DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
The amendment filed 1/7/2022 has been entered. Claim 12 is currently amended. Claims 1-27 are pending in the application.
The objection of claim 12 due to informalities has been withdrawn in light of applicant’s amendment to the claim.
The rejection of claims 1-11, 23-27 under 35 USC 112(a) has been withdrawn in light of applicant’s argument being persuasive. 
Response to Arguments
The Applicant's argument, see pages 13-16 of the Remark filed 1/7/2022 in respect to claim rejection under 35 USC 103 over prior arts of records have been fully considered and asserted not persuasive.
Applicant mainly argued that the combination of cited references, Foley, Liu and Dos Santos does not teach limitation “said 13first cloud client being separate from and unaffiliated with said second cloud 14client” recited in claim 1, similarly claim 12. Regarding cited reference Dos Santos teaching the limitation shown in examiner’s office action (i.e. the office action) mailed 8/9/2021, applicant concerned the cited paragraphs [23], [26], [32]. Examiner acknowledges applicant’s perspective, however respectively disagrees with applicant. 
First, as examiner attempted to suggest to applicant in the Response to Arguments section of the office action, the examiner interprets limitation reciting “said first cloud client 
Dos Santos appears to teach this. Examiner indicated in the office action with showing of Fig. 1 where separate client systems (114) are shown as “customers” of an enterprise 110, in which paragraphs [23], [26], [32] are examples of paragraphs to indicate the “customer” aspect of client systems. It is obvious to one ordinary skilled to understand that the client systems shown in Fig. 1 of Dos Santos are separate and different from each other. Examiner further notes that even without interpretation of client as customer, Dos Santos shows separate and different client systems as cloud clients over network such as wide area network (Fig. 1, Network 112), as claimed in claim 1. Since Dos Santos teaches synchronizing data rules and corresponding metadata to implement data governance, one ordinary skilled in the art understands that Dos Santos’s teachings can be incorporated with Foley’s method of file system monitoring and auditing using user-configured policies. For the above reason, examiner asserts applicant’s argument that Dos Santos does not teach the “separate, unaffiliated entities” is not convincing. The examiner asserts a prima facia case of obviousness had been established with the combination of Foley, Liu and Dos Santos.
	Applicant’s further argument regarding respective dependent claims are also not persuasive due to same reason set forth above.
Applicant is suggested to further incorporate innovative features into independent claims to advance the case.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 8, 10, 12-13, 19, 21, 26 are rejected under 35 U.S.C. 103 as being unpatentable over Foley et al (US20170024408A1, hereinafter, "Foley"), in view of Liu .
Regarding claim 1, Foley teaches:
In a [data governance server] of a multi-client cloud-based data governance system (Foley, Fig. 1 clients 110, 112, 114. And [Title] File system monitoring and auditing. [Abstract] A centralized collector component is operative to receive from each of the plural file systems audit trail data…And [0052] the policy manager and data collector component 608 in the central manager 604 (i.e. data governance server further in view of Liu’s Data Governance System below)), a method 2for providing data governance of a plurality of remote data storage systems (Foley, [Abstract] Centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment is provided. Also Fig. 2 persistent storage 208 (i.e. data storage) of file systems), each remote 3data storage system being associated with a particular one of a plurality of different [cloud] clients (Foley, [0077] A particular software TAP agent is installed on or in association with a particular file system server so it can monitor file system-related traffic that is local to that file system. Also see [Claim 2] The method as described in claim 1 further including sending the audit trail data to a central location remote from the plural file systems), being 4located geographically remotely from said [data governance server], and having a 5particular associated remote file system stored thereon (Foley, Fig. 3 as example, European data centers, American data centers, which are data centers with storages at geographically remote locations. And [0042] As shown in FIG. 3, the software TAP agents 312 may also reside in remote locations, e.g., in trusted partner installations, within the cloud. Also refer to Fig. 1 that the computing devices are connected with network 102 which can be internet), said method comprising: 
6establishing a first data governance policy associated with a first one of said [cloud] clients, 7said first [cloud] client being associated with a first one of said remote data storage 8systems and a first one of said remote file systems (Foley, [0008] Each of the plural file systems are provided with a security policy. And [0010] in this manner, the central manager provides an enterprise-wide view of file system access activity against user- or system-configured security policies); (see Liu below for data governance server, cloud clients and public network)
storing said first data governance policy within said [data governance server] (Foley, [0047] The policy manager 508 in the collector 504 enables policy-based filtering based on one or more security policies 512 stored in the data store 506. And [0050] The policy manager 508 is operative to apply a particular security policy 512 to the audit trail data that is collected and received at the central manager);
9establishing a second data governance policy associated with a second one of said [cloud] 10clients, said second [cloud] client being associated with a second one of said remote data 11storage systems and a second one of said remote file systems (Foley, [0008] Each file system may receive the same security policy, or different security policies (i.e., different sets of rules to be applied to the local file system access activity)), 15said first cloud client being separate from (Foley, Fig. 1 Client 110, 112 and 114, and Fig. 3 European data centers, American data centers and Asia-pacific data centers are separate entities) [and unaffiliated 
storing said second data governance policy within said [data governance server] (Foley, [0047] The policy manager 508 in the collector 504 enables policy-based filtering based on one or more security policies 512 stored in the data store 506);
12establishing a network connection between said [data governance server] and said first one of said remote data storage 13systems over a [public] wide area network (WAN) (Foley, Fig.1 network 102. And [0025] the distributed data processing system 100 may also be implemented to include a number of different types of networks, such as for example, an intranet, a local area network (LAN), a wide area network (WAN));  
