Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Office Action is in response to the instant Application 16/867,887 filed on 5/6/2020. Claims 1-20 are pending. This Office Action is Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 5/6/2020 and 1/21/2022, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: agent, analyzer, predictor and unit in claims 10 and 11.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3, 5, 7, 10-14, 16 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Prokop et al. (US  2020/0050779) in view of Badam et al. (US 2016/0294818).

	As per claim 1, Prokop teaches 1 a computer-implemented method for mitigating a cybersecurity risk on a computer that potentially includes a plaintext password, the method comprising: searching a computer resource on the computer; analyzing any text in the computer resource; detecting a string of characters in the text that potentially includes a plaintext password (Prokop, Paragraph 0058 recites “At step 416, the plaintext can be optionally processed by the encryption module 406 to determine the plaintext includes sensitive data. Such processing can be performed in various ways. For example, the secure string instance can be associated with sensitive data and encrypt all plaintext received. In another example, the encryption module 406 can scan the plaintext to identify char arrays of a particular size, such as 16. In yet another example, the encryption module 406 can scan the plaintext to identify byte strings ending with a particular hex value that is associated with sensitive data. The attack window can be minimized by storing the plaintext ad encrypted sensitive data.” Prokop is demonstrating a scan of data and identifying a string as plaintext sensitive data such as passwords.).



	But fails to teach determining a confidence score for the string of characters indicating a likelihood the string of characters includes the plaintext password; and effectuating a remediation action based on the confidence score, wherein the remediation action includes encrypting the string of characters when the confidence score is equal to or greater than a first certainty level.
	However, in an analogous art Badam teaches determining a confidence score for the string of characters indicating a likelihood the string of characters includes the plaintext password; and effectuating a remediation action based on the confidence score, wherein the remediation action includes encrypting the string of characters when the confidence score is equal to or greater than a first certainty level (Badam, Paragraph 0022 recites “ In an example, second data, corresponding to a second portion of the social network file may be identified (e.g., the social network application may be storing an application binary update within the social network file). The data sensitivity specification may be evaluated to determine a second data sensitivity for the second data. Responsive to the second data sensitivity exceeding the encryption threshold (e.g., the second data sensitivity may indicate that the application binary update is sensitive, and thus the second data sensitivity may exceed the encryption threshold), the second data may be stored as encrypted second data within the partially encrypted file system. Responsive to the second data sensitivity not exceeding the encryption threshold (e.g., the second data sensitivity may indicate that the application binary update is not sensitive, and thus the second data sensitivity may not exceed the encryption threshold), the second data may be stored as unencrypted second data within the partially encrypted file system. In an example, the physical user location data of the social network file may be stored as the encrypted data and the application binary update of the social network file may be stored as the unencrypted second data, and thus one portion of a file may be stored as encrypted data while another portion of the file may be stored as unencrypted data.” Badam is teaching that based on the data’s particular data sensitivity, it will be determined to encrypt data or keep data unecrypted.  While Badam does not use the term ‘score,’ the data sensitivity is compared to an encryption threshold therefore the data sensitivity would have a numerical value.).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date, to use Badam’s power efficient storage management with Prokop’s reducing compromise of sensitive data in virtual machine because the use of using a sensitivity measure to determine if data requires encryption, would be an efficient way of saving data since only pertinent data is encrypted.

	As per claim 2, Prokop in combination with Badam teaches the computer-implemented method in claim 1, Prokop further teaches wherein the remediation action includes encrypting the computer resource, including the plaintext password, when the confidence score is equal to or greater than the first certainty level (Prokop, Paragraph 0062 recites “At step 422, the encryption module 406 can use the key and an encryption algorithm to encrypt the plaintext.” And Paragraph 0058 recites “At step 416, the plaintext can be optionally processed by the encryption module 406 to determine the plaintext includes sensitive data. Such processing can be performed in various ways. For example, the secure string instance can be associated with sensitive data and encrypt all plaintext received.”).

