DETAILED ACTION

This action is made FINAL in response to the amendments filed on 1/20/22.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1 - 20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Nefedov et al (US 2013/0263206).
As to claim 1, Nefedov et al teaches a computer-implemented method for predictive decision-making (paragraph [0109]...embodiments allow users the ability to implement device-wide data access policies, as well as to make data access policy decisions and/or assign security attributes for different applications), comprising:
associating an uncertainty value (paragraph [0039]...policies association with application) with a spatial (paragraph [0071]... using database techniques such as spatial indexes), temporal (paragraph [0037]...one or more contextual parameters may, for instance, include one or more temporal parameters, one or more location parameters, and/or one or more activity parameters), or contextual data element (paragraph [0045]...contextual parameters) that has been spatially, temporally, or contextually indexed (paragraph [0071]... using database techniques such as spatial indexes) in memory as a function of one or more rules (paragraph [0073]...rule based mining can be performed through either supervised learning or unsupervised learning techniques. In this case, user preferences and application behavior are unknown and may vary significantly, depending on a given context and a user. In one embodiment, the analysis module 211 detects anomaly based on a combination of rule-based and unsupervised learning with distance-based techniques).;
receiving data (paragraph [0033]... sensor modules 119a-119n) comprising spatial, temporal, and contextual data elements from one or more data sources (paragraph [0033]...to determine context data associated with the plurality of application data requests (e.g., location information, timing information, orientation, etc.)); and
modifying the uncertainty value (paragraph [0038]...adjust policies) based on a spatial, temporal, or contextual element of the received data (paragraph [0039]...the system 100 determines one or more contexts under which the at least one application operates, and associates the one or more policy compliance profiles with the one or more contexts. The system 100 then processes user contextual information, user application use information, or a combination thereof against the association, the one or more policy compliance profiles, the one or more contexts, or a combination thereof to determine one or more adaptions to one or more policies associated with the application)

As to claim 2, Nefedov et al teaches the method, further comprising:
identifying an anomaly in the received data (paragraph [0072]...anomaly/outlier detection refers to detecting patterns in a given data set that do not conform to an established normal behavior. The patterns thus detected are called anomalies and often translate to critical and actionable information in several application domains).

paragraph [0100]...the compliance platform 103 determines anomaly is detected and then prompts an alert to the user).



As to claim 4, Nefedov et al teaches the method, wherein the notification (paragraph [0100]...the compliance platform 103 determines anomaly is detected and then prompts an alert to the user) comprises an alert indicating the identified anomaly  and one or more data sources (paragraph [0099]...the compliance platform 103 analyzes the logging database for exceptional behavior, violations, etc. By way of example, the initial data access policy App A is represented as access(r,_, [(I,_)(A,_),(S,_)]). When the compliance platform 103 detects the following exceptional behavior is detected: App A accesses resource r with a frequency>f, where f is the threshold frequency for anomaly detection, i.e., anything above which is considered suspicious, the compliance platform 103 further analyzes the logging database in correlation with user contextual data to assess if the behavior only occurs during time interval [t1,t2] or when the user is at location L, performing activity A, and (socially) interacting S.).

As to claim 5, Nefedov et al teaches the method, further comprising:
updating the spatially (paragraph [0071]... using database techniques such as spatial indexes), temporal (paragraph [0037]...one or more contextual parameters may, for instance, include one or more temporal parameters, one or more location parameters, and/or one or more activity parameters), or contextual data element (paragraph [0045]...contextual parameters) using a spatial, temporal, or contextual data element in data received from one or more alternate streaming data sources (paragraph [0046]...the one or more data access policies may include the policy that "No user activity information should be collected when the user is in the office." In MFOTL, such policy may written as the following: update[1](u, location, `office`).fwdarw.NOT insert[1](u, activity, null), where u represents the user, location and activity represents respective tables, and `office` represents the location parameter (e.g., the location parameter unit is of the granularity `home,` `office,` `supermarket,` etc.). If, for instance, this policy is the only policy defined on the location table, then it may be sufficient to only log "update" operations on the location table with the value `office.`).

