Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Priority 
This application is a continuation-in-part of U.S. Pat. No. 10,511,605, issued on Dec. 17, 2019, filed on Jun. 1, 2016 as U.S. application Ser. No. 15/170,048. U.S. application Ser. No. 15/170,048 claims the benefit of U.S. Application No. 62/171,716 filed on Jun. 5, 2015.
DETAILED ACTION
This Office Action is in response to an amendment application received on 01/25/2022. In the amendment, applicant has cancelled claims 11 and 20. Claims 1-10 and 12-19 remain original. 
For this Office Action, claims 1-10 and 12-19 have been received for consideration and have been examined. 
Response to Arguments
Double Patenting 
	Applicant submitted Terminal Disclaimer on 01/25/2022 to overcome the Double Patenting rejection. The Terminal Disclaimed has been approved by the office. Therefore, this rejection has been withdrawn. 
Claim Rejection – 35 USC § 112
	Applicant has cancelled claims 11 and 20 and therefore this rejection has been withdrawn.  

Claim Rejection – 35 USC § 103
Applicant’s arguments, filed 01/25/2022, with respect to rejection of claims under 35 USC § 103 have been fully considered and are persuasive.  The rejection has been withdrawn. 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

Claims 1-10 are rejected under 35 U.S.C. 112(a), as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, at the time the application was filed, had possession of the claimed invention.
Independent claim 1 recites 
“a non-transitory computer readable medium of an accessing device storing an executable program configured to be executable by a processor of the accessing device”; and
a non-transitory computer readable medium of a host device storing a data structure, the data structure comprising:
an identifier;
embedded data accessible only by first executing the executable program, wherein:
the executable program when executed [by the host device] determines if the accessing device attempting to access the embedded data has permission to access the embedded data”.
Specification discloses: 
As described above, the embedded data 28 is accessible only by first executing an executable program 40. The executable program 40, when executed, determines if an accessing device attempting to access the embedded data 28 has permission to access the embedded data 28. The executable program 40 may determine if the accessing device has permission to access the embedded data 28 by determining at least one of an identity or a location of the accessing device attempting to access the embedded data and by determining a permission associated with the identifier 26. For example, the executable program 40 may determine the permission associated with a given data structure 24 based on the identifier 26 of the data structure 24. The executable program 40 may determine the permission by connecting to a predetermined server 18 and accessing a permission table 64 stored on the predetermined server 18. The permission table 64 associates each of a plurality of identifiers with a permission regarding access. In this example, the executable 40 may locate the identifier 26 of the data structure 24 within the permission table 64. The permission associated with the identifier 26 may specify a list of approved devices that are approved to access the embedded data 28 within a given location. In this example, the listed approved devices would not have permission if located outside the given location” [0050], 
However, the specification is silent about accessing device comprising the executable program that performs the functions of determining, destroying and allowing. FIG. 1 clearly depicts that “executable program 40” is being stored in the “host device 12” which performs the functions of determining, destroying and allowing instead of claimed “accessing device”.

    PNG
    media_image1.png
    524
    582
    media_image1.png
    Greyscale

	Dependent claims inherit this deficiency.





	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.



Claims 1-10 are rejected under 35 U.S.C. 112(b), as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, regards as the invention.
	Independent claim 1 recites 
“a non-transitory computer readable medium of an accessing device storing an executable program configured to be executable by a processor of the accessing device; and
a non-transitory computer readable medium of a host device storing a data structure, the data structure comprising:
an identifier;
embedded data accessible only by first executing the executable program, wherein:
the executable program when executed determines if the accessing device attempting to access the embedded data has permission to access the embedded data;
if the accessing device is determined not to have the permission to access the embedded data, the executable program destroys at least a portion of the embedded data; and
if the accessing device is determined to have the permission to access the embedded data, the executable program allows the host device to access the embedded data”.
Examiner would like to note that claim is written from a system standpoint where “an accessing device” is storing an executable program, however, that executable program is being executed at the host device because as per the claim, “the executable program when executed …” limitation is drafted under “a host device … comprising:” limitation. 
Therefore, it is unclear in a manner that the executable program is being executed at the host device when it is initially stored in the accessing device.
