DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
                                       Examiner’s Amendment
2. 	An examiner’s amendment to the record appears below. Should the changes and/or
additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the
payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with
Applicant’s representative, Christopher S. Haggerty (Reg. No.: 58, 100) on May 18, 2022.  The Applicant’s representative has agreed and authorized the Examiner to amend claims 1, 9, and 15; and cancel claims 2-3, 6-7, 10-11, and 16-17.

The application has been amended as follows:
	
Claims

1.	(Currently Amended) A method comprising: 
	generating, by computing hardware, a data transfer record representing a transfer of data from a first data asset to a second data asset, the data transfer record comprising an indication of a type for the data; 
	identifying a data model associated with the first data asset and the second data asset;
	analyzing, by the computing hardware, the data model to identify a first location of the first data asset and a second location of the second data asset, wherein: 
the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, 
at least one of the first set of data attributes or the second set of data attributes comprises at least one of an Internet Protocol address or a domain, and
analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location;
	performing, by the computing hardware, a data transfer assessment using a set of data transfer rules applicable to the transfer of the data based on the type for the data, the first location, and the second location;
	identifying, by the computing hardware, a data transfer risk based on the data transfer assessment; 
	generating, by the computing hardware, a risk rating for the transfer of the data from the first data asset to the second data asset based on the data transfer risk; 
determining, by the computing hardware, that the risk rating satisfies a risk threshold; and
responsive to determining that the risk rating satisfies the risk threshold, causing, by the computing hardware, performance of an action to address the data transfer risk, wherein the action comprises at least one of (i) generating a secure link between the first data asset and the second data asset so that the transfer of the data can be conducted via the secure link, (ii) suspending the transfer of the data from the first data asset to the second data asset, or (iii) having the data involved in the transfer encrypted.

2-7.  (Canceled)

9.	(Currently Amended) A system comprising:
	a non-transitory computer-readable medium storing instructions; and
	a processing device communicatively coupled to the non-transitory computer-readable medium,
	wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: 
identifying a transfer of data from a first data asset to a second data asset;
analyzing a data model associated with the first data asset and the second data asset to identify a first location of the first data asset and a second location of the second data asset, wherein:
the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, 
at least one of the first set of data attributes or the second set of data attributes comprises at least one of an Internet Protocol address or a domain, and
analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location;
	identifying a set of data transfer rules application to the transfer of the data based on a type of data involved in the transfer; 
performing a data transfer assessment using the set of data transfer rules based on the first location and the second location;
	identifying a data transfer risk based on the data transfer assessment; 
	generating a risk rating for the transfer of the data from the first data asset to the second data asset based on the data transfer risk; 
determining that the risk rating satisfies a risk threshold; and
responsive to determining that the risk rating satisfies the risk threshold, causing performance of an action to address the data transfer risk, wherein the action comprises at least one of (i) generating a secure link between the first data asset and the second data asset so that the transfer of the data can be conducted via the secure link, (ii) suspending the transfer of the data from the first data asset to the second data asset, or (iii) having the data involved in the transfer encrypted.

10-11. (Canceled)

15. 	(Currently Amended) A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: 
analyzing a data model associated with a first data asset and a second data asset to identify a first location of the first data asset and a second location of the second data asset, wherein: 
the first data asset and the second data asset are involved in a transfer of data, 
the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, 
at least one of the first set of data attributes or the second set of data attributes comprises at least one of an Internet Protocol address or a domain, and
analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location;
performing a data transfer assessment to identify a data transfer risk by using a set of data transfer rules applicable to the transfer of the data based on a type for the data, the first location, and the second location;
	generating a risk rating for the transfer of the data from the first data asset to the second data asset based on the data transfer risk; and
causing performance of an action to address the data transfer risk based on the risk rating satisfying a risk threshold, wherein the action comprises at least one of (i) generating a secure link between the first data asset and the second data asset so that the transfer of the data can be conducted via the secure link, (ii) suspending the transfer of the data from the first data asset to the second data asset, or (iii) having the data involved in the transfer encrypted.