As to claim 6, Nefedov et al teaches a computer-implemented method for predictive decision-making (paragraph [0109]...embodiments allow users the ability to implement device-wide data access policies, as well as to make data access policy decisions and/or assign security attributes for different applications), comprising:
identifying (paragraph [0030]...compliance platforms 103a-103n)  one or more rules in a set of rules (paragraph [0032]...the compliance platform 103 may include or have access to a policy database 109 to access, adapt or store policy information (e.g., data access policies, auditing specifications, default policies of policy adaption, etc.) associated with users, devices, applications, and data stores, etc. The compliance platform 103 may also include or have access to a log database 111 to access or store data access request logs and policy compliance profiles associated with the data access policies, the auditing specifications, etc), each rule having a relationship defined in memory between spatial, temporal, and contextual data elements (paragraph [0073]...Rule based mining can be performed through either supervised learning or unsupervised learning techniques. In this case, user preferences and application behavior are unknown and may vary significantly, depending on a given context and a user. In one embodiment, the analysis module 211 detects anomaly based on a combination of rule-based and unsupervised learning with distance-based techniques);
identifying an event as satisfying at least one of the identified one or more rules (paragraph [0030]...system 100 may determine that a predetermined threshold with respect to a number of violations satisfying a particular contextual parameter (e.g., data transfers outside one or more trusted geographical regions) has been reached); and recommending a modification to the at least one of the identified one or more rules based on the identified event (paragraph [0038]... the contextual information, the system 100 may report to the user a potential privacy threat with suggestions/recommendations to adjust policies based on the given context).

As to claim 7, Nefedov et al teaches the method, further comprising:
communicating the recommended modification to a user interface (paragraph [0078]... the communication interface 215 may transmit the generated notifications).

As to claim 8, Nefedov et al teaches the method, wherein the recommended modification comprises a recommendation to modify the relationship defined in memory for the at least one of the identified one or more rules (paragraph [0094]... the compliance platform 103 causes, at least in part, a presentation of the one or more adaptions as one or more recommendations (e.g., suspending the gaming application, blocking access to the award, blocking the access by a malicious player, etc.). The compliance platform 103 determines an input for selecting the one or more adaptations based, at least in part, on the presentation (e.g., blocking all access by a malicious player). The compliance platform 103 causes, at least in part, an application of the one or more adaptations to the one or more policies based, at least in part, on the one or more policies).

As to claim 9, Nefedov et al teaches the method, wherein the recommended modification comprises updating one or more fields associated with spatial, temporal or contextual data elements (paragraph [0094]... the compliance platform 103 causes, at least in part, a presentation of the one or more adaptions as one or more recommendations (e.g., suspending the gaming application, blocking access to the award, blocking the access by a malicious player, etc.). The compliance platform 103 determines an input for selecting the one or more adaptations based, at least in part, on the presentation (e.g., blocking all access by a malicious player). The compliance platform 103 causes, at least in part, an application of the one or more adaptations to the one or more policies based, at least in part, on the one or more policies).

As to claim 10, Nefedov et al teaches the method, further comprising: modifying the at least one of the identified one or more rules based on the recommended modification (paragraph [0055]...the compliance platform 103 recommends the user with policies of state-of-the-art implementations as stored in memory 203, and then adapts the initial policies to match with one or more user contexts as discussed later).

As to claim 11, Nefedov et al teaches the method, further comprising: identifying an event as satisfying the modified rule (paragraph [0039]...the system 100 may determine that a predetermined threshold with respect to a number of violations satisfying a particular contextual parameter).

As to claim 12, Nefedov et al teaches the method, further comprising:
providing an indication that the modified rule is satisfied (paragraph [0100]...If the conditions are satisfied, the compliance platform 103 determines anomaly is detected and then prompts an alert to the user).