14capturing a first event associated with said first remote file system, said first 15event being generated responsive to and indicative of at least one file system 16operation executed on a data object of said first remote data storage 17system, said file system operation being a modification or an access of said data 18object of said first remote data storage system (Foley, [0008] The centralized monitoring (of the sets of file servers) is provided by a security manager appliance (sometimes referred to as a "collection server" or just "collector"), which is operative to receive from each of the plural file systems audit trail data (i.e. event). Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The audit trail data may include one or more classifiers generated by the software agent and used to classify data associated with a given file system access activity);  
(Foley, [0009] preferably the collector stores (in a database) the audit trail, so for review or further analysis that file data access audit data (i.e. trail data, not data object) is available to be searched, for example, for suspicious patterns or unauthorized intrusions (i.e. conflicts with governance policy). And [0045] a collector 504 includes …, and a policy manager component 508. The policy manager component 508 may execute on a collector appliance.  And [0047] The policy manager 508 in the collector 504 enables policy-based filtering (i.e. data governance functions) based on one or more security policies 512 stored in the data store 506. And [0050] The policy manager 508 is operative to apply a particular security policy 512 to the audit trail data that is collected and received at the central manager); 
22executing a first set of remediation actions, if said first event does conflict with said 23first data governance policy (Foley, [0008] In addition, preferably the collector also applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action (i.e. remediation). The given action typically is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity);  
24establishing a second network connection between said [data governance 33server] and said second one of said remote data 25storage systems over a [public] WAN (Foley, Fig.1 network 102. And [0025] the distributed data processing system 100 may also be implemented to include a number of different types of networks, such as for example, an intranet, a local area network (LAN), a wide area network (WAN));  
26capturing a second event associated with said second remote file system, said second 27event being generated responsive to and indicative of a second file system operation executed on a data object of said second remote data storage system, 3 of 16App. Serial No.: 15/487,947 Atty. Docket No.: 0143-023P129said second file system operation being a modification or an access of said data 30object of said second remote data storage system (Foley, [0008] The centralized monitoring (of the sets of file servers) is provided by a security manager appliance (sometimes referred to as a "collection server" or just "collector"), which is operative to receive from each of the plural file systems audit trail data. Typically, the audit trail data (i.e. event) is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The audit trail data may include one or more classifiers generated by the software agent and used to classify data associated with a given file system access activity); In addition, the Examiner would like to point out that Foley teaches a file monitoring and auditing system with multiple clients with user configured policies. The method steps inherently apply to each client, such as first client and second client with associated event and file system. 
31processing at said [data governance server] said second event and not said data object of said second remote data 32storage system to determine whether said second event conflicts with said second 33data governance policy of said data governance system, said second data governance policy defining how said data governance server functions in response to processing said second event (Foley, [0009] According to another aspect of this disclosure, preferably the collector stores (in a database) the audit trail, so for review or further analysis that file data access audit data is available to be searched, for example, for suspicious patterns or unauthorized intrusions (i.e. conflicts with governance policy). And [0045] a collector 504 includes …, and a policy manager component 508. The policy manager component 508 may execute on a collector appliance.  And [0047] The policy manager 508 in the collector 504 enables policy-based filtering (i.e. data governance functions) based on one or more security policies 512 stored in the data store 506. And [0050] The policy manager 508 is operative to apply a particular security policy 512 to the audit trail data that is collected and received at the central manager); 
and 34executing a second set of remediation actions, if said second event does conflict with 35said second data governance policy (Foley, [0008] In addition, preferably the collector also applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action. The given action typically is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity).
	While Foley teaches data governance by centralized collector component of collector/central manager remote from the monitored file systems in an enterprise system, but does not explicitly teach that the collector/central manager is the data governance server and the connection between the collector/central manager is connected with the remote file systems via public network, but in the same field of endeavor Liu teaches:
establishing a first data governance policy associated with a first one of said cloud clients, establishing a network connection between said data governance server and said first (Liu, [Abstract] discloses automatic anomaly detection system for remote users. Referring to Fig. 1 Data Governance System (i.e. data governance server), and Col. 5 lines 49-55, Cloud computing, as used herein, refers to a collection of computing resources (hardware and software) that deliver services over a network, typically the Internet. There are many types of public cloud computing, ... In some cases, an end-user on the client computing system 102 access cloud-based services or cloud-based resources over the network 103.  For example, end-users can access cloud-based applications through a web browser or a light-weight client application or mobile app and the software and user's data are stored on a computing system of the data governance system 130, such as servers at a remote location from the client computing system 102).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Liu in the file monitoring and auditing system of Foley by delivering data governance service such as anomaly detection over a public internet between data governance system and client computing systems. This would have been obvious because the person having ordinary skill in the art would have been motivated to implement Foley’s system for an enterprise system with public network as suggested by Liu for cloud-based services delivered over a public internet (i.e. public WAN) using information across several users in a collaborative and dynamic environment (Liu, Col. 3 lines 55-67 and Fig. 1).