16-17. (Canceled)

                                       Examiner’s Statement of Reasons for Allowance

3. 	Claims 1, 4-5, 8-9, 12-15, and 18-20 are allowable.
The following is an Examiner’s statement of reasons for allowance:
The closest prior art is Rose et al. (2017/0272412) discloses the confinement module may include a transfer decision module which determines whether to transfer data based on a location restriction of with the data. Accordingly, the transfer decision module may prevent transfer of the data to a target data server based on the location restriction. The transfer decision module identifies the location restriction. For example, the transfer decision module may query the data property module to identify the location restriction.  The transfer decision module identifies a location property of a target data server. As used herein, a target data server refers to an intended recipient of the data. The location property may be a physical (geographic) location of the storage target, a network, administrative domain, or other virtual location of the storage target, and/or a specific set of hardware comprising the storage target. The transfer decision module may query the target data server for its location property or, alternatively, access a location in the memory storing the location property of the target data server.  The transfer decision module compares the location restriction to the location property of the target data server. The location restriction is a set or range of allowable storage locations for the data. If the location property matches an allowable storage location (indicated by the location restriction), then the transfer decision module approves transfer of the data. 
	The prior art of Rose et al. (2017/0272412) does not disclose or suggest, “identifying a data model associated with the first data asset and the second data asset; analyzing, by the computing hardware, the data model to identify a first location of the first data asset and a second location of the second data asset, wherein: the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, at least one of the first set of data attributes or the second set of data attributes comprises at least one of an Internet Protocol address or a domain, and analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location; performing, by the computing hardware, a data transfer assessment using a set of data transfer rules applicable to the transfer of the data based on the type for the data, the first location, and the second location”.
	The prior art of Weinflash (2012/0239557) discloses for assessing the risk associated with a transfer to a recipient account. In the specific embodiment illustrated, the assessment occurs at the time that a transfer transaction takes place and the assessment includes both an assessment of recipient account characteristics and transfer transaction characteristics in order to arrive at a risk score or level. However, as mentioned earlier, in some embodiments at least part of the risk score associated with a recipient account may been previously determined or calculated using recipient account characteristics previously stored (and updated) in the database device, based on previous transfers of recipient account data from each of the financial institutions.
	The prior art of Weinflash (2012/0239557) does not disclose or suggest, “identifying a data model associated with the first data asset and the second data asset; analyzing, by the computing hardware, the data model to identify a first location of the first data asset and a second location of the second data asset, wherein: the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, at least one of the first set of data attributes or the second set of data attributes comprises at least one of an Internet Protocol address or a domain, and analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location; performing, by the computing hardware, a data transfer assessment using a set of data transfer rules applicable to the transfer of the data based on the type for the data, the first location, and the second location”.
	The non-patent literature of Nemec (Title: Assessment of Query Execution Performance…) teaches the assessment of an experimental data modeling approach which is intended to support the agile oriented data modeling. The approach is based on the Anchor Data Modeling technique and is applied on a multidimensional data model. The assessed approach is expected to facilitate more effective execution of queries in the data mart environment. The emphasis is placed on the comparison of the query execution performance using database schemas, each built using traditional and the experimental approach. The tests are done in the environment of selected modern Business Intelligence tools, and using two test queries with varying output dataset sizes. The results show that the use of the database schema, created according to the experimental data modeling approach, had positive impact on the querying performance in several cases. The magnitude of impact on the querying performance, however, varied depending on each query’s respective resulting dataset size.
	The non-patent literature of Nemec does not teach or suggest, “identifying a data model associated with the first data asset and the second data asset; analyzing, by the computing hardware, the data model to identify a first location of the first data asset and a second location of the second data asset, wherein: the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, at least one of the first set of data attributes or the second set of data attributes comprises at least one of an Internet Protocol address or a domain, and analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location; performing, by the computing hardware, a data transfer assessment using a set of data transfer rules applicable to the transfer of the data based on the type for the data, the first location, and the second location”.
Any comments considered necessary by applicant must be submitted no later than the
payment of the issue fee and, to avoid processing delays, should preferably accompany
the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons
for Allowance."


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





5/19/2022
/J.E.J/Examiner, Art Unit 2439    


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439