DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1, 2, 7, 10-12, 17 and 19 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Chacko et al. (US 2014/0283127).
Regarding claim 1, Chacko et al. disclose a method comprising:
Detecting, by a client device, a request to access content located on a remote server (Paragraph 0016, client 102 accessing web application residing on a web server);
Determining, by the client device, that the requested content includes sensitive information (Paragraph 0017, interceptor module 101 present in client 102 determines sensitive data in the web application accessed by the client 102; Figure 3 step 302, identify the sensitive data fields) based on a profile associated with the client device (Paragraphs 0022, 0028, policies set by user for masking sensitive data) and a context in which the content is being accessed (Paragraphs 0015 and 0042, authorized and restricted access for visibility of information; Paragraph 0017, sensitive data is visible only to authenticated entities [authorization and authentication correspond to context of access by the client]);
Modifying, by the client device, the requested content in response to the determination that the content includes sensitive information (Paragraphs 0017-0018, inceptor module 101 present in client 102 modifies the sensitive data by masking the sensitive data to replace it with an identifier or distort an image or video with blurring or watermarking; Figure 3 step 304, mask the sensitive data); and
Providing, by client device, access to modified content in place of the requested content that includes the sensitive information (Figure 3 step 305, send masked traffic to the client).
Regarding claim 2, Chacko et al. disclose wherein the determination that the requested content includes sensitive information is further based on metadata associated with the content (Paragraph 0028, structure of the traffic used to determine sensitive data. Type [i.e. data to be replaced by an identifier, image data, video date] of sensitive data is considered to determine how to mask the sensitive data).
Regarding claim 7, Chacko et al. disclose wherein the detection of the access to the requested content located on the remote server and the determination the requested content includes sensitive information is performed by a browser application of the client device (Paragraphs 0017-0018, inceptor 101 present in client 102 intercepts HTTP/HTTPS traffic at the network layer to detect access and to determine sensitive data).
Regarding claim 10, Chacko et al. disclose wherein the request to access the content includes a request to upload, download, share, copy, or paste the content (Figure 3 comprises downloading of content in view of step 305; Figure 4 comprises uploading of content in view of step 405).
Regarding claim 11, Chacko et al. disclose a device (Figure 2, interceptor 101 according to paragraph 0017) comprising:
A memory (Figure 2 memory 204); and
A processor coupled to the memory (Figure 2 controller 201 coupled to memory 204 according to paragraph 0028) and configured to:
Access content of an application, the content including sensitive information, and the content being executable on a remote computing device (Paragraphs 0016-0018, client 102 [housing interceptor 101 according to paragraph 0017] accessing web application residing on a web server, the web application including sensitive data);
Detect the sensitive information of the content (Paragraph 0017, interceptor module 101 present in client 102 determines sensitive data in the web application accessed by the client 102; Figure 3 step 302, identify the sensitive data fields) based on at least one of a user profile (Paragraphs 0022, 0028, policies set by user for masking sensitive data) and a context in which the content is being accessed (Paragraphs 0015 and 0042, authorized and restricted access for visibility of information; Paragraph 0017, sensitive data is visible only to authenticated entities [authorization and authentication correspond to context of access by the client]); and
Modify the content in response to the detection of sensitive information (Paragraphs 0017-0018, inceptor module 101 present in client 102 modifies the sensitive data by masking the sensitive data to replace it with an identifier or distort an image or video with blurring or watermarking; Figure 3 step 304, mask the sensitive data), the modification enabling the computing device to replicate security controls applicable to users of the application (Paragraphs 0015 and 0042, authorized and restricted access for visibility of information; Paragraph 0017, masking, sensitive data is visible only to authenticated entities).
Regarding claim 12, Chacko et al. disclose wherein the processor is configured to detect the sensitive information of the content further based on metadata associated with the content (Paragraph 0028, structure of the traffic used to determine sensitive data. Type [i.e. data to be replaced by an identifier, image data, video date] of sensitive data is considered to determine how to mask the sensitive data).
Regarding claim 17, Chacko et al. disclose a browser application that, when executed by the process, is operable to detect sensitive information of the content and to modify the content in response to detection of the sensitive information (Paragraphs 0017-0018, inceptor 101 present in client 102 intercepts HTTP/HTTPS traffic at the network layer to detect and to mask sensitive data).
Regarding claim 19, Chacko et al. disclose a method comprising:
Detecting, by a gateway device, a request to access content stored on a remote server, the request being associated with a client device (Paragraph 0016, client 102 accessing web application residing on a web server; Paragraph 0017, interceptor module 101 present in an apparatus such as a proxy server [gateway] between client 102 and server 103, and intercepting the client’s accessing of the web application);
Determining, by the gateway device, that the requested content includes sensitive information (Paragraph 0017, interceptor module 101 present in an apparatus such as a proxy server [gateway] between client 102 and server 103 to determine sensitive data in the web application accessed by the client 102; Figure 3 step 302, identify the sensitive data fields) based on a user profile associated with the client device (Paragraphs 0022, 0028, policies set by user for masking sensitive data);
Modifying, by the gateway device, the requested content in response to the determination that the content includes sensitive information (Paragraphs 0017-0018, inceptor module 101 modifies the sensitive data by masking the sensitive data to replace it with an identifier or distort an image or video with blurring or watermarking; Figure 3 step 304, mask the sensitive data); and
Providing, by gateway device, access to the modified content in place of the requested content that includes the sensitive information (Figure 3 step 305, send masked traffic to the client).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 3, 4, 13, 14 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chacko et al. as applied to claims 1, 11 and 19 above, and further in view of Binkley et al. (US 2020/0349271).
Regarding claims 3, 13 and 20, Chacko et al. disclose the claimed invention above but do not specifically disclose the following limitations found in Binkley et al.: wherein the determination that the requested content includes sensitive information further includes analysis of the requested content using one or more models selected based on the user profile (Binkley et al., Paragraphs 0038, 0039 and 0043, analysis based on user profile and business process augments for access to sensitive information/data, the business process augments instructing about how to use metadata for sensitivity classification and for processing end-user requests. Also see sensitivity classification models).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chacko et al. with the teachings of Binkley et al. in order to uphold company policies in the management of sensitive information/data by properly identifying sensitive information/data (Binkley et al., Paragraph 0018).
Regarding claims 4 and 14, Blinkley et al. disclose selecting the one or more models (Paragraphs 0038, 0039, 0043) based on attributes of an organization with which the requested content is associated (Paragraph 0018, uphold company policies in the management of sensitive information/data by properly identifying sensitive information/data).

