Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 10 and 19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Saxe et al. (US PAT 8925099), hereinafter "Saxe".
Regarding Claim 10, Saxe discloses:
A method, comprising: 
using a classification algorithm trained using a machine learning process, periodically analyzing data provided to a particular third party to identify one or more privacy issues (i.e. using private data isolation engine / classifier engine [i.e. a classification algorithm] employing a feedback loop [i.e. trained using a machine learning process], the method/system may periodically collect and analyze the user’s data provided to third parties to identify privacy risks [i.e. one or more privacy issues]) (Fig. 7, Column 3 Line # 22 – 40, Column 7 Line # 22 – 44, Column 9 Line # 18 - 26); 
in response to the analysis, identifying an action to be taken with respect to the particular third party (i.e. based on the analysis, the system may identify tips/recommendations [i.e. an action to be taken] on how to improve user’s privacy with respect to third parties; Example recommendations can include what data should be removed from a site/source, deleting an account with a particular third party, etc. [i.e. an action to be taken with respect to the particular third party ]) (Fig. 7, Column 10 Line # 34 – 67 and Column 11 Line # 1 – 9); 
presenting information to a user regarding the identified action (i.e. user, e.g. Bob, can see [i.e. information is presented] tips [i.e. the identified action] on how to improve his private data access online) (Fig. 7, Column 10 Line # 34 – 67 and Column 11 Line # 1 – 9).


Regarding Claim 19, Saxe discloses:
A computer storage media storing computer-readable instructions that when executed cause a computing device (i.e. a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor) (Column 1 Line # 53 – 67) to: 
receive information from one or more trusted news feeds (i.e. system may receive data determined to be potentially associated with a ser from a variety of sources, including websites 110-112, third party data sources 114, social networking websites 120-122, and other Internet or web based sources, such as blogs and forums) (Column 4 Line # 1 – 6); 
using natural language processing, determine a potential privacy or security issue regarding a third party with whom data has been shared (i.e. using natural language processing, the system may determine privacy risk [i.e. a potential privacy or security issue] regarding a particular third party with whom data, e.g. user’ account information, birthday, etc., has been shared) (Fig. 7, Column 4 Line # 53 – 67, Column 5 Line # 1 – 7 and Column 13 Line # 4 - 19); and 
provide information to a user regarding the determined potential privacy or security issue regarding the third party (i.e. user will be presented with a suggestion(s), such as the following: "Close/delete your account with third party X" [i.e. information the determined potential privacy or security issue regarding the third party]) (Fig. 7, Column 13 Line # 4 – 19 and Column 13 Line # 40 - 63).










Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 3-9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dunjic et al. (US PG PUB 20200311298), hereinafter "Dunjic", in views of Skinner et al. (US PAT 10347293), hereinafter "Skinner".
Regarding Claim 1, Dunjic discloses:
A third party data management system (i.e. method/system for sharing data with third party servers) (Abstract, Fig. 1, ¶ 0042 - 0043 and ¶ 0110), 
comprising: a computer comprising a processor and a memory having computer-executable instructions stored thereupon (i.e. processor 210 coupled to memory 220 storing executable instructions) (Fig. 2 and ¶ 0052 – 0053) 
which, when executed by the processor, cause the computer to: 
receive a request to add a third party for sharing of data (i.e. the system may receive an input/request selecting a third party server to be added to a list of third party servers for sharing of data) (Fig. 7, Fig. 8, Fig. 9, Fig. 11, ¶ 0110 and 0119); 
analyze one or more types of data that will be shared with the third party to determine a risk of sharing data with the third party (i.e. method/system may analyze data that is to be shared with a third party server based on type of the data in order to determine the risk score associated with sharing the data with the third party) (¶ 0068, ¶ 0084 – 0085); and 
provide information to a user regarding the determined risk of sharing data with the third party (i.e. method/system may provide the user with information including the determined risk score associated with the user for sharing the data with the third party server) (Fig. 9 and ¶ 0117).
However, Dunjic does not explicitly disclose:
using a classification algorithm trained using a machine learning process, 
On the other hand, in the same field of endeavor, Skinner teaches:
using a classification algorithm trained using a machine learning process, analyze one or more types of data that will be shared with the third party to determine a risk of sharing data with the third party (i.e. using risk classification algorithm trained using a machine learning process, system may analyze one or more types of content/information, e.g. different confidential levels, that will be shared with a particular recipient [i.e. the third party] to determine a risk score that reflects sharing of the content/information [i.e. a risk of sharing data] with the recipient [i.e. the recipient]) (Column 9 Line # 66 – 67, Column 10 Line # 1 – 2, Column 13 Line # 43 – 67 and Column 14 Line # 1 – 3).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the system of Dunjic to include the feature to, using a classification algorithm trained using a machine learning process, analyze one or more types of data that will be shared with the third party to determine a risk of sharing data with the third party as taught by Skinner in order to implement the risk assessment associated with the data sharing based on machine learning algorithm (Column 9 Line # 66 – 67, Column 10 Line # 1 – 2, Column 13 Line # 43 – 67 and Column 14 Line # 1 – 3).

