DETAILED ACTION

Status of the Claims
The following is a Non-final Office Action in response to amendments and remarks filed 24 March 2022.
Claims 1, 4-5, 13-14, 17-18, and 25-6 have been amended.
Claims 7 and 19-20 has been cancelled.
Claim 27 has been added.
Claims 1-6, 8-18 and 21-27 are pending and have been examined.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07 April 2022 has been entered.
 
Response to Arguments
Applicant's arguments, and in light of the amendments, regarding the §112 rejection have been fully considered and overcome the rejections.  As such the rejections have been withdrawn. 
Applicants again argue that the 35 U.S.C. 101 rejection under the Alice Corp. vs. CLS Bank Int’l be withdrawn; however the Examiner respectfully disagrees.  The Examiner notes that in order to be patent eligible under 35 U.S.C. 101, the claims must be directed towards a patent eligible concept, which, the instant claims are not directed.  Contrary to Applicants’ assertion that the claims are not a mental process and/or certain methods of organizing human activities, the Examiner notes that analyzing content (posts) for sensitive information and subsequently performing an action is a function that editors, content curators, producers, administrators, publishers etc. have traditionally performed/provided for medium or media (i.e. redacting/editing out/censoring certain kinds of information deemed sensitive based upon categories).  This is a clear organization of human activities as well as a completely subjective mental process of evaluating such data collected.  Next, the claims are not directed to a practical application of the concept. The claims do not result in improvements to the functioning of a computer or to any other technology or technical field. They do not effect a particular treatment for a disease. They are not applied with or by a particular machine. They do not effect a transformation or reduction of a particular article to a different state or thing. And they are not applied in some other meaningful way beyond generally linking the use of the judicial exception (i.e., performing an action based upon analyzed sensitive information in posts) to a particular technological environment (i.e., over a social network and/or the Internet). Here, again as noted in the previous rejection, the additional element(s) of “one or more processors” (or “A computer system for preventing disclosure of sensitive information, comprising: one or more computer processors, one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising:” in claim 14 or “A computer program product for preventing disclosure of sensitive information, comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising:” in claim 25) only generally linking the use of the judicial exception to a particular technological environment or field of use – see MPEP 2106.05(h). The claim(s) is/are not patent eligible.  
The Examiner also notes that claim 25 is also still directed towards signals per se and thus also not patent eligible.  
Applicants argue that the Steinberg reference does not anticipate the ability to determine that the first and second portions of information are relevant and together disclose an item of sensitive information; however, again, the Examiner respectfully disagrees.  As noted in the previous interview, and after final advisory action, Steinberg discloses the ability to analyze the pieces of information (regardless of format) together or in combination (emphasis added) in order to determine whether or not together or in combination cause a problem (i.e. sensitive information) for an individual, organization or object (see Steinberg ¶154-¶227 for working examples of how information is able to be combined).  Steinberg explicitly states “In the preferred embodiment, the DSS is configured to analyze some or all of the various forms of data listed above, and determine whether the analyzed piece of information, together or in combination with other pieces of information, may cause a problem to an individual, organization, or object. Items of pertinent information that, in some embodiments, are analyzed by the DSS, may include information relating to human beings (such as their names, nicknames, visual appearance, weight, voice, age, location, sex, education level, title, patterns of behavior, preferences, medical history, life history, family relationships, residence, travels, and other data), or organizations (such as their names, abbreviations, associations, ownership, industry type, activities, products, services, management, age, governance, political activities, market presence, geographic presence, employees, and other data). These items of information are not provided as an exclusive list--rather, they are provided as an illustration of different types of data and information that the DSS may analyze while safeguarding users from potentially problematic or dangerous information being posted online or on social media. One of ordinary skill in the art will recognize that information of any sort, including images, video, audio, textual content, contextual data, geographic data, location, proximity, movement, chronological data, time, date, metadata, various data patterns, encrypted data, social media actions, user actions, user inaction, user selections, user omissions, patterns of user behavior, or the appearance of any of the above, may, in certain situations pose problems to an individual or organization if publicly disclosed. Further, in some embodiments, the DSS may be configured to detect connections and/or relationships between distinct types of information, further improving its ability to detect the existence of problematic information. Therefore, the DSS need not be limited to analyzing a single piece of information, or a collection of homogenous pieces of information, but can rather build a more comprehensive picture that reveals problems that cannot be detected by focusing on a single data point (Steinberg ¶154)” and “Each item listed below can be used by itself or in combination with others. This list is not intended to be comprehensive or exhaustive, but to provide some examples of situations that can be addressed by the DSS, and rules that can be set up to guide the DSS in its functions. Other examples appear throughout this specification. Each occurrence of a variable or indicator listed below, may be addressed by the DSS pursuant to one or more rules, for example by deletion, quarantine, modification, ignoring, performing an action this time only, performing one action this time and a different action next time, addressing and notifying all parties involved, as well as taking other actions disclosed earlier (Steinberg ¶155)" which clearly reads upon the newly claimed limitations, requiring the ability to determine a combination of a first and second pieces (which may be incomplete) of information deemed relevant do disclose some sort of sensitive information together.  Still further, a working example in Steinberg mentions "If a person mentions schools, camps, day care, or other youth programs that his/her children--or other children with whom he/she is associated--with information that may indicate the time that the child arrives at or leaves the facility as well as the time that the parent is away, this may increase the risk of a kidnapper or pedophile targeting these children, or may make a potential burglar aware of a time window during which the user's home or someone else's home may be empty thereby making it a good burglary target. Scan for relevant information, analyze, and address (Steinberg ¶167)" which is able to determine that there is not only 1 piece of relevant information but several--schools, camps, day care, or other youth programs that his/her children being 1 (one); with information that may indicate the time that the child arrives at or leaves the facility being 2 (two); and as well as the time that the parent is away being 3 (three).  While these pieces of information might be harmless on their own (i.e. incomplete activities of an entire family), in combination (emphasis added), the propose a risk, threat, or potentially are problematic.  Steinberg is clearly able to analyze data with context (i.e. categorize) for what, in combination, is a disclosure of sensitive information.  Steinberg even discloses how the pattern recognition is able to be done as a user is typing in real time, prior to even posting (Steinberg ¶125).  As such the arguments are not persuasive and the rejection not overcome. 