said first cloud client being separate from and unaffiliated with said second cloud client (Dos Santos, see Fig. 1 Client systems 114 are separate from each other and are different client systems. In particular Dos Santos teaches enterprise provide data (metadata) monitoring for customer, which suggests the client system from each customer is different from each other, see e.g. para. [23], [26], [32], [39], [40]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Dos Santos in the file monitoring and auditing system of Foley-Liu by synchronizing data rules and metadata to implement data governance. This would have been obvious because the person having ordinary skill in the art would have been motivated to synchronize data rules and metadata in order to detect changes to metadata from a plurality of different client systems (Dos Santos, [Abstract], Fig. 1).

Regarding claim 12, Foley teaches:
A server of a multi-client cloud-based data governance system (Foley, Fig. 1 clients 110, 112, 114. And [Title] File system monitoring and auditing) 2comprising:  
3a hardware processor configured to execute code, said code 4including a set of predefined instructions that cause said hardware processor to 5perform associated operations (Foley, Data processing system 200 is an example of a computer, such as server 104 or client 110 in FIG. 1, in which computer-usable program code or instructions ... data processing system 200 includes communications fabric 202, which provides communications between processor unit 204…);  
6a network adapter electrically coupled to establish network connections 7between [said server] and a plurality of remote data storage systems, each remote data storage 8system being associated with a particular one of a plurality of different [cloud] clients (Foley, Fig. 2, Input/Output unit 212 is shown for each client device), 9being located geographically remotely from said multi-client cloud-based [data 10governance server], and having a particular associated remote file system stored 11thereon (Foley, Fig. 3 as example, European data centers, American data centers, which are data centers with storages at geographically remote locations. And [0042] As shown in FIG. 3, the software TAP agents 312 may also reside in remote locations, e.g., in trusted partner installations, within the cloud), said network connections including a first network connection between [said server] and a first 12remote data storage system associated with a first one of said [cloud] clients and having a 13first remote file system stored thereon and a second network connection between [said server] and a 14second remote data storage system associated with a second one of said [cloud] clients 15and having a second remote file system stored thereon, said network connections 16being established over a [public] wide-area network (WAN) (Foley, Fig.1 network 102 and clients 110-114. And [0007] The solution secures and limits attacks to or misuse of a file system, preferably through monitoring of all file system access points (local and remote) within or across the enterprise. And [0025] the distributed data processing system 100 may also be implemented to include a number of different types of networks, such as for example, an intranet, a local area network (LAN), a wide area network (WAN)); In addition, the Examiner would like to point out that Foley teaches a file monitoring and auditing system with multiple clients with user configured policies. The method steps inherently apply to each client, such as first client and second client with associated event, file system. (See Liu for cloud clients and public network below)
and 17memory (Foley, Fig. 2 memory 206) for storing data and said code, said data and said code including 18an event collection interface (Foley, see Fig. 3, collectors 306 (i.e. event collection interface)) including a first subset of said set of predefined 19instructions configured to 20capture a first event from said first remote data storage system, said 21event generated responsive to and being indicative of at least one file 22system operation executed on a data object of said first remote file system 23stored on said first remote data storage system, said file system operation 24being a modification or an access of said data object of said first remote 25file system (Foley, see [Claim 2] The method as described in claim 1 further including sending the audit trail data to a central location remote from the plural file systems. And [0008] The centralized monitoring (of the sets of file servers) is provided by a security manager appliance (sometimes referred to as a "collection server" or just "collector"), which is operative to receive from each of the plural file systems audit trail data (i.e. event). Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The audit trail data may include one or more classifiers generated by the software agent and used to classify data associated with a given file system access activity) and to 26capture a second event from said second remote data storage system, said 27second event generated responsive to and being indicative of a second file 28system operation executed on a data object (Foley, [0008] The centralized monitoring (of the sets of file servers) is provided by a security manager appliance (sometimes referred to as a "collection server" or just "collector"), which is operative to receive from each of the plural file systems audit trail data (i.e. event). Typically, the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The audit trail data may include one or more classifiers generated by the software agent and used to classify data associated with a given file system access activity), 
In addition, the Examiner would like to point out that Foley teaches a file monitoring and auditing system with multiple clients with user configured policies. The method steps inherently apply to each client, such as first client and second client with associated file system. 
32a data governance service including a second subset of said set of predefined  