Claim(s) 5, 6, 15 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chacko et al. as applied to claims 1 and 11 above, and further in view of Welling et al. (US 2011/0258195).
Regarding claims 5 and 15, Chacko et al. disclose the claimed invention above but do not specifically disclose the following limitations found in Welling et al.: wherein the determination that the requested content includes sensitive information (Welling et al., Paragraphs 0019, 0026, 0027 and 0036, identification/extraction of sensitive data in documents) comprises: extracting text from the requested content (Welling et al., Paragraphs 0145 and 0164, extracting text), generating one or more feature vectors based on the extracted text (Welling et al., Paragraphs 0145 and 0163, image of each character as a feature vector), and using the one or more feature vectors and one or more trained models to detect the sensitive information of the requested content (Welling et al., Paragraphs 0145 and 0163, feature vector is passed into a classifier that was trained on multiple instances of each character stored in a trained image database; Paragraphs 0019, 0026, 0027 and 0036, identification/extraction of sensitive data in documents).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chacko et al. with the teachings of Welling et al. in order to prevent exposure of sensitive information in documents (Welling et al., Paragraphs 0019, 0026, 0027 and 0036).
Regarding claims 6 and 16, Welling et al. disclose wherein the extracting of the text from the requested content includes OCR to extract the text (Paragraphs 0145 and 0163, see OCR).

Claim(s) 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chacko et al. as applied to claims 7 and 17 above, and further in view of Scotney (US 2021/0021573).
Regarding claims 8 and 18, Chacko et al. disclose the claimed invention above but do not specifically disclose the following limitations found in Scotney: wherein the requested content is located within a SaaS application or the application is a SaaS application (Scotney, Paragraphs 0020, 0049, 0053, TPNS corresponds to a SaaS service that is being accessed by a client via a proxy service [see Figure 1] that modifies sensitive portions of content requested by the client [also see paragraphs 0081, 0084 and 0087]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chacko et al. with the teachings of Scotney in order to securely provide hosted services to client devices (Scotney, Paragraph 0002, …hosted services…).

Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chacko et al. as applied to claim 1 above, and further in view of Parthasarathy (US 2020/0311304).
Regarding claim 9, Chacko et al. disclose the claimed invention above but do not disclose the following limitations found in Parthasarathy: wherein the modification of the requested content includes a change to a document using an API, and the API being selected based on a file type of the content (Parthasarathy, Paragraphs 0033, 0063, 0086, 0115, sensitive data masked via an API, the data being of multiple data types accessible by one or more applications using templates based on application architecture).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Chacko et al. with the teachings of Parthasarathy in order to mask multiple types of data (Parthasarathy, Paragraphs 0033, 0063, 0086, 0115).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to OTIS L THOMPSON, JR whose telephone number is (571)270-1953. The examiner can normally be reached Monday - Friday, 6:30am - 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Gregory B Sefcheck can be reached on (571)272-3098. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/OTIS L THOMPSON, JR/Primary Examiner, Art Unit 2477                                                                                                                                                                                                        

June 3, 2022