	As per claim 3, Prokop in combination with Badam teaches the computer-implemented method in claim 1, Badam further teacheswherein the remediation action includes password verification when the confidence score is less than the first certainty level but equal to or greater than a second certainty level  (Badam, Paragraph 0022 recites “ In an example, second data, corresponding to a second portion of the social network file may be identified (e.g., the social network application may be storing an application binary update within the social network file). The data sensitivity specification may be evaluated to determine a second data sensitivity for the second data. Responsive to the second data sensitivity exceeding the encryption threshold (e.g., the second data sensitivity may indicate that the application binary update is sensitive, and thus the second data sensitivity may exceed the encryption threshold), the second data may be stored as encrypted second data within the partially encrypted file system. Responsive to the second data sensitivity not exceeding the encryption threshold (e.g., the second data sensitivity may indicate that the application binary update is not sensitive, and thus the second data sensitivity may not exceed the encryption threshold), the second data may be stored as unencrypted second data within the partially encrypted file system. In an example, the physical user location data of the social network file may be stored as the encrypted data and the application binary update of the social network file may be stored as the unencrypted second data, and thus one portion of a file may be stored as encrypted data while another portion of the file may be stored as unencrypted data.” Badam is teaching that based on the data’s particular data sensitivity, it will be determined to encrypt data or keep data unecrypted.  While Badam does not use the term ‘score,’ the data sensitivity is compared to an encryption threshold therefore the data sensitivity would have a numerical value.).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date, to use Badam’s power efficient storage management with Prokop’s reducing compromise of sensitive data in virtual machine because the use of using a sensitivity measure to determine if data requires encryption, would be an efficient way of saving data since only pertinent data is encrypted.

	As per claim 5, Prokop in combination with Badam teaches the computer-implemented method in claim 2, Prokop further teaches labeling the string of characters as a plaintext password (Prokop, Paragraph 0058 recites “At step 416, the plaintext can be optionally processed by the encryption module 406 to determine the plaintext includes sensitive data. Such processing can be performed in various ways. For example, the secure string instance can be associated with sensitive data and encrypt all plaintext received.”).

	As per claim 7, Prokop in combination with Badam teaches the computer-implemented method in claim 3, Prokop further teaches provisionally labeling the string of characters as a potential plaintext password (Prokop, Paragraph 0058 recites “At step 416, the plaintext can be optionally processed by the encryption module 406 to determine the plaintext includes sensitive data. Such processing can be performed in various ways. For example, the secure string instance can be associated with sensitive data and encrypt all plaintext received.”).

Regarding claims 10 and 12, claims 10 and 12 are directed to a system and a non-transitory computer readable storage medium associated with the method of claim 1. Claims 10 and 12 are of similar scope to claim 1, and are therefore rejected under similar rationale.

Regarding claims 11 and 13, claims 11 and 13 are directed to a system and a non-transitory readable medium associated with the method of claim 2. Claims 11 and 13 are of similar scope to claim 2, and are therefore rejected under similar rationale.

	Regarding claim 14, claim 14 is directed to a non-transitory computer readable storage medium associated with the method of claim 3 respectively. Claim 14 is similar in scope to claim 3, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 16, claim 16 is directed to a non-transitory computer readable storage medium associated with the method of claim 5 respectively. Claim 16 is similar in scope to claim 5, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 18, claim 18 is directed to a non-transitory computer readable storage medium associated with the method of claim 7 respectively. Claim 18 is similar in scope to claim 7, respectively, and are therefore rejected under similar rationale. 
Claims 4, 8, 9, 15, 19 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Prokop et al. (US  2020/0050779) and Badam et al. (US 2016/0294818) and in further view of Parthasarathy (US  2020/0057864).

	As per claim 4, Prokop in combination with Badam teaches the computer-implemented method in claim 1, but fails to teach wherein the remediation action includes labeling the string of characters as a false positive when the confidence score is less than a third certainty level.
	However, in an analogous art Parthsarathy teaches wherein the remediation action includes labeling the string of characters as a false positive when the confidence score is less than a third certainty level (Parthasarathy, Paragraph 0065 recites “According to an embodiment herein the SDDE, determines 107 sensitive data from the scored data, for example, within 2 or 3 iterations In the determination of the sensitive data from the scored data, the SDDE classifies the accessed data as sensitive data, or potentially sensitive data, or not sensitive data based on the executed match operations in the configured scanning pathway If the score assigned to the accessed data meets the minimum threshold, the SDDE selects classifies that data location, for example, a table or a column, containing the accessed data as sensitive. If the score assigned to the accessed data does not meet the minimum threshold, the SDDE classifies the data location containing the accessed data as a false positive.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date, to use Parthasarathy’s system and method for data classification centric sensitive data discovery with Prokop’s reducing compromise of sensitive data in virtual machine because by recognizing false positives, would help ensure proper classification.

