DETAILED ACTION
	This Office Action is in response to the Amendment filed on 04/01/2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Regarding 101 rejections made in the Non-Final Office Action dated 10/07/2021, the amendments submitted on 04/01/2022 for claim 20 is sufficient to over the 101 rejection. Thus, the 101 rejection for claim 20 is hereby withdrawn. However, the  amendment to claim 17 is not sufficient to over the 101 rejection, as such, the 101 rejection for claim 17 is hereby maintained.

Response to Arguments
Applicant’s arguments with respect to claims 1, 8, 17 and 20 have been considered but are moot in view of the new grounds of rejections.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Regarding claims 17, although the preamble of the claim recites “a system” the body of the claim does not positively recite any elements of hardware.  Therefore, the nature of the subject matter claimed may reasonably be construed as software embodiments. The mere recitation of a system in the preamble with an absence of a machine in the body of the claim fails to make the claim statutory under 35 USC 101.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 5-6, 17-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Eschbach et al. (US 2015/0200922 A1-hereinafter Eschbach.)
Regarding claim 1, Eschbach discloses a method for automated on-screen sensitive data identification and obfuscation comprising: 
monitoring, by a protective analytics engine, a user workflow for a user on a desktop (at least figure 5, [0019][0035], system monitors user’s actions/workflow for at least one user on a desktop);
receiving a user request to display desktop data fields on the desktop in a session (at least i.e.: [0008][0030][0036], a user request to view document is received), one or more desktop data fields including an attempt to access sensitive data in the session on the desktop from the user (at least figure 3, [0028]-[0029], one of more fields including an attempt to access DOB & SS#); 
determining user access level for sensitive data for the user (at least [0021] [0026], level of authorization for user is determined); 
obscuring, at a desktop data field level, any sensitive data based on the rnonitoring of the user workflow for the user and the user access level for sensitive data for which the user does not have access to without supplying an additional credential (at least figures 2-3; [0027][0030], sensitive data is hidden from desktop/display until the user provides credential), the obscuring including placing data field block over a desktop data field with sensitive data requiring the additional credential on the desktop before the sensitive data requiring the additional credential is displayed on the desktop such that the sensitive data requiring the additional credential cannot be seen by the user (at least figures 2-3, [0025]-[0026], i.e.: wherein class description is placed over sensitive data); and 
receiving a credential from the user and comparing the credential to at least one protective analytics rule ([0021][0033], user credential is received and compared by system to determine level of authorization.)
Regarding claim 2, Eschbach discloses the method of claim 1. Eschbach also discloses prompting the user to submit a credential to view obscured sensitive data (at least [0021][0026][0033], user is required/prompted to submit a credential to view hidden sensitive data.)

Regarding claim 3, Eschbach discloses the method of claim 1. Eschbach also discloses removing the data field block over the desktop data field with sensitive data requiring the additional credential after receiving an appropriate credential from the user (at least [0025]-[0026], i.e.: redacted field is removed for user with a high rank.)

Regarding claim 5, Eschbach discloses the method of claim 1. Eschbach also discloses the sensitive data is identified manually or by automatic matching to previously known sensitive data characteristics (at least [0023][0025], sensitive data is identified by automatic matching to previous known sensitive data characteristics.)

Regarding claim 6, Eschbach discloses the method of claim 5. Eschbach also discloses assigning a level of sensitivity to the sensitive data (at least [0026][0036], i.e.: assigning authorization level to sensitive data.)

	Claim 17 is rejected for the same rationale as claim 1 above.

	Regarding claim 18, Eschbach discloses the system of claim 17.  Eschbach also discloses a user interface displaying the desktop ([0003]-[006][0019], display of the electronic device.)

Claim 20 is rejected for the same rationale as claims 1 & 17 above.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Eschbach et al. (US 2015/0200922 A1-hereinafter Eschbach.)
Regarding claim 4, Eschbach discloses the method of claim 1. Eschbach does not explicitly disclose keeping the data field block over the desktop data field with sensitive data requiring the additional credential after receiving an inappropriate credential from the user.
However, Eschbach discloses sensitive data is only displayed to the user when a corresponding user credential is provided ([0021][0033].) 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to keep the sensitive data hidden from the user if a wrong/inappropriate credential is received from the user to protect the sensitive data from being seen by unauthorized users.

Regarding claim 14, Eschbach discloses the method of claim 1. Eschbach does not explicitly disclose repeating receiving a credential from the user until reaching a stopping point.
However, it would have been obvious that if a user provides an incorrect credential at a first attempt, then the user would be given at least a second try to provide a correct credential, to allow the user to access/view the sensitive data before the user is locked out of the system.  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to allow repeat receiving a credential from the user until a predetermined times/tries to enhance security to the data of the method.