In response to arguments in reference to any depending claims that have not been individually addressed, all rejections made towards these dependent claims are maintained due to a lack of reply by the Applicants in regards to distinctly and specifically pointing out the supposed errors in the Examiner's prior office action (37 CFR 1.111). The Examiner asserts that the Applicants only argue that the dependent claims should be allowable because the independent claims are unobvious and patentable over the prior art.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-6, 8-18 and 21-27 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.  The claims are directed to a process (an act, or series of acts or steps), a machine (a concrete thing, consisting of parts, or of certain devices and combination of devices), and a manufacture (an article produced from raw or prepared materials by giving these materials new forms, qualities, properties, or combinations, whether by hand labor or by machinery). Thus, each of the claims falls within one of the four statutory categories (Step 1).  However, the claim(s) recite(s) extracting, a first information portion from a first post, the first information portion comprising a first incomplete part of an item of sensitive information; determining, that the first information portion is relevant to a category of sensitive information; extracting, a second information portion from a second post, the second information portion comprising a second incomplete part of an item of sensitive information that, when combined with the first information portion, discloses the item of sensitive information; determining, that the second information portion is relevant to the category of sensitive information; responsive to determining that the first information portion and the second information portion are each relevant to the category of sensitive information, determining, that a combination of the first information portion and the second information portion discloses the item of sensitive information; and responsive to determining that the combination of the first information portion and the second information portion discloses the item of sensitive information, performing, by one or more processors, an action on the first post which is an abstract idea of a mental process and/or certain methods of organizing human activities.
The limitations of “extracting, a first information portion from a first post, the first information portion comprising a first incomplete part of an item of sensitive information; determining, that the first information portion is relevant to a category of sensitive information; extracting, a second information portion from a second post, the second information portion comprising a second incomplete part of an item of sensitive information that, when combined with the first information portion, discloses the item of sensitive information; determining, that the second information portion is relevant to the category of sensitive information; responsive to determining that the first information portion and the second information portion are each relevant to the category of sensitive information, determining, that a combination of the first information portion and the second information portion discloses the item of sensitive information; and responsive to determining that the combination of the first information portion and the second information portion discloses the item of sensitive information, performing, by one or more processors, an action on the first post,” as drafted, is a process that, under its broadest reasonable interpretation, covers a mental process—concepts performed in the human mind (including an observation, evaluation, judgment, opinion) and/or organizing human activities--fundamental economic principles or practices (including hedging, insurance, mitigating risk); commercial or legal interactions (including agreements in the form of contracts; legal obligations; advertising, marketing or sales activities or behaviors; business relations); managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions) but for the recitation of generic computer components (Step 2A Prong 1).  That is, other than reciting “by one or more processors,” (or “A computer system for preventing disclosure of sensitive information, comprising: one or more computer processors, one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising:” in claim 14 or “A computer program product for preventing disclosure of sensitive information, comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising:” in claim 25) nothing in the claim element precludes the step from practically being performed in the mind and/or from the methods of organizing human interactions grouping.  For example, but for the “by one or more processors” language, all of the “extracting” “determining” and “responsive to the determining” steps in the context of this claim encompasses the user manually reading portions of content and making a mental judgement on said content as to whether or not the content is sensitive (i.e. editing or proof reading posting information and making a mental judgement upon such information).  Similarly, the limitations in the context of this claim encompasses the user collecting and analyzing posted content or information which is managing personal behavior such as interactions or social activities.  If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind and/or certain methods of organizing human activities but for the recitation of generic computer components, then it falls within the “Mental Processes” and/or “Certain Methods of Organizing Human Activities” grouping of abstract ideas. Accordingly, the claim(s) recite(s) an abstract idea.
This judicial exception is not integrated into a practical application (Step 2A Prong Two). In particular, the claim only recites one additional element – using one or more processors to perform the steps. The one or more processors in the steps is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of gathering information and comparing information) such that it amounts no more than mere instructions to apply the exception using a generic computer component.  Specifically the claims amount to nothing more than an instruction to apply the abstract idea using a generic computer or invoking computers as tools by adding the words “apply it” (or an equivalent) with the judicial exception, or mere instructions to implement an abstract idea on a computer, or merely uses a computer as a tool to perform an abstract idea - see MPEP 2106.05(f).  The claims recitation of the “one or more processors” (or “A computer system for preventing disclosure of sensitive information, comprising: one or more computer processors, one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising:” in claim 14 or “A computer program product for preventing disclosure of sensitive information, comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising:” in claim 25) only generally linking the use of the judicial exception to a particular technological environment or field of use – see MPEP 2106.05(h).  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. The claim is directed to an abstract idea, even when considered as a whole. 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception (Step 2B).  As discussed above with respect to integration of the abstract idea into a practical application (Step 2A Prong 2), the additional element of using one or more processors to perform the steps amounts to no more than mere instructions to apply the exception using a generic computer component.  Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim(s) is/are not patent eligible, even when considered as a whole.
Claims 2 and 15 are dependent on claims 1 and 14 and include all the limitations of claims 1 and 14.  Therefore, claims 2 and 15 recite the same abstract idea as noted above.  The claim recites the additional limitations to include a storage system which is not an inventive concept that meaningfully limits the abstract idea.  Again, as discussed with respect to claims 1, 13, 14, and 25, the claims are simply limitations which are no more than mere instructions to apply the exception using a computer or with computing components.  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Even when considered as a whole, the claims do not integrate the judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B. 
Claims 3-6, 8-9, 16-18, 12-22, and 26-27 are dependent on claims 1 and 14 and include all the limitations of claims 1 and 14.  Therefore, claims  3-6, 8-9, 16-18, 12-22, and 26-27 recite the same abstract idea as noted above.  The claim recites the additional limitations which either further limit how the abstract idea is performed or are still directed towards the same abstract idea, which is not an inventive concept that meaningfully limits the abstract idea.  Again, as discussed with respect to claims 1, 13, 14, and 25, the claims are simply limitations which are no more than mere instructions to apply the exception using a computer or with computing components.  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Even when considered as a whole, the claims do not integrate the judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B.
Claims 10-12 and 23-24 are dependent on claims 1 and 14 and include all the limitations of claims 1 and 14.  Therefore, claims 10-12 and 23-24 recite the same abstract idea as noted above.  The claim recites the additional limitations that are directed towards organizing human activities, which is not an inventive concept that meaningfully limits the abstract idea.  Again, as discussed with respect to claims 1, 13, 14, and 25, the claims are simply limitations which are no more than mere instructions to apply the exception using a computer or with computing components.  Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Even when considered as a whole, the claims do not integrate the judicial exception into a practical application at Step 2A or provide an inventive concept in Step 2B.
Claims 1-6, 8-18 and 21-27 are therefore not eligible subject matter, even when considered as a whole.