As to claim 13, Nefedov et al teaches the method, wherein the step of identifying the event as satisfying the at least one of the identified one or more rules (paragraph [0039]...a report including the entries that indicate violations satisfying the particular contextual parameter may be generated and prompted to the user as an alert to signify non-compliance with the data access policies) further comprises:
paragraph [0033]...to determine context data associated with the plurality of application data requests (e.g., location information, timing information, orientation, etc.)); 
identifying (paragraph [0030]...compliance platforms 103a-103n) each rule of the set of rules for which the received data is a candidate (paragraph [0032]...the compliance platform 103 may include or have access to a policy database 109 to access, adapt or store policy information (e.g., data access policies, auditing specifications, default policies of policy adaption, etc.) associated with users, devices, applications, and data stores, etc. The compliance platform 103 may also include or have access to a log database 111 to access or store data access request logs and policy compliance profiles associated with the data access policies, the auditing specifications, etc); and
for the identified rules for which the received data is a candidate, respectively (paragraph [0053]...the functions of the compliance platform 103 may be performed by one or more applications 107 and the information included within the policy database 109 and/or the log database 111 may be stored at a local memory within the UE 101) indexing the received data in memory by each of its spatial, temporal, or contextual data elements as a function of said identified rules (paragraph [0073]...rule based mining can be performed through either supervised learning or unsupervised learning techniques. In this case, user preferences and application behavior are unknown and may vary significantly, depending on a given context and a user. In one embodiment, the analysis module 211 detects anomaly based on a combination of rule-based and unsupervised learning with distance-based techniques).

As to claim 14, Nefedov et al teaches a system for predictive decision-making (paragraph [0109]...embodiments allow users the ability to implement device-wide data access policies, as well as to make data access policy decisions and/or assign security attributes for different applications), comprising: a rules/decision engine (paragraph [0054]...adaptive engine 213) configured to:, comprising:
receive data (paragraph [0033]... sensor modules 119a-119n) comprising spatial (paragraph [0071]... using database techniques such as spatial indexes), temporal (paragraph [0037]...one or more contextual parameters may, for instance, include one or more temporal parameters, one or more location parameters, and/or one or more activity parameters) and contextual data elements from one or modules (paragraph [0033]...to determine context data associated with the plurality of application data requests (e.g., location information, timing information, orientation, etc.));
identifying (paragraph [0030]...compliance platforms 103a-103n)  each rule of a set of rules for which the received data is a candidate (paragraph [0032]...the compliance platform 103 may include or have access to a policy database 109 to access, adapt or store policy information (e.g., data access policies, auditing specifications, default policies of policy adaption, etc.) associated with users, devices, applications, and data stores, etc. The compliance platform 103 may also include or have access to a log database 111 to access or store data access request logs and policy compliance profiles associated with the data access policies, the auditing specifications, etc); and
respectively (paragraph [0053]...the functions of the compliance platform 103 may be performed by one or more applications 107 and the information included within the policy database 109 and/or the log database 111 may be stored at a local memory within the UE 101) index the received data by each of its its spatial (paragraph [0071]...dependencies (association rule mining). This usually involves using database techniques such as spatial indexes), temporal, or contextual elements in a respective distributed data structure (paragraph [0029]...distributed data stores) defined in memory of each one of the identified rules (paragraph [0073]...rule based mining can be performed through either supervised learning or unsupervised learning techniques. In this case, user preferences and application behavior are unknown and may vary significantly, depending on a given context and a user. In one embodiment, the analysis module 211 detects anomaly based on a combination of rule-based and unsupervised learning with distance-based techniques).