Regarding claim 15, Eschbach discloses the method of claim 14. Eschbach also obviously discloses the stopping point is an action or condition selected from a group consisting of: the user stops trying to access sensitive data, no data field blocks remain, no data field blocks remain for which the user can supply credential, a given period of time has passed, the user enters inappropriate credentials for a given number of iterations, and any combination thereof ([0005], i.e.: user is no longer using device.)
	  
Regarding claim 16, Eschbach discloses the method of claim 15.  Eschbach does not explicitly disclose at least one of the given period of time or the given number of iterations are based on at least one of an identity of the user, a task, a previous action of the user, a client, a client category, a type or level of sensitivity of the sensitive data, or any combination thereof.
However, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to select the given period of time as the stopping point based on an identity of the user to ensure that the user the user is given a proper amount of times/tries to provide the credential, but also at the same time protect the data of the method.

Claims 7 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Eschbach and in view of Zimmermann et al. (2018/0027006 A1-hereinafter Zimmermann.)
Regarding claim 7, Eschbach discloses the method of claim 1. Eschbach does not explicitly disclose identifying recognized workflows by manual definition or by using machine learning algorithms.
However, Zimmermann discloses recognized workflows by manual definition or by using machine learning algorithms ([00557], the machine learning engine may provide advanced analysis that adaptively learns, such as learning patterns in user behavior (at least figure 65, step 6510.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teaching of Zimmermann into the method of Eschbach to track user behavior when accessing sensitive data and make appropriate decisions based on the tracked user actions.

Regarding claim 11, Eschbach discloses the method of claim 1.  Eschbach also discloses completely obscuring the desktop with a data field block (at least [0026], user with rank of 1 may have all field redacted.)
Eschbach does not disclose detecting an attempt by the user to bypass the method for automated on-screen sensitive data identification and obfuscation; and restarting the method for automated on-screen sensitive data identification and obfuscation.
However, Zimmermann discloses detecting an attempt by the user to bypass the method for automated on-screen sensitive data identification and obfuscation (at least [0239], suspicious login attempt); and restarting the method for automated on-screen sensitive data identification and obfuscation (at least [0183], i.e.: new inputs restarts the method.)
Therefore, it would have been obvious to one of ordinary skill in the before the effective filing date of the claimed invention to include the teaching of Zimmermann into the method of Eschbach to detect attempts to acquire sensitive data through misuse of system or credentials.
Regarding claim 12, Eschbach and Zimmermann disclose the method of claim 11. Zimmermann also discloses logging an attempt by the user to bypass the method for automated on-screen sensitive data identification and obfuscation (at least [0190], user’s attempts to login into a system is tracked.)
Therefore, it would have been obvious to one of ordinary skill in the before the effective filing date of the claimed invention to include the teaching of Zimmermann into the method Eschbach to keep a record of user’s attempts in order to provide valuable feedback to improve the method. 

Regarding claim 13, Eschbach and Zimmermann disclose the method of claim 11. Zimmermann also discloses transmitting an alert to staff that the user attempted to bypass the method for automated on-screen sensitive data identification and obfuscation (at least [0486], tracking and reporting on user behavior.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teaching of Zimmermann to provide warning and to provide remediation to the method.

Claims 8-10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Eschbach and in view of Antonatos et al. (US 2019/0236305 A1-hereinafter Antonatos.)
Eschbach discloses the method of claim 1.  Eschbach also discloses all the limitations of claim 8, except the limitations “recording the session with a screen recorder” and playing the recording of the session of the desktop for a viewer;”
However, Antonatos discloses recording a session with a screen recorder (at least figure 7, [0042]) and playing the recorded session (at least[0031]. )
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teaching of Antonatos so that any violations to data policy can be captured. 

Regarding claim 9, Eschbach and Antonatos disclose the method of claim 8. Eschbach also discloses removing the data field block over the desktop data field with sensitive data after receiving an appropriate credentials from the viewer ([0021][0033], when a correct user credential is provided, then sensitive data for the user level of authentication is displayed to the user.)

Regarding claim 10, Eschbach and Antonatos disclose the method of claim 8. Eschbach and Antonatos do not explicitly disclose keeping the data field block over the desktop data field with sensitive data requiring the additional credential  after receiving an inappropriate credential from the viewer.
However, Eschbach discloses sensitive data is only displayed to the user when a corresponding user credential is provided ([0021][0033].) 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to keep the sensitive data hidden from the user if a wrong/inappropriate credential is received from the user to protect the sensitive data from being seen by unauthorized users.

Regarding claim 19, Eschbach discloses the system of claim 18.  Eschbach does not explicitly disclose a screen recorder operatively connected to the user interface to record the desktop during the session.
However, Antonatos discloses a screen recorder operatively connected to a user interface to record a desktop during a session to record the desktop (at least [0048], screen recording.)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the teaching of Antonatos so that any violations to data policy can be captured. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/          Primary Examiner, Art Unit 2438