Regarding claim 25, the claim recites "A computer program product for preventing disclosure of sensitive information, comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media, the program instructions comprising:" Applicant's specification does not set forth what constitutes one or more computer readable storage media nor does it bifurcate from being tangible or non-tangible. Therefore, in accordance with MPEP 2111.01 and the USPTO's "Subject Matter Eligibility of Computer Readable Media" memorandum dated January 26, 2010, and located at http://www.uspto.gov/patent/law/notices/101_crm_20100127.pdf, in view of the ordinary and customary meaning, a computer readable storage media includes signals per se. Thus, the computer readable storage media is considered to be non- statutory subject matter.  See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007) and Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 U.S.C. 101, Aug 24, 2009, p. 2.  The Examiner recommends that Applicant amend claim 25 to recite " A computer program product comprising: one or more non-transitory computer readable storage media, and program instructions collectively stored on the one or more non-transitory computer readable storage media, the program instructions comprising:..."

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1-6, 8-18 and 21-27 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Steinberg et al. (US PG Pub. 2013/0340089).

As per claims 1, 13, 14, and 25, Steinberg discloses a computer-implemented method, system and computer program product comprising one or more computer processors, one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising: the method comprising (system, method, Steinberg Abstract; app or other program that runs on a computer, ¶38-¶45; modules, processors, Steinberg ¶93-¶94): 
extracting, by one or more processors, a first information portion from a first post, the first information portion comprising a first incomplete part of an item of sensitive information (As previously introduced, scanning refers to the process or mechanism for detecting various, potentially harmful, items of information relating to a user that are about to be, or have already been, posted online. Scanning may be implemented using one or more modules illustrated in FIGS. 11 and 12. From an implementation and configuration perspective, scanning may be done in real time as a user enters information into a social media site; in batch mode; constantly; when contacts are added; when specific actions are taken; when events are viewed or agreed to; when a user confirms information; when profile information is added or modified for the user or for a contact; when a communication is received; in a combination of the above, or based on other triggers, Steinberg ¶119; the DSS is capable of scanning not only messages and other information shared by the protected user, but also, as introduced earlier, but also scanning of messages and other information shared by another user that may impact the protected user. In other words, the DSS may be configured to scan all social media, and other publicly available information, that implicates the protected user, and not just comments posted by the protected user. Furthermore, the DSS may be configured to expand its scanning profile to include items that by themselves do not trigger any of the set rules, such as, for example, by noticing that a large number of objectionable comments were caused by a seemingly innocuous original post, ¶122); 
determining, by one or more processors, that the first information portion is relevant to a category of sensitive information (the system warns users that their `sharing` request contains potentially harmful information. In another embodiment, the system automatically or with user input removes, adds, or modifies uploaded data, multimedia, or other items. The system may also delay sharing or quarantine `shared` data based on certain rules and analysis. In another embodiment, the invention may also scan other Internet venues for potentially harmful data, Steinberg ¶27; rule sets, ¶87, ¶101-¶102, ¶137-¶144, and ¶154; how the rules establish variables and indicators, ¶155-¶206; Thus, for example, Image Recognition Module 1210 ("IRM") may be a dedicated graphics board or software that sits idly until another DSS module feeds it with a photograph that a user wants to share on a social media site, and also with an image of a credit card that the DSS is configured to prevent from being publicly disclosed. This mode is referred to as "idle mode" herein. The IRM would scan the shared photograph, detect that the photograph also contains an image of the credit card, and report the finding to the DSS controller or other module, ¶94; see ¶8-¶18 discussing examples of information sharing that can lead to harmful consequences) (Examiner interprets the rule sets used by the recognition module as the equivalent to determining categories of sensitive information); 
extracting, by one or more processors, a second information portion from a second post, the second information portion comprising a second incomplete part of an item of sensitive information that, when combined with the first information portion, discloses the item of sensitive information (the DSS is capable of scanning not only messages and other information shared by the protected user, but also, as introduced earlier, but also scanning of messages and other information shared by another user that may impact the protected user. In other words, the DSS may be configured to scan all social media, and other publicly available information, that implicates the protected user, and not just comments posted by the protected user. Furthermore, the DSS may be configured to expand its scanning profile to include items that by themselves do not trigger any of the set rules, such as, for example, by noticing that a large number of objectionable comments were caused by a seemingly innocuous original post, Steinberg ¶122; In the preferred embodiment, the DSS is configured to analyze some or all of the various forms of data listed above, and determine whether the analyzed piece of information, together or in combination with other pieces of information, may cause a problem to an individual, organization, or object. Items of pertinent information that, in some embodiments, are analyzed by the DSS, may include information relating to human beings (such as their names, nicknames, visual appearance, weight, voice, age, location, sex, education level, title, patterns of behavior, preferences, medical history, life history, family relationships, residence, travels, and other data), or organizations (such as their names, abbreviations, associations, ownership, industry