Furthermore, it is also unclear in a manner the host device is determining the permissions to the embedded data of accessing device by executing the executable program in the host device when the executable program is stored in the accessing device.
Dependent claims inherit this deficiency.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7 and 12-16 are rejected under 35 U.S.C. 103 as being unpatentable over Burgess et al., (US20120151553A1) in view of Zhai., (US20160352759A1) in view of Joa et al., (US20120198570A1) and further in view of Cignetti et al., (US9231923B1).
Regarding claim 1, Burgess discloses:
A system for securing electronic data, the system comprising:
a non-transitory computer readable medium of an accessing device (i.e. remote attempt to access data file; See [0068]) storing an executable program (See [0016] i.e. embedded autonomous executable program OR Cognitive data framework 2401; See FIG. 24) configured to be executable by a processor of the accessing device ([0016] The present inventive subject matter relates to a cognitive data system for autonomous data decision processing comprising the following elements operably coupled, a data file stored on a storage medium or memory device, and having stored instructions for an embedded autonomous executable program which is executed each time there is an attempt to access, control, or manipulate said data file; a processor for executing said program; an output device for communicating to a user, wherein said communication is based on the result of executing said program in relation to parameters required for said data file by a data file original creator; and an input device for receiving a response to said communication; [0068] The inventive subject matter further relates to an apparatus for handling a cognitive data file with autonomous data decision processing, comprising a storage medium or memory device having stored instructions for an embedded autonomous executable program which is executed each time there is an attempt to access, control, or manipulate said data file); and
a non-transitory computer readable medium of a host device (i.e. the cognitive data system 2400) storing a data structure (i.e. fields that are marked as very smart (vs), smart (s) & somewhat smart (ss) intelligence level data structure, See [0110]), the data structure comprising ([0305] The cognitive data system and method 2400 comprises software coded according to the flow diagrams of FIGS. 3-18. This software code is stored in memory within controller 2400 in one embodiment. When executed by processing unit 2402, this software causes the processing unit to implement the steps set forth in the flow diagrams of FIGS. 3-18. Data is accessed and stored utilizing the removable memory 2405 and/or local fixed memory):
an identifier ([0076] In another preferred embodiment, said network logic comprise network identifiers, protocol(s), network logic, or combinations thereof; [0201] The cognition engine embedded in the cognitive data instantiation can also possess a process that is leveraged to support network capabilities. For example, a process may be embedded that leverages network identifier fields wherein the identifier needs to be an acceptable identifier to route the data; Also see [0110-0140] for additional list of cognitive data structure identifiers);
embedded data accessible only by first executing the executable program, wherein:
the executable program when executed determines if the accessing device attempting to access the embedded data has permission to access the embedded data ([242] If the creator identity equals the user identity then a check is performed to determine if the user_request_type is permitted 1302 based on the stored cognitive data record field settings);
if the accessing device is determined not to have the permission to access the embedded data, the executable program destroys at least a portion of the embedded data ([0201] The cognition engine embedded in the cognitive data instantiation can also possess a process that is leveraged to support network capabilities. For example, a process may be embedded that leverages network identifier fields wherein the identifier needs to be an acceptable identifier to route the data. If the network data does not match the acceptable identifier, the data will self-destruct or perform some function that is acceptable to the data owner. Upon self-destruction, the data can also issue a function to overwrite the memory in which the data resided); and
if the accessing device is determined to have the permission to access the embedded data, the executable program allows the host device to access the embedded data ([0242] If the user_request_type is permitted 1310 the Access process is called passing the user_request_type argument 1310 and the process terminates … Conversely, if the user_request_type is permitted 1302 then the user_request_type is permitted and processed 1310); and