Regarding Claim 3, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the classification algorithm comprises at least one of a linear regression algorithm, a logistic regression algorithm, a decision tree algorithm, a support vector machine (SVM) algorithm, a Naive Bayes algorithm, a K- nearest neighbors (KNN) algorithm, a K-means algorithm, a random forest algorithm, a dimensionality reduction algorithm, an Artificial Neural Network, and/or a Gradient Boost & Adaboost algorithm (i.e. Some embodiments may classify such vectors with a decision learning tree or random forests, for example, trained with CART on historical labeled examples of confidential or nonconfidential text) (Column 11 Line # 39 – 55).
The motivation to combine the references is similar to that of claim 1.

Regarding Claim 4, Dunjic and Skinner disclose, in particular Skinner teaches:
train the classification algorithm using a machine learning process that utilizes various features present in at least one of the data or types of data with the classification algorithm representing an association among the features (i.e. classifier [i.e. the classification algorithm] is trained using a machine learning process; Patterns [i.e. various features] presented in data are utilized to recognize patterns [i.e. features] representing the confidentiality associated with the data) (Column 9 Line # 66 – 67, Column 10 Line # 1 – 2 and Column 11 Line # 39 – 65).
The motivation to combine the references is similar to that of claim 1.

Regarding Claim 5, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the classification algorithm is trained in at least one of a supervised, semi-supervised, or unsupervised manner (i.e. unsupervised model may be trained to detect those features that appear more frequently and based on those features) (Column 24 Line # 3 - 5).
The motivation to combine the references is similar to that of claim 1.

Regarding Claim 6, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the classification algorithm is adaptively updated based, at least in part, upon a user's interaction with the information provided to the user regarding the determined risk of sharing data with the third party (i.e. Some embodiments may dynamically adjust permissions based upon risk scores, for instance, removing permissions associated with user accounts that permit unredacted sharing [i.e. upon a user's interaction with the information provided to the user regarding the determined risk of sharing data] outside of an organization [i.e. the third party], removing permissions that permit sharing at all, adjusting thresholds [i.e. the classification algorithm is adaptively updated] by which information is classified as confidential to increase the amount of information classified as confidential) (Column 14 Line # 14 - 21).
The motivation to combine the references is similar to that of claim 1.

Regarding Claim 7, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the classification algorithm is trained to classify data in accordance with particular rules (i.e. patterns may be learned by training machine learning models on historical labeled training sets of confidential and nonconfidential text by topic [i.e. in accordance with particular rules]) (Column 9 Line # 32 - 50).
The motivation to combine the references is similar to that of claim 1.

Regarding Claim 8, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the particular rules are based, at least in part, upon, at least one of a contractual requirement, an entity requirement, a governmental requirement, a temporal requirement, or a geographical requirement (i.e. patterns may be learned by training machine learning models on historical labeled training sets of confidential and nonconfidential text by topic [i.e. an entity requirement]) (Column 9 Line # 32 - 50).
The motivation to combine the references is similar to that of claim 1.

Regarding Claim 9, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the particular rules set forth a plurality of categories of data to be used by the classification algorithm, and, criteria for classifying data into each of the plurality of categories (i.e. patterns may be learned by training machine learning models on historical labeled training sets of confidential and nonconfidential text by topic [i.e. categories], and the patterns may be implemented by models configured to score and classify text according to the strength with which it exhibits various topics [i.e. classifying data into each of the plurality of categories]) (Column 9 Line # 32 - 50).
The motivation to combine the references is similar to that of claim 1.



Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dunjic in views of Skinner as applied to claim 1 above, and further in view of Pelta et al. (US PAT 11232256), hereinafter "Pelta".
Regarding Claim 2, Dunjic and Skinner disclose all the features with respect to Claim 1 as described above.
However, the combination of Dunjic and Skinner does not explicitly disclose:
analyze a contractual agreement with the third party based, at least in part, up the determined risk of sharing data with the third party to determine whether an additional contractual term is likely needed; and when it is determined that the additional contractual term is likely needed, provide information to the user regarding the additional contractual term.
On the other hand, in the same field of endeavor, Pelta teaches:
analyze a contractual agreement with the third party based, at least in part, up the determined risk of sharing data with the third party to determine whether an additional contractual term is likely needed (i.e. the system may analyze whether the existing contractual relationship [i.e. a contractual agreement] with that entity [i.e. third party] covers data sharing, e.g. has appropriate confidentiality provisions, in order to make the assessment of risk [i.e. the determined risk of sharing data with the third party]. Should the combination of data being shared misalign with the nature of the relationship with the company contractually [i.e. whether an additional contractual term is likely needed], those answers can be challenged) (Column 2 Line # 11 - 21 and Column 4 Line # 14 – 24); and 
when it is determined that the additional contractual term is likely needed, provide information to the user regarding the additional contractual term (i.e. Should the combination of data being shared misalign with the nature of the relationship with the company contractually [i.e. when determined an additional contractual term is likely needed], those answers can be challenged resulting in the request being sent back to the requestor for revision [i.e. provide information to the user regarding the additional contractual term]) (Column 4 Line # 14 – 24).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the system of Dunjic and Skinner to include the feature to analyze a contractual agreement with the third party based, at least in part, up the determined risk of sharing data with the third party to determine whether an additional contractual term is likely needed; and when it is determined that the additional contractual term is likely needed, provide information to the user regarding the additional contractual term as taught by Pelta in order to assess the risk associated with the sharing of data based on the existing contractual agreement between the data sharer and the intended recipient (Column 2 Line # 11 - 21 and Column 4 Line # 14 – 24).



Claim 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saxe as applied to claim 10 above, and further in view of Pelta.
Regarding Claim 11, Saxe discloses all the features with respect to Claim 10 as described above.
However, Saxe does not explicitly disclose:
wherein the action comprises an additional contract term to be added to an existing contractual relationship with the particular third party.
On the other hand, in the same field of endeavor, Pelta teaches:
wherein the action comprises an additional contract term to be added to an existing contractual relationship with the particular third party (i.e. the system may analyze whether the existing contractual relationship covers data sharing, e.g. has appropriate confidentiality provisions. Should the combination of data being shared misalign with the nature of the relationship with the company contractually, those answers can be challenged resulting in the request being sent back to the requestor for revision) (Column 2 Line # 11 - 21 and Column 4 Line # 14 – 24).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the method of Saxe to include the feature wherein the action comprises an additional contract term to be added to an existing contractual relationship with the particular third party as taught by Pelta in order to assess the risk associated with the sharing of data based on the existing contractual agreement between the data sharer and the intended recipient (Column 2 Line # 11 - 21 and Column 4 Line # 14 – 24).

Claims 12-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saxe as applied to claim 10 above, and further in view of Skinner.
Regarding Claim 12, Saxe discloses all the features with respect to Claim 10 as described above.
However, Saxe does not explicitly disclose:
wherein the classification algorithm comprises at least one of a linear regression algorithm, a logistic regression algorithm, a decision tree algorithm, a support vector machine (SVM) algorithm, a Naive Bayes algorithm, a K-nearest neighbors (KNN) algorithm, a K-means algorithm, a random forest algorithm, a dimensionality reduction algorithm, an Artificial Neural Network, and/or a Gradient Boost & Adaboost algorithm.
On the other hand, in the same field of endeavor, Skinner teaches:
wherein the classification algorithm comprises at least one of a linear regression algorithm, a logistic regression algorithm, a decision tree algorithm, a support vector machine (SVM) algorithm, a Naive Bayes algorithm, a K- nearest neighbors (KNN) algorithm, a K-means algorithm, a random forest algorithm, a dimensionality reduction algorithm, an Artificial Neural Network, and/or a Gradient Boost & Adaboost algorithm (i.e. Some embodiments may classify such vectors with a decision learning tree or random forests, for example, trained with CART on historical labeled examples of confidential or nonconfidential text) (Column 11 Line # 39 – 55).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the method of Saxe to include the feature wherein the action comprises an additional contract term to be added to an existing contractual relationship with the particular third party as taught by Skinner in order to train the classification algorithm with readily available machine learning process (Column 11 Line # 39 – 55).

Regarding Claim 13, Saxe discloses all the features with respect to Claim 10 as described above.
However, Saxe does not explicitly disclose:
training the classification algorithm using a machine learning process that utilizes various features present in at least one of the data or types of data with the classification algorithm representing an association among the features..
On the other hand, in the same field of endeavor, Skinner teaches:
training the classification algorithm using a machine learning process that utilizes various features present in at least one of the data or types of data with the classification algorithm representing an association among the features (i.e. classifier [i.e. the classification algorithm] is trained using a machine learning process; Patterns [i.e. various features] presented in data are utilized to recognize patterns [i.e. features] representing the confidentiality associated with the data) (Column 9 Line # 66 – 67, Column 10 Line # 1 – 2 and Column 11 Line # 39 – 65).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the method of Saxe to include the feature training the classification algorithm using a machine learning process that utilizes various features present in at least one of the data or types of data with the classification algorithm representing an association among the features as taught by Skinner in order to train the classification algorithm with readily available machine learning process (Column 11 Line # 39 – 55).