33instructions configured to 34establish a first data governance policy associated with said first client, store said first data governance policy within [said server] (Foley, [0008] Each of the plural file systems are provided with a security policy), 35establish a second data governance policy associated with said second client, store said second data governance policy within [said server] (Foley, [0008] Each file system may receive the same security policy, or different security policies (i.e., different sets of rules to be applied to the local file system access activity). Also [0047] The policy manager 508 in the collector 504 enables policy-based filtering based on one or more security policies 512 stored in the data store 506. And [0050] The policy manager 508 is operative to apply a particular security policy 512 to the audit trail data that is collected and received at the central manager), 36receive said first event from said event collection interface, 37process at [said server] said first event to determine whether said at least one file system operation 39conflicts with said first data governance policy of said data 40governance system (Foley, [0009] preferably the collector stores (in a database) the audit trail, so for review or further analysis that file data access audit data (i.e. trail data, not data object) is available to be searched, for example, for suspicious patterns or unauthorized intrusions (i.e. conflicts with governance policy). And [0010] the central manager provides an enterprise-wide view of file system access activity against user- or system-configured security policies. The file system activity monitor thus provides for continuous, policy-based real-time monitoring of file system access across an enterprise), said first data governance policy defining how said server functions in response to processing said first event, 41receive said second event from said event collection interface, and to 42process at said server said second event to determine whether said second file system operation 44conflicts with said second data governance policy (Foley, [0009] According to another aspect of this disclosure, preferably the collector stores (in a database) the audit trail, so for review or further analysis that file data access audit data (i.e. trail data, not data object) is available to be searched, for example, for suspicious patterns or unauthorized intrusions (i.e. conflicts with governance policy). And [0045] a collector 504 includes …, and a policy manager component 508. The policy manager component 508 may execute on a collector appliance.  And [0047] The policy manager 508 in the collector 504 enables policy-based filtering (i.e. data governance functions) based on one or more security policies 512 stored in the data store 506. And [0050] The policy manager 508 is operative to apply a particular security policy 512 to the audit trail data that is collected and received at the central manager. In addition, the Examiner would like to point out that Foley teaches a file monitoring and auditing system with multiple clients with user configured policies. The method steps inherently apply to each client, such as first client and second client with associated event, file system and user-configured policies), said second data governance policy defining how said server functions in response to processing said second event (Foley, the same teachings applied to first data governance policy above also applies to second governance policy), 
and 45an enforcement service including a third subset of said set of predefined instructions 46configured to 47execute a first set of remediation actions, if said at least one file system operation 48does conflict with said first data governance policy and 49execute a second set of remediation actions, if said second event does conflict 50with said second data governance policy (Foley, [0008] In addition, preferably the collector also applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action. The given action typically is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity. In addition, the Examiner would like to point out that claim 12 recites first subset of said set of predefined 19instructions, a second subset of said set of predefined 33instructions and a third subset of said set of predefined instructions. The each subset is construed as a portion of instructions); and wherein said first cloud client is separate from (Foley, Fig. 1 Client 110, 112 and 114, and Fig. 3 European data centers, American data centers and Asia-pacific data centers are separate entities) [and unaffiliated with said second cloud client] (limitation in bracket is further taught by Dos Santos as shown below).
		While Foley teaches data governance by centralized collector component of collector/central manager remote from the monitored file systems in an enterprise system, but does not explicitly teach that collector component of collector/central manager is the data governance server and the connection between the collector/central manager is connected with the remote file systems with public network, but in the same field of endeavor Liu teaches:
		data governance server or the server (Liu, see Fig. 1 Data Governance System 130),
[a network adapter electrically coupled to establish network …,] each remote data storage 8system being associated with a particular one of a plurality of different cloud clients, said network connections 16being established over a public wide-area network (WAN) (Liu, [Abstract] discloses automatic anomaly detection system for remote users. Referring to Fig. 1 and [Col. 5 lines 49-55] Cloud computing, as used herein, refers to a collection of computing resources (hardware and software) that deliver services over a network, typically the Internet. There are many types of public cloud computing, ... In some cases, an end-user on the client computing system 102 access cloud-based services or cloud-based resources over the network 103.  For example, end-users can access cloud-based applications through a web browser or a light-weight client application or mobile app and the software and user's data are stored on a computing system of the data governance system 130, such as servers at a remote location from the client computing system 102).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Liu in the file 
		While the combination of Foley-Liu teaches data governance by centralized data governance server on event data from clients but does not expressly teach the clients are unaffiliated from each other, but in the same field of endeavor Dos Santos teaches:
and wherein said first cloud client is separate from and unaffiliated with said second cloud client (Dos Santos, see Fig. 1 Client systems 114 are separate from each other and are different client systems. In particular, Dos Santos teaches enterprise provides data (metadata) monitoring for customer, which suggests the client system from each customer is different from each other, see e.g. [23], [26], [32], [39]-[40]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Dos Santos in the file monitoring and auditing system of Foley-Liu by synchronizing data rules and metadata to implement data governance. This would have been obvious because the person having ordinary skill in the art would have been motivated to synchronize data rules and metadata in order to detect changes to metadata for a plurality of different client systems (Dos Santos, [Abstract], Fig. 1).