detect the identifier of the received data structure ([0107] Another approach to protecting the encryption key is to leverage the cognitive data subject matter disclosed herein. For example, this approach would convert the encryption key into a cognitive data file type, where the key is armed with embedded intelligence so it “knows” where it should be and how it should behave based upon where it is. If the key is not in an environment that is “acceptable”, the key itself optionally could self-destruct and/or send an alert to the owner of the key … a commonly known approach of hashing could be applied to further protect the key, in which the key itself could be hashed with some other known identifier such as an environment identifier (e.g., MAC ID, System ID, User ID, etc.));
determine the permission associated with the identifier ([0073] In a further aspect of the inventive subject matter, said embedded program causes said processor to autonomously execute one or more of the following additional steps … j) determine user access, controls, and/or permissions to data; [0076] In another preferred embodiment, said network logic comprise network identifiers, protocol(s), network logic; [0201] FIGS. 6 and 7 depict the flow diagram of the Data Structure Process 205. This process commences with reading the header and identifier data record fields);
when the permission associated with the identifier indicates that the data structure is permitted to be transmitted to the receiving device, transmit the received data structure to the receiving device ([0200] An example of how this may be used comprises a cognitive data which permits network resources to examine the network information fields to further determine the communications route to send the data. This route can then append the data packet with information that logs the route taken. By way of example, the cognitive data packets are sent to the network resources that are identified as associated to the data); and
when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, destroy at least the portion of the embedded data by overwriting at least the portion of the embedded data ([0078] In a further preferred embodiment, said creator remote control comprises capability for the creator to allow data file access, to deny data file access, to allow data file copying, to deny data file copying, to allow data file modification, to deny data file modification, to allow data file deletion, to deny data file deletion, to destroy the data file, or combinations thereof; [0201] If the network data does not match the acceptable identifier, the data will self-destruct or perform some function that is acceptable to the data owner. Upon self-destruction, the data can also issue a function to overwrite the memory in which the data resided).
Burgess fails to disclose:
	the sensor device to detect the data structure when transmitted from the host device to the receiving device outside of a predefined area; wherein, during a transmission of data, the sensor device is configured to: receive the data structure during the transmission from the host device to the receiving device; detect the identifier of the received data structure; determine the permission associated with the identifier; when the permission associated with the identifier indicates that the data structure is permitted to be transmitted to the receiving device, transmit the received data structure to the receiving device; and when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, deny access to at least the portion of the embedded data.
However, Zhai discloses:
	a sensor device positioned between (See Figures 2 & 4 depict security sensor positioned between two nodes) a receiving device and the host device ([0045] The NIDS is configured to monitor data on a transmission line (wireless, Ethernet, fiber optics, etc.) between at least a pair of nodes of a network. The nodes can be any device that transmits or receives data; [0047] FIG. 4 schematically shows that a security sensor may be deployed in a network that transmits data wirelessly. The security sensor may sniff data in wireless communication without physical connection to any nodes of the network; [0048] If an event monitored by the security matches an attack signature, the security sensor may further determine how to handle the event … the system 500 may disable or enable the attack signatures, limit [outside the permitted locations] the applicability of the attack signatures by time, geological location, logic location, IP addresses, etc.).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Burgess and include a dedicated sensor to monitor the data transmission between two hosts, as disclosed by Zhai. 
The motivation to combine the references is to be able to ensure that legitimate and allowed communication is occurring between the authorized entities only and is secured from malicious actors.
The combination of Burgess and Zhai fails to disclose:
	the sensor device to detect the data structure when transmitted from the host device to the receiving device outside of a predefined area; wherein, during a transmission of data, the sensor device is configured to: receive the data structure during the transmission from the host device to the receiving device; detect the identifier of the received data structure; determine the permission associated with the identifier; when the permission associated with the identifier indicates that the data structure is permitted to be transmitted to the receiving device, transmit the received data structure to the receiving device; and when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, deny access to at least the portion of the embedded data.