	As per claim 8, Prokop in combination with Badam teaches the computer-implemented method in claim 7, but fails to teach determining whether the provisionally labeled plaintext password includes an actual plaintext password or a false positive. 
	However, in an analogous art Parthsarathy teaches determining whether the provisionally labeled plaintext password includes an actual plaintext password or a false positive (Parthasarathy, Paragraph 0065 recites “According to an embodiment herein the SDDE, determines 107 sensitive data from the scored data, for example, within 2 or 3 iterations In the determination of the sensitive data from the scored data, the SDDE classifies the accessed data as sensitive data, or potentially sensitive data, or not sensitive data based on the executed match operations in the configured scanning pathway If the score assigned to the accessed data meets the minimum threshold, the SDDE selects classifies that data location, for example, a table or a column, containing the accessed data as sensitive. If the score assigned to the accessed data does not meet the minimum threshold, the SDDE classifies the data location containing the accessed data as a false positive.”).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date, to use Parthasarathy’s system and method for data classification centric sensitive data discovery with Prokop’s reducing compromise of sensitive data in virtual machine because by recognizing false positives, would help ensure proper classification.

	As per claim 9, Prokop in combination with Badam and Parthasarathy teaches the computer-implemented method in claim 8, Prokop further teaches labeling the potential plaintext password as a confirmed plaintext password when the provisionally labeled plaintext password is determined to include the actual plaintext password (Prokop, Paragraph 0058 recites “At step 416, the plaintext can be optionally processed by the encryption module 406 to determine the plaintext includes sensitive data. Such processing can be performed in various ways. For example, the secure string instance can be associated with sensitive data and encrypt all plaintext received.”).

	Regarding claim 15, claim 15 is directed to a non-transitory computer readable storage medium associated with the method of claim 4 respectively. Claim 15 is similar in scope to claim 4, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 19, claim 19 is directed to a non-transitory computer readable storage medium associated with the method of claim 8 respectively. Claim 19 is similar in scope to claim 8, respectively, and are therefore rejected under similar rationale. 

	Regarding claim 20, claim 20 is directed to a non-transitory computer readable storage medium associated with the method of claim 9 respectively. Claim 20 is similar in scope to claim 9, respectively, and are therefore rejected under similar rationale. 

 
Claim 6 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Prokop et al. (US  2020/0050779) and Badam et al. (US 2016/0294818) and in further view of Boutnaru (US 2020/0065476).

	As per claim 6, Prokop in combination with Badam teaches the computer-implemented method in claim 5, but fails to teach updating a parametric value in a machine learning model based on the labeled plaintext password; and storing the labeled plaintext password in a database.
	However, in an analogous art Boutnaru teaches updating a parametric value in a machine learning model based on the labeled plaintext password; and storing the labeled plaintext password in a database (Boutnaru, Paragraph 0020 recites “Text classifier 230 may be any text classifier capable of making a prediction (after training into trained text classifier 250) about the likelihood of a sequence of characters appearing within a text sample, in various embodiments, and may be implemented as stored computer-executable instructions. E.g., trained text classifier 250 may be fed the sequence of input “The quick brown fox jumped over the lazy ______”, and then try to predict the likelihood of the next character sequence.” Boutnaru, is teaching a text learning, which is a machine learning method, to identify text for future detection.  It would be obvious to apply this to plaintext sensitive data.).
	It would have been obvious to a person of ordinary skill in the art, at the earliest effective filing date, to use Boutnaru’s Cleartext Password Detection Using Machine Learning with Prokop’s reducing compromise of sensitive data in virtual machine because using a machine learning technique is a more efficient method of performing tasks because it does not require human interaction.

	Regarding claim 17, claim 17 is directed to a non-transitory computer readable storage medium associated with the method of claim 6 respectively. Claim 17 is similar in scope to claim 6, respectively, and are therefore rejected under similar rationale. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661. The examiner can normally be reached Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

RODERICK . TOLENTINO
Examiner
Art Unit 2439



/RODERICK TOLENTINO/Primary Examiner, Art Unit 2439