Regarding Claim 14, Saxe and Skinner disclose, in particular Skinner teaches:
wherein the classification algorithm is trained in at least one of a supervised, semi-supervised, or unsupervised manner (i.e. unsupervised model may be trained to detect those features that appear more frequently and based on those features) (Column 24 Line # 3 - 5).
The motivation to combine the references is similar to that of claim 13.

Regarding Claim 15, Saxe discloses all the features with respect to Claim 10 as described above.
However, Saxe does not explicitly disclose:
adaptively updating the classification algorithm based, at least in part, upon a user's interaction with the information provided to the user.
On the other hand, in the same field of endeavor, Skinner teaches:
adaptively updating the classification algorithm based, at least in part, upon a user's interaction with the information provided to the user (i.e. Some embodiments may dynamically adjust permissions based upon risk scores, for instance, removing permissions associated with user accounts that permit unredacted sharing [i.e. upon a user's interaction with the information provided to the user] outside of an organization, removing permissions that permit sharing at all, and adjusting thresholds [i.e. the classification algorithm is adaptively updated] by which information is classified as confidential to increase the amount of information classified as confidential) (Column 14 Line # 14 - 21).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the method of Saxe to include the feature for adaptively updating the classification algorithm based, at least in part, upon a user's interaction with the information provided to the user as taught by Skinner in order to update the machine learning process based on the user’s interactions with the system (Column 14 Line # 14 - 21).

Regarding Claim 16, Saxe discloses all the features with respect to Claim 10 as described above.
However, Saxe does not explicitly disclose:
wherein the classification algorithm is trained to classify data in accordance with particular rules.
On the other hand, in the same field of endeavor, Skinner teaches:
wherein the classification algorithm is trained to classify data in accordance with particular rules (i.e. patterns may be learned by training machine learning models on historical labeled training sets of confidential and nonconfidential text by topic [i.e. in accordance with particular rules]) (Column 9 Line # 32 - 50).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the method of Saxe to include the feature wherein the classification algorithm is trained to classify data in accordance with particular rules as taught by Skinner in order to apply rules based training process (Column 9 Line # 32 - 50).

Regarding Claim 17, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the particular rules are based, at least in part, upon, at least one of a contractual requirement, an entity requirement, a governmental requirement, a temporal requirement, or a geographical requirement (i.e. patterns may be learned by training machine learning models on historical labeled training sets of confidential and nonconfidential text by topic [i.e. an entity requirement]) (Column 9 Line # 32 - 50).
The motivation to combine the references is similar to that of claim 16.

Regarding Claim 18, Dunjic and Skinner disclose, in particular Skinner teaches:
wherein the particular rules set forth a plurality of categories of data to be used by the classification algorithm, and, criteria for classifying data into each of the plurality of categories (i.e. patterns may be learned by training machine learning models on historical labeled training sets of confidential and nonconfidential text by topic [i.e. categories], and the patterns may be implemented by models configured to score and classify text according to the strength with which it exhibits various topics [i.e. classifying data into each of the plurality of categories]) (Column 9 Line # 32 - 50).
The motivation to combine the references is similar to that of claim 16.




Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Saxe as applied to claim 19 above, and further in view of Wisilosky et al. (US PAT 8307427), hereinafter "Wisilosky".
Regarding Claim 20, Saxe discloses all the features with respect to Claim 19 as described above.
However, Saxe does not explicitly disclose:
determine a risk assessment associated with the potential privacy or security issue; and when the determined risk assessment is greater than a threshold, initiate a process for preventing further data sharing with the third party.
On the other hand, in the same field of endeavor, Wisilosky teaches:
determine a risk assessment associated with the potential privacy or security issue (i.e. the system may determine sensitivity score [i.e. a risk assessment] which is associated with confidential level [i.e. privacy issue]) (Column 9); and 
when the determined risk assessment is greater than a threshold, initiate a process for preventing further data sharing with the third party (i.e. if the sensitivity score [i.e. the determined risk assessment] is greater than risk of release level [i.e. a threshold], the system prevents such data from being shared with external entity [i.e. the third party]) (Column 3 Line # 64 – 67, Column 4 Line # 1 – 3 and Column 9).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify the storage media of Saxe and Skinner to include the feature to determine a risk assessment associated with the potential privacy or security issue; and when the determined risk assessment is greater than a threshold, initiate a process for preventing further data sharing with the third party as taught by Wisilosky in order to make data sharing arrangement based on sensitivity/confidentiality of the data being shared as well as the level of security associated with the entity which the data is being shared with (Column 3 Line # 64 – 67, Column 4 Line # 1 – 3 and Column 9).





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SOE MIN HLAING whose telephone number is (303)297-4282. The examiner can normally be reached Monday-Friday 9AM - 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christopher Parry can be reached on 571-272-8328. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Soe Hlaing/Primary Examiner, Art Unit 2451