However, Joa discloses:
	the sensor device (i.e., the server 101/system determines a location of the portable access device) to detect the data structure when transmitted from the host device (i.e., portable access device (PAD)) to the receiving device (i.e., access to a dataset in the remote access device) outside of a predefined area ([0026] In step 207 the system determines a location identified with the access request [from the portable access device]. The determination in step 207 may be based on location information 205 received from the device requesting access to the dataset; [0028] In step 211, the system determines whether the location associated with the device requesting access is allowed to access the requested dataset. If any location within the degree of error associated with the location information is within an unauthorized area, then access may be denied);
	wherein, during a transmission of data, the sensor device is configured to: receive the identifier of the data structure (i.e., network address associated with device requesting access to the dataset) during the transmission from the host device to the receiving device ([0026] In step 207 the system determines a location identified with the access request … location information 205 may be retrieved by the system based on a network address of the device requesting access by looking up the address in a database that correlates a known device address to a corresponding specific location); 
detect the identifier of the received data structure ([0026] location information 205 may be retrieved by the system based on a network address of the device requesting access by looking up the address in a database that correlates a known device address to a corresponding specific location); 
determine the permission associated with the identifier ([0028] In step 211, the system determines whether the location associated with the device requesting access is allowed to access the requested dataset); 
when the permission associated with the identifier indicates that the data structure is permitted (i.e., location is authorized) to be transmitted to the receiving device, transmit the received data structure to the receiving device ([0030] Upon querying database 209, the system in step 211 determines whether location 205 is authorized to access the requested dataset … If the location is authorized to access the dataset, then in step 213 the system provides the user/PAD the requested access to the dataset); and 
when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, deny access to at least the portion of the embedded data ([0030] Upon querying database 209, the system in step 211 determines whether location 205 is authorized to access the requested dataset. If the location is not authorized to access the dataset, then the method proceeds to step 217 where access to the dataset is denied).
It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify Burgess and Zhai references and include a system and a method of determining access permission to a dataset based at least in part of a geographic location of the user’s device attempting to access the dataset, as disclosed by Joa.
The motivation to determine the access permission to a dataset based on geographic location is to prevent access to sensitive data when the user’s device is not at the authorized location.
The combination of Burgess, Zhai and Joa fails to disclose:
	the sensor device destroy the data by overwriting at least the portion of the embedded data. 
However, Cignetti discloses:
	the server [sensor device] destroy the data by overwriting at least the portion of the embedded data (Col. 14, Line # 46-51; Returning to FIG. 10, if it is determined that the encryption keys have not been exposed 1006, the keys or other sensitive data may then be selectively deleted or otherwise destroyed 1008. The data may be deleted or otherwise destroyed 1008 by overwriting the keys with random data, non-random data, zeros, ones or other suitable information).
	It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai and Joa references and include a technique for enhancing data security in which sensitive data is destroyed by overwriting the data in determination that the data has been potentially accessed by unauthorized entity, as disclosed by Cignetti.
	The motivation to destroy the sensitive data in case the data has been potentially accessed by the unauthorized entity is to discourage the unauthorized entity to perform further attempts to access the sensitive data.  
Regarding claim 2, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The system of claim 1, wherein the executable program is embedded in the data structure (Burgess: [0016] The present inventive subject matter relates to a cognitive data system for autonomous data decision processing comprising the following elements operably coupled, a data file stored on a storage medium or memory device, and having stored instructions for an embedded autonomous executable program which is executed each time there is an attempt to access, control, or manipulate said data file; a processor for executing said program; an output device for communicating to a user, wherein said communication is based on the result of executing said program in relation to parameters required for said data file by a data file original creator; and an input device for receiving a response to said communication).
Regarding claim 3, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The system of claim 1, wherein the sensor device is a network router (Zhai: [0046] FIG. 3 schematically shows a security sensor deployed in a host that is a part of the infrastructure of a network. The host manages traffic between at least two nodes of the network. One of the nodes may be remote. For example, the host can manage traffic between a local server and the internet. The host may be a router, a switch, or a firewall).
Regarding claim 4, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The system of claim 1, wherein the sensor device is a network switch (Zhai: [0046] FIG. 3 schematically shows a security sensor deployed in a host that is a part of the infrastructure of a network. The host manages traffic between at least two nodes of the network. One of the nodes may be remote. For example, the host can manage traffic between a local server and the internet. The host may be a router, a switch, or a firewall).
Regarding claim 5, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The system of claim 1, wherein the sensor device is a network sniffer (Zhai: [0047] FIG. 4 schematically shows that a security sensor may be deployed in a network that transmits data wirelessly. The security sensor may sniff data in wireless communication without physical connection to any nodes of the network).
Regarding claim 6, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The system of claim 1, wherein the data structure contains financial data (Burgess: [0214] In this embodiment, “high” security level requires the use of stripping out highly sensitive data from the document data and storing it in a separate cognitive data file. Samples of highly sensitive data could comprise identity numbers such as social security numbers, names, locations, financial numbers, pricing information, etc.).