Regarding claim 2, similarly claim 13, Foley-Liu-Dos Santos combination further teaches:
The method of Claim 1, the server of Claim 12, wherein said step of capturing a first event associated with said first remote file system includes: deploying an event collection service to said first remote data storage system, said event collection service being operative to detect file system operations executed on data objects of said first remote data storage system, generate events indicative of said file system operations, and push said events to said data governance system (Foley, [0043] the system enables the software TAP agent to be configured in various ways that can affect the overall architecture of the solution. Thus, for example, the software TAP agent 312 can be configured to relay the captured information to one collector, to two or more collectors, to load balance the captured data between multiple collectors, or the like. In one basic software TAP configuration option, the software TAP agent is configured to send (i.e. push) traffic to one collector only. Traffic includes all of the relevant activity (access and results) that the agent observes between the client (application, user, and so on) and the database. And [0047] The policy manager 508 in the collector 504 enables policy-based filtering based on one or more security policies 512 stored in the data store 506. In particular, file access control policies 512 dictate what folders, files and other file system objects (i.e. data object) are monitored); and receiving said events from said first remote data storage system via said event collection service (Foley, [0041] Appliances typically include the following subcategories: collectors 306, aggregators 308, and a central manager 310. And [0043] In addition, data from multiple collectors can be aggregated to the aggregation server (the aggregator 308) to provide holistic views and generate enterprise-level reports).