type, activities, products, services, management, age, governance, political activities, market presence, geographic presence, employees, and other data). These items of information are not provided as an exclusive list--rather, they are provided as an illustration of different types of data and information that the DSS may analyze while safeguarding users from potentially problematic or dangerous information being posted online or on social media. One of ordinary skill in the art will recognize that information of any sort, including images, video, audio, textual content, contextual data, geographic data, location, proximity, movement, chronological data, time, date, metadata, various data patterns, encrypted data, social media actions, user actions, user inaction, user selections, user omissions, patterns of user behavior, or the appearance of any of the above, may, in certain situations pose problems to an individual or organization if publicly disclosed. Further, in some embodiments, the DSS may be configured to detect connections and/or relationships between distinct types of information, further improving its ability to detect the existence of problematic information. Therefore, the DSS need not be limited to analyzing a single piece of information, or a collection of homogenous pieces of information, but can rather build a more comprehensive picture that reveals problems that cannot be detected by focusing on a single data point, ¶154); 
determining, by one or more processors, that the second information portion is relevant to the category of sensitive information (the DSS may be configured to detect connections and/or relationships between distinct types of information, further improving its ability to detect the existence of problematic information. Therefore, the DSS need not be limited to analyzing a single piece of information, or a collection of homogenous pieces of information, but can rather build a more comprehensive picture that reveals problems that cannot be detected by focusing on a single data point, Steinberg ¶154); 
responsive to determining that the first information portion and the second information portion are each relevant to the category of sensitive information, determining, by one or more processors, that a combination of the first information portion and the second information portion discloses the item of sensitive information (Depending on the rules that the user has accepted as part of his or her configuration, and based on the actions the user has set for those rules, the invention might, for example, flag a post about the user picking up his daughter at day care as risky and prompt the user what to do with it. Based on the scan, the DSS might remove a user's comment that contains a vulgarity as well as send a message to the user who used the vulgarity (via private Facebook messaging, for example) that the comment was removed automatically by the DSS due to containing vulgarity and that he or she is invited to both re-comment without the vulgarity as well as utilize the invention for his own security. In another example of scanning, the system may note that a check-in, posting, or a photo that the user has posted (e.g., with geotagging or with images of recognizable places), is showing the user 1,000 miles away from home and taken on the day of the posting and warn him that it may be safe to post this once he has returned home rather than while away (or may automatically delay the post until the user "checks in" or notes that he is back home or closer to home), while allowing without warning a check-in, posting, or photo taken 1,000 miles away but taken two days earlier when the user has already made postings from home again. In other examples of implementation, if a user attempts to post something controversial, the DSS may warn him before allowing the post to even be made--not just by scanning reactively, but also proactively preventing "bad" materials from ever appearing in the social media altogether. Of course, numerous other items may be scanned for and addressed by the DSS on Facebook, Twitter, Instagram, SnapChat, Tumblr, Pinterest, Foursquare, Google+, and other social media sites, as discussed in the rules section below. Likewise the invention can be used to scan blogs--the posts and associated comments--and other forms of quasi-social-media for the same types of issues as exist with "pure" social media, Steinberg ¶121; combinations, ¶154-¶155); and
responsive to determining that the combination of the first information portion and the second information portion discloses the item of sensitive information, performing, by one or more processors, an action on the first post (Depending on the rules that the user has accepted as part of his or her configuration, and based on the actions the user has set for those rules, the invention might, for example, flag a post about the user picking up his daughter at day care as risky and prompt the user what to do with it. Based on the scan, the DSS might remove a user's comment that contains a vulgarity as well as send a message to the user who used the vulgarity (via private Facebook messaging, for example) that the comment was removed automatically by the DSS due to containing vulgarity and that he or she is invited to both re-comment without the vulgarity as well as utilize the invention for his own security. In another example of scanning, the system may note that a check-in, posting, or a photo that the user has posted (e.g., with geotagging or with images of recognizable places), is showing the user 1,000 miles away from home and taken on the day of the posting and warn him that it may be safe to post this once he has returned home rather than while away (or may automatically delay the post until the user "checks in" or notes that he is back home or closer to home), while allowing without warning a check-in, posting, or photo taken 1,000 miles away but taken two days earlier when the user has already made postings from home again. In other examples of implementation, if a user attempts to post something controversial, the DSS may warn him before allowing the post to even be made--not just by scanning reactively, but also proactively preventing "bad" materials from ever appearing in the social media altogether. Of course, numerous other items may be scanned for and addressed by the DSS on Facebook, Twitter, Instagram, SnapChat, Tumblr, Pinterest, Foursquare, Google+, and other social media sites, as discussed in the rules section below. Likewise the invention can be used to scan blogs--the posts and associated comments--and other forms of quasi-social-media for the same types of issues as exist with "pure" social media, Steinberg ¶121; see also ¶87, ¶110, ¶155, and Fig. 20 for examples of actions performed).