Regarding claim 7, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The system of claim 1, wherein the data structure contains healthcare data (Burgess: [0086] This automated control logic can implement data security standards though the use of rule-based logic as an aid to automate a data security policy (e.g., Health Insurance Portability and Accountability Act)).
Regarding claim 12, Burgess discloses:
A method for securing electronic data, the method comprising:
embedding data to be secured in a data structure such that the embedded data is not accessible without first executing an executable program, wherein the data structure is stored in a non-transitory computer readable medium of a host device ([0016] The present inventive subject matter relates to a cognitive data system for autonomous data decision processing comprising the following elements operably coupled, a data file stored on a storage medium or memory device, and having stored instructions for an embedded autonomous executable program which is executed each time there is an attempt to access, control, or manipulate said data file; a processor for executing said program; an output device for communicating to a user, wherein said communication is based on the result of executing said program in relation to parameters required for said data file by a data file original creator; and an input device for receiving a response to said communication; [0068] The inventive subject matter further relates to an apparatus for handling a cognitive data file with autonomous data decision processing, comprising a storage medium or memory device having stored instructions for an embedded autonomous executable program which is executed each time there is an attempt to access, control, or manipulate said data file); and
a non-transitory computer readable medium of a host device (i.e. the cognitive data system 2400) storing a data structure (i.e. fields that are marked as very smart (vs), smart (s) & somewhat smart (ss) intelligence level data structure, See [0110]), the data structure comprising ([0305] The cognitive data system and method 2400 comprises software coded according to the flow diagrams of FIGS. 3-18. This software code is stored in memory within controller 2400 in one embodiment. When executed by processing unit 2402, this software causes the processing unit to implement the steps set forth in the flow diagrams of FIGS. 3-18. Data is accessed and stored utilizing the removable memory 2405 and/or local fixed memory):
an identifier ([0076] In another preferred embodiment, said network logic comprise network identifiers, protocol(s), network logic, or combinations thereof; [0201] The cognition engine embedded in the cognitive data instantiation can also possess a process that is leveraged to support network capabilities. For example, a process may be embedded that leverages network identifier fields wherein the identifier needs to be an acceptable identifier to route the data; Also see [0110-0140] for additional list of cognitive data structure identifiers);
embedded data accessible only by first executing the executable program, wherein:
the executable program when executed determines if the accessing device attempting to access the embedded data has permission to access the embedded data ([242] If the creator identity equals the user identity then a check is performed to determine if the user_request_type is permitted 1302 based on the stored cognitive data record field settings);
if the accessing device is determined not to have the permission to access the embedded data, the executable program destroys at least a portion of the embedded data ([0201] The cognition engine embedded in the cognitive data instantiation can also possess a process that is leveraged to support network capabilities. For example, a process may be embedded that leverages network identifier fields wherein the identifier needs to be an acceptable identifier to route the data. If the network data does not match the acceptable identifier, the data will self-destruct or perform some function that is acceptable to the data owner. Upon self-destruction, the data can also issue a function to overwrite the memory in which the data resided); and
if the accessing device is determined to have the permission to access the embedded data, the executable program allows the host device to access the embedded data ([0242] If the user_request_type is permitted 1310 the Access process is called passing the user_request_type argument 1310 and the process terminates … Conversely, if the user_request_type is permitted 1302 then the user_request_type is permitted and processed 1310); and
detect the identifier of the received data structure ([0107] Another approach to protecting the encryption key is to leverage the cognitive data subject matter disclosed herein. For example, this approach would convert the encryption key into a cognitive data file type, where the key is armed with embedded intelligence so it “knows” where it should be and how it should behave based upon where it is. If the key is not in an environment that is “acceptable”, the key itself optionally could self-destruct and/or send an alert to the owner of the key … a commonly known approach of hashing could be applied to further protect the key, in which the key itself could be hashed with some other known identifier such as an environment identifier (e.g., MAC ID, System ID, User ID, etc.));
determine the permission associated with the identifier ([0073] In a further aspect of the inventive subject matter, said embedded program causes said processor to autonomously execute one or more of the following additional steps … j) determine user access, controls, and/or permissions to data; [0076] In another preferred embodiment, said network logic comprise network identifiers, protocol(s), network logic; [0201] FIGS. 6 and 7 depict the flow diagram of the Data Structure Process 205. This process commences with reading the header and identifier data record fields);
when the permission associated with the identifier indicates that the data structure is permitted to be transmitted to the receiving device, transmit the received data structure to the receiving device ([0200] An example of how this may be used comprises a cognitive data which permits network resources to examine the network information fields to further determine the communications route to send the data. This route can then append the data packet with information that logs the route taken. By way of example, the cognitive data packets are sent to the network resources that are identified as associated to the data); and
when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, destroy at least the portion of the embedded data by overwriting at least the portion of the embedded data ([0078] In a further preferred embodiment, said creator remote control comprises capability for the creator to allow data file access, to deny data file access, to allow data file copying, to deny data file copying, to allow data file modification, to deny data file modification, to allow data file deletion, to deny data file deletion, to destroy the data file, or combinations thereof; [0201] If the network data does not match the acceptable identifier, the data will self-destruct or perform some function that is acceptable to the data owner. Upon self-destruction, the data can also issue a function to overwrite the memory in which the data resided).