Regarding claim 8, similarly claim 19, Foley-Liu-Dos Santos combination further teaches:
		The method of Claim 1, the server of Claim 12, wherein said step of executing said first set of remediation actions includes pushing a control message to said first remote data storage system, said control message indicating a set of file system operations to be executed on objects of said first remote file system by said first remote data storage system (Foley, [0050] The security policy also may define particular file system access permissions that override any native OS permissions, thereby providing another layer of security around sensitive files.  Generalizing, a particular security policy identifies one or more of: who, what, when and how of a particular file system access, as well as potentially describing a given action to take (e.g., detect, log, block, notify, etc.)).

Regarding claim 10, similarly claim 21, Foley-Liu-Dos Santos combination further teaches:
		The method of Claim 1, the server of Claim 12, wherein said step of processing said first event includes performing data analytics on said first event (Foley, [0043] in a database activity monitoring mode (or in a vulnerability assessment monitoring mode), the collectors 306 monitor and analyze database activity to provide continuous fine-grained auditing and reporting. And [0074] the term "intrusion detection" refers to gathering and analyzing information from various areas within a file system to identify possible security breaches).

Regarding claim 26, Foley-Liu-Dos Santos combination further teaches:
The method of Claim 1, wherein said step of processing said first event and 2not said data object of said first remote data storage system includes analyzing said first event in 3view of said first data governance policy (Foley, [0057] An agent executing in a local file system typically includes an inspection engine component that runs the security policy provided by the policy manager. The inspection engine component runs the security policy as it collects and analyzes the file system access activity and traffic in real-time).  

Claims 3-7, 9, 14-18, 20, 23-25, 27 are rejected under 35 U.S.C. 103 as being unpatentable over Foley-Liu-Dos Santos combination as applied above, further in view of Wijayaratne et al (US20140040196A1, hereinafter, “Wijayaratne”).
Regarding claim 3, similarly claim 14, Foley-Liu-Dos Santos combination teaches:
The method of Claim 1, the server of Claim 12, 
While Foley-Liu-Dos Santos combination does not explicitly teach the following limitation, however in the same field of endeavor Wijayaratne teaches: 
further comprising: receiving a metadata snapshot from said first remote data storage system, said metadata snapshot being indicative of said first remote file system (Wijayaratne, [0046] a full rescan sync (FRS) process can be used to "walk" the LFS 204 and the RFS 202 and create metadata snapshots of these file systems at a time Ts. These snapshots can then be compared and the differences used to bi-directionally synchronize the two file systems); and generating a derivative data set indicative of said first remote file system based on said metadata snapshot (Wijayaratne, [0129] For each two consecutive event records, RFS phase 1 module 906 utilizes a reduction API to access tables (FIGS. 10A-10D) to determine the appropriate event reduction). Examiner notes that Wijayaratne teaches event-based synchronization of remote and local file system with multi clients (see Fig. 1, and [0044] Local clients 110 can access cloud files by directly accessing files/objects stored on local cloud 104, via a local network 112).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Wijayaratne in the file monitoring and auditing system of Foley-Liu-Dos Santos by creating metadata snapshot to the remote file system as event records. This would have been obvious because the person having ordinary skill in the art would have been motivated to generate and synchronize the event based snapshot as event records between local and remote data file systems “to provide local and remote data access and remote data security” (Wijayaratne, [Abstract], [0044], [0046]).

Regarding claim 4, similarly claim 15, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
The method of Claim 3, the server of Claim 14, wherein said step of capturing an event associated with said first remote file system includes capturing metadata associated with one or both of said at least one file system operation and said data object (Wijayaratne, Fig. 4, [0058] Changes made to RFS 202 specifically are referred to as "remote events", whereas changes made to LFS 204 will be referred to as local events.  In the present embodiment, remote events originate as changes to the metadata stored in RFS metadata database 406). 

Regarding claim 5, similarly claim 16, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
The method of Claim 4, the server of Claim 15, wherein said step of capturing metadata includes capturing metadata indicative of a particular user executing said at least one file system operation (Wijayaratne, [0093] New Path field 814 includes data indicating the new path assigned when an event occurred… The UQID field can be used, for example, to identify the same file system objects on different file systems (e.g., RFS 202 and LFS 204) and/or associate a virtual file system object (e.g., in metadata database 406) with the data file in the data store … Timestamp field 822 includes data indicating the time the event occurred.  User ID field 824 include data identifying the user that caused the event). 

