-7723. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/KAVEH ABRISHAMKAR/
02/11/2022Primary Examiner, Art Unit 3649