As to claim 15,  Nefedov et al teaches the system, wherein the rules/decision engine (paragraph [0054]...adaptive engine 213)  is further configured to: disregard data, of the received data, that the rules/decision engine determines not to be a candidate for any rule of the set of rules (paragraph [0039]...three location data requests were processed and transferred by a social network application to Nigeria while the user lives in the US and has no tie to Nigeria. As such, a report including the entries that indicate violations satisfying the particular contextual parameter may be generated and prompted to the user as an alert to signify non-compliance with the data access policies).

As to claim 16,  Nefedov et al teaches the system, wherein the rules/decision engine (paragraph [0054]...adaptive engine 213)  is further configured to: create a relationship (paragraph [0029]...the data stores may include data repositories like relational databases, object-oriented databases, operational data stores, distributed data stores, flat files that can store data, etc) in memory between two or more respective spatial, temporal, or contextual elements of respectively indexed data and to provide a rule suggestion based on the created relationship (paragraph [0113]...set of operations also typically include comparing two or more units of information, shifting positions of units of information, and combining two or more units of information, such as by addition or multiplication or logical operations like OR, exclusive OR (XOR), and AND. Each operation of the set of operations that can be performed by the processor is represented to the processor by information called instructions, such as an operation code of one or more digits. A sequence of operations to be executed by the processor 602, such as a sequence of operation codes, constitute processor instructions, also called computer system instructions or, simply, computer instructions).

As to claim 17, Nefedov et al teaches the system, wherein the rules/decision engine is further configured: to identify an event as satisfying an identified rule in memory using the spatially, temporally, or contextually indexed data (paragraph [0039]...three location data requests were processed and transferred by a social network application to Nigeria while the user lives in the US and has no tie to Nigeria. As such, a report including the entries that indicate violations satisfying the particular contextual parameter may be generated and prompted to the user as an alert to signify non-compliance with the data access policies).

As to claim 18, Nefedov et al teaches the system, wherein the system further comprises a communications interface module (paragraph [0078]... the communication interface 215 may transmit the generated notifications).configured to: 
communicate with the rules/decision engine (paragraph [0054]...adaptive engine 213)  ; and provide an indication that the identified rule is satisfied (paragraph [0130]... a main display unit 807 provides a display to the user in support of various applications and mobile terminal functions that perform or support the steps of policy adaption based on application policy compliance analysis).

As to claim 19, Nefedov et al teaches the system, further comprising: a rules manager configured to: receive the set of rules; and define a respective distributed data structure in memory for each rule of the set of rules (paragraph [0027]... compliance with data access policies (e.g., privacy policies, security policies, etc.), it is contemplated that the approach described herein may be used with other policies, such as performance policies, etc. In one embodiment, the system 100 may import or formulate initial policies per application, converts the policies into auditing specifications, which specify which data to be logged, installs the auditing specifications per data resource in the user device, checks audit logs for compliance to the policies, determines any violations if not compliant, prompts the user with suggestions for compliance, and adapts the policies based on the user's selection. The initial policies may be written in a high level language, such as eXtensible Access Control Markup Language (XACML). By way of example, the initial data access policy for a gaming application is to allow access to resource with attribute WebService, if subject is a process or thread and the action is to play or share).

As to claim 20, Nefedov et al teaches the system, wherein the rules/decision engine 
associate an uncertainty value (paragraph [0038]...adjust policies)   with a spatial, temporal or contextual data element respectively indexed in a respective distributed data structure (paragraph [0029]...distributed data stores) defined in memory for at least one of the identified rules; and
 modify the uncertainty value based on a spatial, temporal, or contextual element of data received from the one or more data modules (paragraph [0031]... process the data for comparison against the data access policies, etc., to determine the compliance with the data access policies).


Response to Arguments
Applicant’s arguments with respect to claim(s) 1 - 20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRANDON S COLE whose telephone number is (571)270-5075. The examiner can normally be reached Mon - Fri 7:30pm - 5pm EST (Alternate Friday's Off).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
Omar Fernandez can be reached on 571-272-2589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRANDON S COLE/           Primary Examiner, Art Unit 2128