Regarding claim 6, similarly claim 17, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
		The method of Claim 5, the server of Claim 16, wherein said step of executing said first set of remediation actions includes altering permissions associated with said particular user (Foley, [0008] In addition, preferably the collector also applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action. The given action typically is one of: issuing an alert, performing an audit activity, restricting access to a file system resource (i.e. altering permissions),…).

Regarding claim 7, similarly claim 18, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
The method of Claim 3, the server of Claim 14, wherein said step of processing said first event includes: updating said derivative data set based on said event (Wijayaratne, [0059] File events include creating a file (CREATE), updating a file (UPDATE), deleting a file (UNLINK), and renaming a path (RENAME). And [0137] The intersection of column 1006 (UPDATE) and row 1016 (UPDATE) can be reduced to a single UPDATE that corresponds to the second (T+1) update.  The intersection of column 1008 (UNLINK) and row 1014 (CREATE) can be reduced to a single UPDATE event); 
		Foley further teaches: and performing data analytics on said derivative data set after said derivative data set has been updated (Foley, [0043] a system of this type typically can be deployed in a variety of operational modes. Thus, for example, in a database activity monitoring mode (or in a vulnerability assessment monitoring mode), the collectors 306 monitor and analyze database activity to provide continuous fine-grained auditing and reporting, real-time policy-based alerting and database access controls.).

Regarding claim 9, Foley-Liu-Dos Santos combination teaches:
		The method of Claim 1, 
		While Foley-Liu-Dos Santos combination does not explicitly teach the following limitation, however in the same field of endeavor Wijayaratne teaches: 
		further comprising: collecting additional events, each event of said additional events being indicative of at least one additional file system operation executed on a data object of said first remote file system stored on said first remote data storage system (Wijayaratne, [0012] The methods can also include storing (e.g., chronologically) the event records in a first events database and storing (e.g., chronologically) the RFS (i.e. “remote file system”) event records in a second events database); storing said first event and said additional events in an event database (Wijayaratne, [0015] The system can also include a first and second events database that store (e.g., chronologically) FS and RFS event records, respectively); and providing an administrative user associated with said first cloud client access to said event database (Wijayaratne, [0017] The file storage system includes memory storing a file system (FS) with FS objects, a client interface for providing client access to the FS, a file system module that monitors for changes being made to the FS by the client, and a data monitor that generates an event record responsive to a change being made to the FS). 
Examiner notes that upon review of the specification of the instant application, para. [12] and [19] describe additionally (or optionally) the method provides a client associated with the remote file storage system access to the event database. Therefore “an administrative user” is interpreted as “client” or user.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Wijayaratne in the file monitoring and auditing system of Foley-Liu-Dos Santos by collecting first and second 

Regarding claim 20, Foley-Liu-Dos Santos combination teaches:
		The server of Claim 12, further comprising: 2an event database operative to store a record of said first event (Foley, [0009] According to another aspect of this disclosure, preferably the collector stores (in a database) the audit trail, so for review or further 
analysis); and 11said data governance service is additionally configured to perform batch data analysis functions on a subset of said records of said database (Dos Santos, [0023], A validation rule that checks the zip code ensures the field contains five numbers. As part of a batch load process, the zip code field is populated along with other fields.  The validation rule is executed as part of the batch load process to identify records that do not satisfy the validation rule).
		While Foley-Liu-Dos Santos combination does not explicitly teach the following limitation, however in the same field of endeavor Wijayaratne teaches: 
		and 3a client interface including a fourth subset of said set of predefined instructions 4configured to provide said first cloud client access to said event database (Wijayaratne, [0017] The file storage system includes memory storing a file system (FS) with FS objects, a client interface for providing client access to the FS, a file system module that monitors for changes being made to the FS by the client, and a data monitor that generates an event record responsive to a change being made to the FS); and 5wherein 6said event collection interface is configured to collect additional events and store 7records of said additional events in said database, each event of said additional 8events being indicative of at least one additional file system operation executed on 9a data object of said first remote file system stored on said first remote data storage system (Wijayaratne, [0015] The system can also include a first and second events database that store (e.g., chronologically) FS and RFS event records, respectively); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Wijayaratne in the file monitoring and auditing system of Foley-Liu-Dos Santos by collecting first and second event data base (i.e. additional event data). This would have been obvious because the person having ordinary skill in the art would have been motivated to collect additional event data as indicative of additional system file operation on the data object for the purpose of monitoring changes to the file system (Wijayaratne, [00010], [0018]).

