DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/14/2022 has been entered.
 
Response to Arguments
Applicant's arguments are moot in view of the allowance herein

Claim Rejections - 35 USC § 112
Previous 112 rejections are withdrawn in view of the amended language herein.


EXAMINER'S AMENDMENT

An examiner' s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner' s amendment was given in an interview with Ernie Beffel
on 3-15-2022

The application has been amended as follows: 
1. (Cancelled) 





21 [[1:]]

further including assigning the sensitivity classification to the document directly from the document type extracted from the document handle, without reliance on inspecting contents within a body of the document.
3. (Currently amended) The method of claim 21 [[1:]]

further including assigning the sensitivity classification to the document directly from the document handle using a lookup table, without reliance on inspecting contents within a body of the document.
4-6. (Cancelled) 
7. (Currently amended) The method of claim 21 [[1]]:
wherein the 
further including assigning the sensitivity classification to the document directly from the document type extracted from the document handle and at least part of the descriptive document name, without reliance on inspecting contents within a body of the document.
8. (Cancelled)
9. (Currently amended) The method of claim 21 [[8]], further including inspecting the header metadata of the document for the encoded 
10. (Currently amended) The method of claim 9, wherein the transferring the document includes copying the document on a portable storage medium.
11-13. (Cancelled)
22 [[13]]:
wherein the 
further implementing actions comprising assigning the sensitivity classification to the document directly from the document type extracted from the document handle, without reliance on inspecting contents within a body of the document.
15. (Currently amended) The system of claim 22 [[13]]:
wherein the 
further implementing actions comprising assigning the sensitivity classification to the document directly from the document handle using a lookup table, without reliance on inspecting contents within a body of the document.
16. (Currently amended) The system of claim 22 [[13]]:
wherein the 
further implementing actions comprising assigning the sensitivity classification to the document directly from the recipient email address using a white list of recipient domains, without reliance on inspecting contents within a body of the document.
17. (Currently amended) The system of claim 22 [[13]]:
wherein the 
further implementing actions comprising assigning the sensitivity classification to the document directly from the recipient email address using a black list of recipient domains, without reliance on inspecting contents within a body of the document.
18-20. (Cancelled) 


21. (New) A method of efficiently classifying sensitivity of a document generated by and downloaded from cloud-based provider services, the method implemented by an inline proxy positioned on a network separate from a user and the cloud-based provider and including actions of:
monitoring a user’s first network traffic using an adapter selected as specific to a cloud-based provider service at an endpoint of the user that initiates generation of the document by the cloud-based provider service;
monitoring second network traffic, using the adapter, that includes a web page, the web page including:
a link for the user to select to download the generated document, and
an API parameter string that includes a document handle of the generated document;
parsing third network traffic, generated in response to the user selecting the link requesting the download of the document, to identify the document handle from the API parameter string;
determining a sensitivity classification from the identified document handle;
encoding the sensitivity classification into header metadata of the document;
monitoring fourth network traffic that includes an activity being performed with the downloaded document;
extracting the activity being performed from the fourth network traffic and the encoded sensitivity classification;
triggering data exfiltration measurers upon detection of attempted exfiltration based on the encoded sensitivity classification and the activity being performed. 


22. (New) A proxy system positioned on a network separate from a user and a cloud-based provider including one or more processors coupled to memory, the memory loaded with computer instructions to efficiently classify sensitivity of documents generated by and downloaded from cloud-based provider services, the instructions, when executed on the processors, implement actions comprising:
monitoring a user’s first network traffic using an adapter selected as specific to a cloud-based provider service at an endpoint of the user that initiates generation of the document by the cloud-based provider service;
monitoring second network traffic, using the adapter, that includes a web page, the web page including:
a link for the user to select to download the generated document, and
an API parameter string that includes a document handle of the generated document;
parsing third network traffic, generated in response to the user selecting the link requesting the download of the document, to identify the document handle from the API parameter string;
determining a sensitivity classification from the identified document handle;
encoding the sensitivity classification into header metadata of the document;
monitoring fourth network traffic that includes an activity being performed with the downloaded document;
extracting the activity being performed from the fourth network traffic and the encoded sensitivity classification;
triggering data exfiltration measurers upon detection of attempted exfiltration based on the encoded sensitivity classification and the activity being performed. 

A non-transitory computer readable storage medium impressed with computer program instructions to efficiently classify sensitivity of documents generated by and downloaded from cloud-based provider services, the instructions, when executed on a processor of a proxy positioned on a network separate from a user and the cloud-based provider, implement a method comprising:
monitoring a user’s first network traffic using an adapter selected as specific to a cloud-based provider service at an endpoint of the user that initiates generation of the document by the cloud-based provider service;
monitoring second network traffic, using the adapter, that includes a web page, the web page including:
a link for the user to select to download the generated document, and
an API parameter string that includes a document handle of the generated document;
parsing third network traffic, generated in response to the user selecting the link requesting the download of the document, to identify the document handle from the API parameter string;
determining a sensitivity classification from the identified document handle;
encoding the sensitivity classification into header metadata of the document;
monitoring fourth network traffic that includes an activity being performed with the downloaded document;
extracting the activity being performed from the fourth network traffic and the encoded sensitivity classification;
triggering data exfiltration measurers upon detection of attempted exfiltration based on the encoded sensitivity classification and the activity being performed.  



Allowable Subject Matter
Claim 2-3,7,9-10,14-17 and 21-23 are allowed.

The following is an examiner' s statement of reasons for allowance: 
Lai et al (US 2004/0179687  ) discloses in [0037], that a phone 15 may download a document 44 from server 12 and that prior to transmission from the server to the phone, the server inserts a protection flag into the document to restrict the phone from re-transmitting the document after the download is received.

Barrett et al (CA 1282178 ) discloses on pages 54-55 that a protection class identifier of a document may be included in a lookup table locatable by a document id that identifies the document 

Stappenbeck et al (US 10,133,855 ) discloses in Column 6 lines 28-60 an adapter to facilitate analysis and/or fulfillment of entitlement requests.

The 5 Steps to Cloud Confidence (published by Netskope 2014 used in the previous rejection as NPL1) discloses on page 10 a figure titled 'NETSKOPE TOPOLOGICAL LAYOUT',  an inline proxy between user devices (endpoints) and service providers.  The inline proxy for monitoring and parsing network traffic to determine malicious activity


The prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
a web page including an api string including a document handle for a document that can be downloaded using the web page
while the document is in transit due to the download, parsing the traffic to identify the document handle, determine a sensitivity classification from the document handle, and encode the sensitivity classification into the document.
extracting an activity being performed and the sensitivity classification from fourth traffic to determine an attempted exfiltration



Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD A MCCOY/Examiner, Art Unit 2431