As per claims 2 and 15, Steinberg discloses as shown above with respect to claims 1 and 15.  Steinberg further discloses providing, by one or more processors, a storage system having a plurality of data buckets, each data bucket corresponding to a defined category in which information portions are stored for analysis (The Recognition Module embodiment illustrated in FIG. 12 comprises rule sets which provide criteria by which patterns in user data may be detected, and based on which actions may be taken. In other embodiments, the rule sets may be an independent module, of their own. Indeed, an entire database server may be dedicated to storing and providing rule sets upon request to the DSS. Further, the rule sets may be split into separate types of rules, such as, for example, rules for pattern recognition in user data, and rules pursuant to which the DSS makes decisions of what to do with user data that may, or may not, trigger a condition.  The Rule Sets 1280 illustrated in FIG. 12 may comprise different types of rules, including Administrator Defined Rules 1282 ("ADRs"), User Defined Rules 1284 ("UDRs"), and Custom Rules 1286 ("CRs"). ADRs are configured by administrators of the DSS, such as a network administrator at a Fortune 500 company that has implemented a DSS embodiment. UDRs provide users with an opportunity to configure their own safeguarding rules. CRs may include other types of rules, such as rules created by the DSS as part of predictive scanning Various Rule Sets are described in detail further in the specification, Steinberg ¶101-¶102; Analysis can include looking at geotag/check-in information, the actual text, metadata that comes along with pictures, and any other information visible, or invisible to users, that Facebook relays with the update. Combinations of strings may also be detected. So, for example, "pot" may not set off an alert unless words like "grow," "smoke," or related terms and conjugations appear in the same quote, will not flag as an issue if the word "cook" or "stove" or other terms that indicate that the "pot" in question is not marijuana appears in the text, but will appear if other indications (such as the results of natural language processing algorithms) indicate that the content is referring to marijuana and not a cooking pot. Pictures may be analyzed using a facial recognition algorithm, fleshtone detections (too high a percentage of fleshtones coupled with shape recognition can indicate sexual content), object identification algorithms, and other image processing technologies that are widely available. Likewise picture captions, hashtags associated with it, comments associated with it, and other text-based content that comes along with it can be analyzed to provide an indication as to whether the image is objectionable, ¶109; see also how the rules establish variables and indicators, ¶155-¶206) (Examiner notes the creation and storage of the information available for the context of the objectionable aspect as the buckets).