Regarding claim 23, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
		The method of Claim 3, wherein: said derivative data set includes metadata corresponding to a set of folders and a set of files of said first remote file system (Wijayaratne, [0021] For example, the method can include the steps of identifying redundant event records associated with a file system object (e.g., a file or folder)); and said derivative data set includes content corresponding to a proper subset of said set of files (Wijayaratne, [0094] A record is created in File Systems table 804 for each file system path on which an event occurred).
And [0140] FIG. 10D shows a Directory/Directory event reduction table 1064, which is utilized when the event at time (T) is a folder event and the event at time (T+1) is also a folder event.  Columns 1066-1072 and rows 1074-1080 correspond to the folder events). 

Regarding claim 24, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
		The method of Claim 3, wherein said step of processing said first event includes: updating said derivative data set based on said first event (Wijayaratne, [0054] The metadata in database 406 stores paths to the associated data files on data storage devices 322(1-n), so that file system objects can be accessed, updated, and created on devices 322(1-n) in accordance with changes made by the remote client 114 to virtual RFS 202); responsive to updating said derivative data set based on said first event, determining from said derivative data set whether or not additional file content is required (Wijayaratne, [0077] As still another example, local synchronizer 616 can initiate synchronization upon receiving one or more remote event records from remote cloud 102); and retrieving said additional file content from said first remote file system, if it is determined that said additional file content is required (Wijayaratne, [0089] Additionally, responsive to a query from event frontend 704, event backend 706 is operative to retrieve records from event record store 712 (via SQLite backend 708) and provide those records to event frontend 704). 

Regarding claim 25, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
The method of Claim 3, wherein said step of generating a derivative data set indicative of said first remote file system based on said metadata snapshot includes generating said (Wijayaratne, [0046] a full rescan sync (FRS) process can be used to "walk" the LFS 204 and the RFS 202 and create metadata snapshots of these file systems at a time Ts. These snapshots can then be compared and the differences used to bi-directionally synchronize the two file systems. And [0129] For each two consecutive event records, RFS phase 1 module 906 utilizes a reduction API to access tables (FIGS. 10A-10D) to determine the appropriate event reduction). 

Regarding claim 27, Foley-Liu-Dos Santos-Wijayaratne combination further teaches:
1The method of Claim 4, wherein said step of processing said first event and 2not said data object of said first remote data storage system includes analyzing said captured metadata in view of said data governance policy (Foley, [0009] preferably the collector stores (in a database) the audit trail, so for review or further analysis that file data access audit data (i.e. trail data, not data object) is available to be searched, for example, for suspicious patterns or unauthorized intrusions (i.e. conflicts with governance policy). And [0049] the file system access data that is collected includes one or more of the following: file name, file size, data created, owner, read user, write user, user privileges and rights, permissions, changes or other modifications to the data or to file system metadata, timestamps, and the like).

Claims 11, 22 are rejected under 35 U.S.C. 103 as being unpatentable over Foley-Liu-Dos Santos combination as applied above to claim 1 and claim 12 respectively, further in view of Kulkarni et al (US20140201848A1, hereinafter, “Kulkarni”).
Regarding claim 11, similarly claim 22, Foley-Liu-Dos Santos combination teaches:

While Foley-Liu-Dos Santos combination does not explicitly teach the following limitation, however in the same field of endeavor Kulkarni teaches: 
wherein said step of establishing said network connection with said first remote data storage system includes establishing a connection with a third party cloud service provider (Kulkarni, [0032] the same methods described above may be adapted to share data items that reside in different locations, which may include locations across several remote storage areas, local storage areas, and even different service provider storage areas.  As long as a path can be defined for a particular data item, and that path is available and accessible via a URL, the data item may be included in a grouped share command.  For instance, a third party service provider having remote storage may provide application programming interfaces (APIs) for linking to or downloading data items stored on the third party service provider's remote storage). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Kulkarni in the file monitoring and auditing system of Foley-Liu-Dos Santos by utilizing a third party service provider. This would have been obvious because the person having ordinary skill in the art would have been motivated to utilize the third party service to manage shared stored data with a secondary operation on files having different, distinct and exclusive file paths (Kulkarni, [0032]).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.




/MICHAEL M LEE/Examiner, Art Unit 2436
/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436