As per claims 3 and 16, Steinberg discloses as shown above with respect to claims 1 and 15.  Steinberg further discloses gathering, by one or more processors, information portions for populating the data buckets from a set of posts posted via one or more platform sources, the set of posts associated with the entity (Analysis can include looking at geotag/check-in information, the actual text, metadata that comes along with pictures, and any other information visible, or invisible to users, that Facebook relays with the update. Combinations of strings may also be detected. So, for example, "pot" may not set off an alert unless words like "grow," "smoke," or related terms and conjugations appear in the same quote, will not flag as an issue if the word "cook" or "stove" or other terms that indicate that the "pot" in question is not marijuana appears in the text, but will appear if other indications (such as the results of natural language processing algorithms) indicate that the content is referring to marijuana and not a cooking pot. Pictures may be analyzed using a facial recognition algorithm, fleshtone detections (too high a percentage of fleshtones coupled with shape recognition can indicate sexual content), object identification algorithms, and other image processing technologies that are widely available. Likewise picture captions, hashtags associated with it, comments associated with it, and other text-based content that comes along with it can be analyzed to provide an indication as to whether the image is objectionable, Steinberg ¶109).

As per claims 4 and 17, Steinberg discloses as shown above with respect to claims 1 and 15.  Steinberg further discloses wherein determining that the combination of the first information portion and the second information portion  discloses the item of sensitive information comprises: comparing, by one or more processors, the combination of the first information portion and the second information portion to a set of criteria; and evaluating, by one or more processors, whether the combination of the first information portion and the second information portion provides a complete set of data for the item of sensitive information (Depending on the rules that the user has accepted as part of his or her configuration, and based on the actions the user has set for those rules, the invention might, for example, flag a post about the user picking up his daughter at day care as risky and prompt the user what to do with it. Based on the scan, the DSS might remove a user's comment that contains a vulgarity as well as send a message to the user who used the vulgarity (via private Facebook messaging, for example) that the comment was removed automatically by the DSS due to containing vulgarity and that he or she is invited to both re-comment without the vulgarity as well as utilize the invention for his own security. In another example of scanning, the system may note that a check-in, posting, or a photo that the user has posted (e.g., with geotagging or with images of recognizable places), is showing the user 1,000 miles away from home and taken on the day of the posting and warn him that it may be safe to post this once he has returned home rather than while away (or may automatically delay the post until the user "checks in" or notes that he is back home or closer to home), while allowing without warning a check-in, posting, or photo taken 1,000 miles away but taken two days earlier when the user has already made postings from home again. In other examples of implementation, if a user attempts to post something controversial, the DSS may warn him before allowing the post to even be made--not just by scanning reactively, but also proactively preventing "bad" materials from ever appearing in the social media altogether. Of course, numerous other items may be scanned for and addressed by the DSS on Facebook, Twitter, Instagram, SnapChat, Tumblr, Pinterest, Foursquare, Google+, and other social media sites, as discussed in the rules section below. Likewise the invention can be used to scan blogs--the posts and associated comments--and other forms of quasi-social-media for the same types of issues as exist with "pure" social media, Steinberg ¶121; see also ¶109, ¶137-¶144; how the rules establish variables and indicators, ¶155-¶206).

As per claims 5 and 18, Steinberg discloses as shown above with respect to claims 1 and 15.  Steinberg further discloses wherein the first post is posted and the first post includes a selection from the group consisting of: a text post, an image, a video, and an audio clip (FIG. 12 illustrates Recognition Module 1200, which is shown as module 1130 in FIG. 11. The primary purpose of Recognition Module 1200 is to scan user requests to share or upload data and to detect various patterns or items of information that the DSS is configured to safeguard. In some embodiments, Recognition Module 1200 is also configured to apply rule sets, or to compare user requests to share or upload data with various rules. Recognition Module 1200 may itself comprise one or more modules, such as Image Recognition Module 1210, Optical Character Recognition Module 1220, Encryption Recognition Module 1230, Text Recognition Module 1240, Sound Recognition Module 1250, and Pattern Recognition Module 1260. As noted above, in some embodiments, Recognition Module 1200 may also comprise one or more Rule Sets 1280, Steinberg ¶93).

As per claim 6, Steinberg discloses as shown above with respect to claim 1.  Steinberg further discloses wherein extracting the first information portion comprises a selection from the group consisting of: text extraction, image recognition, image scraping, optical character recognition, sound to text processing, natural language processing, and metadata extraction (FIG. 12 illustrates Recognition Module 1200, which is shown as module 1130 in FIG. 11. The primary purpose of Recognition Module 1200 is to scan user requests to share or upload data and to detect various patterns or items of information that the DSS is configured to safeguard. In some embodiments, Recognition Module 1200 is also configured to apply rule sets, or to compare user requests to share or upload data with various rules. Recognition Module 1200 may itself comprise one or more modules, such as Image Recognition Module 1210, Optical Character Recognition Module 1220, Encryption Recognition Module 1230, Text Recognition Module 1240, Sound Recognition Module 1250, and Pattern Recognition Module 1260. As noted above, in some embodiments, Recognition Module 1200 may also comprise one or more Rule Sets 1280, Steinberg ¶93).

As per claims 8 and 21, Steinberg discloses as shown above with respect to claims 1 and 15.  Steinberg further discloses accessing, by one or more processors, a storage system with categories, including the category, of sensitive information storing information portions relevant to the respective category; analyzing, by one or more processors, the category's respective information portions to determine a missing information portion needed to combine with an existing information portion to create a combination that discloses sensitive information; and for each additional post associated with the entity, extracting, by one or more processors, one or more additional information portions and matching the one or more additional information portions to the missing information portion (Analysis can include looking at geotag/check-in information, the actual text, metadata that comes along with pictures, and any other information visible, or invisible to users, that Facebook relays with the update. Combinations of strings may also be detected. So, for example, "pot" may not set off an alert unless words like "grow," "smoke," or related terms and conjugations appear in the same quote, will not flag as an issue if the word "cook" or "stove" or other terms that indicate that the "pot" in question is not marijuana appears in the text, but will appear if other indications (such as the results of natural language processing algorithms) indicate that the content is referring to marijuana and not a cooking pot. Pictures may be analyzed using a facial recognition algorithm, fleshtone detections (too high a percentage of fleshtones coupled with shape recognition can indicate sexual content), object identification algorithms, and other image processing technologies that are widely available. Likewise picture captions, hashtags associated with it, comments associated with it, and other text-based content that comes along with it can be analyzed to provide an indication as to whether the image is objectionable, ¶109; see also how the rules establish variables and indicators, ¶155-¶206).

As per claims 9 and 22, Steinberg discloses as shown above with respect to claims 8 and 21.  Steinberg further discloses monitoring, by one or more processors, posts for the missing information portion (scanning refers to the process or mechanism for detecting various, potentially harmful, items of information relating to a user that are about to be, or have already been, posted online. Scanning may be implemented using one or more modules illustrated in FIGS. 11 and 12. From an implementation and configuration perspective, scanning may be done in real time as a user enters information into a social media site; in batch mode; constantly; when contacts are added; when specific actions are taken; when events are viewed or agreed to; when a user confirms information; when profile information is added or modified for the user or for a contact; when a communication is received; in a combination of the above, or based on other triggers, Steinberg ¶119).

As per claims 10 and 23, Steinberg discloses as shown above with respect to claims 1 and 15.  Steinberg further discloses providing, by one or more processors, a notification of disclosure of the sensitive information to the entity (notify user, Steinberg ¶104; notification methods selected by the user, ¶110; see also Fig. 20 and ¶134; see also ¶137-¶144 regarding notifications).

As per claims 11 and 24, Steinberg discloses as shown above with respect to claims 1 and 15.  Steinberg further discloses defining, by one or more processors, a new category of sensitive information based on content of posts associated with the entity (administrator defined rules, Steinberg ¶102; An organization/business producing rules for employees, a parent, or a regular user may establish custom terms for which scanning should occur. This may include positive match terms (if found there may be an issue so notify) or negative match (even though such terms match another rule ignore the match and do not notify). For a business, for example, positive match terms may include keywords, acronyms, competitor info, key personnel names, tickers, names of firms with which businesses is being conducted, M&A targets, potential acquirers, partners, product names, contemplated product names, locations related to the business, conferences related to the business, meetings related to the business, names of potential hires, government terms related to the business or potential challenges to the business such as the name of an auditor, internal names of systems, procedures, and teams, payroll info, and employee info and names. An example of a negative term--one that should be ignored even though it matches on other rules--might be various medical terms if the user is a doctor--the terms might be sensitive for a patient to disclose, but a doctor writing an article about treating the condition wants publicity, not privacy. An instantiation of the invention in the case of a parent would be the parent putting the name of someone with whom he does not wish his child to associate as a positive term, ¶227).

As per claim 12, Steinberg discloses as shown above with respect to claim 1.  Steinberg further discloses flagging, by one or more processors, posts for analysis based on analysis of each post's subject being relevant to potentially sensitive information (flag/not flag, Steinberg ¶109; flag post, ¶121; see also ¶129-¶130 and ¶136).

As per claim 26, Steinberg discloses as shown above with respect to claim 1.  Steinberg further discloses wherein the action is blurring at least one information portion from the first post (Depending on the rules that the user has accepted as part of his or her configuration, and based on the actions the user has set for those rules, the invention might, for example, flag a post about the user picking up his daughter at day care as risky and prompt the user what to do with it. Based on the scan, the DSS might remove a user's comment that contains a vulgarity as well as send a message to the user who used the vulgarity (via private Facebook messaging, for example) that the comment was removed automatically by the DSS due to containing vulgarity and that he or she is invited to both re-comment without the vulgarity as well as utilize the invention for his own security. In another example of scanning, the system may note that a check-in, posting, or a photo that the user has posted (e.g., with geotagging or with images of recognizable places), is showing the user 1,000 miles away from home and taken on the day of the posting and warn him that it may be safe to post this once he has returned home rather than while away (or may automatically delay the post until the user "checks in" or notes that he is back home or closer to home), while allowing without warning a check-in, posting, or photo taken 1,000 miles away but taken two days earlier when the user has already made postings from home again. In other examples of implementation, if a user attempts to post something controversial, the DSS may warn him before allowing the post to even be made--not just by scanning reactively, but also proactively preventing "bad" materials from ever appearing in the social media altogether. Of course, numerous other items may be scanned for and addressed by the DSS on Facebook, Twitter, Instagram, SnapChat, Tumblr, Pinterest, Foursquare, Google+, and other social media sites, as discussed in the rules section below. Likewise the invention can be used to scan blogs--the posts and associated comments--and other forms of quasi-social-media for the same types of issues as exist with "pure" social media, Steinberg ¶121; see also ¶87, ¶110, ¶155, and Fig. 20 for examples of actions performed).

As per claim 27, Steinberg discloses as shown above with respect to claim 1.  Steinberg further discloses wherein: the first information portion comprises a first string of characters; the second information portion comprises a second string of characters; and determining that the combination of the first information portion and the second information portion discloses the item of sensitive information comprises: combining, by one or more processors, the first string of characters and the second string of characters to determine the item of sensitive information, the combining further comprising eliminating, by one or more processors, a repetition of at least one character overlapping both the first string of characters and the second string of characters (One of ordinary skill in the art will recognize that information of any sort, including images, video, audio, textual content, contextual data, geographic data, location, proximity, movement, chronological data, time, date, metadata, various data patterns, encrypted data, social media actions, user actions, user inaction, user selections, user omissions, patterns of user behavior, or the appearance of any of the above, may, in certain situations pose problems to an individual or organization if publicly disclosed. Further, in some embodiments, the DSS may be configured to detect connections and/or relationships between distinct types of information, further improving its ability to detect the existence of problematic information. Therefore, the DSS need not be limited to analyzing a single piece of information, or a collection of homogenous pieces of information, but can rather build a more comprehensive picture that reveals problems that cannot be detected by focusing on a single data point, Steinberg ¶154; In one embodiment, the DSS secures by addressing any item that is used as part of authentication questions (i.e., challenge questions) that can be discerned from social media directly or indirectly by either modifying it, removing it, quarantining it, limiting its exposure to parties that pose no risk or already have the information, or allowing the user to do with it what he wants after making him cognizant of the risks inherent is sharing this information, ¶165).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW B WHITAKER whose telephone number is (571)270-7563.  The examiner can normally be reached on M-F, 8am-5pm, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached on (571) 272-6782.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANDREW B WHITAKER/Primary Examiner, Art Unit 3629