Burgess fails to disclose:
the sensor device to detect the data structure when transmitted from the host device to the receiving device outside of a predefined area; wherein, during a transmission of data, the sensor device is configured to: receive the data structure during the transmission from the host device to the receiving device; detect the identifier of the received data structure; determine the permission associated with the identifier; when the permission associated with the identifier indicates that the data structure is permitted to be transmitted to the receiving device, transmit the received data structure to the receiving device; and when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, deny access to at least the portion of the embedded data.
However, Zhai discloses:
	a sensor device positioned between (See Figures 2 & 4 depict security sensor positioned between two nodes) a receiving device and the host device ([0045] The NIDS is configured to monitor data on a transmission line (wireless, Ethernet, fiber optics, etc.) between at least a pair of nodes of a network. The nodes can be any device that transmits or receives data; [0047] FIG. 4 schematically shows that a security sensor may be deployed in a network that transmits data wirelessly. The security sensor may sniff data in wireless communication without physical connection to any nodes of the network; [0048] If an event monitored by the security matches an attack signature, the security sensor may further determine how to handle the event … the system 500 may disable or enable the attack signatures, limit [outside the permitted locations] the applicability of the attack signatures by time, geological location, logic location, IP addresses, etc.).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Burgess and include a dedicated sensor to monitor the data transmission between two hosts, as disclosed by Zhai. 
The motivation to combine the references is to be able to ensure that legitimate and allowed communication is occurring between the authorized entities only and is secured from malicious actors.
The combination of Burgess and Zhai fails to disclose:
	the sensor device to detect the data structure when transmitted from the host device to the receiving device outside of a predefined area; wherein, during a transmission of data, the sensor device is configured to: receive the data structure during the transmission from the host device to the receiving device; detect the identifier of the received data structure; determine the permission associated with the identifier; when the permission associated with the identifier indicates that the data structure is permitted to be transmitted to the receiving device, transmit the received data structure to the receiving device; and when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, deny access to at least the portion of the embedded data.
However, Joa discloses:
	the sensor device (i.e., the server 101/system determines a location of the portable access device) to detect the data structure when transmitted from the host device (i.e., portable access device (PAD)) to the receiving device (i.e., access to a dataset in the remote access device) outside of a predefined area ([0026] In step 207 the system determines a location identified with the access request [from the portable access device]. The determination in step 207 may be based on location information 205 received from the device requesting access to the dataset; [0028] In step 211, the system determines whether the location associated with the device requesting access is allowed to access the requested dataset. If any location within the degree of error associated with the location information is within an unauthorized area, then access may be denied);
	wherein, during a transmission of data, the sensor device is configured to: receive the identifier of the data structure (i.e., network address associated with device requesting access to the dataset) during the transmission from the host device to the receiving device ([0026] In step 207 the system determines a location identified with the access request … location information 205 may be retrieved by the system based on a network address of the device requesting access by looking up the address in a database that correlates a known device address to a corresponding specific location); 
detect the identifier of the received data structure ([0026] location information 205 may be retrieved by the system based on a network address of the device requesting access by looking up the address in a database that correlates a known device address to a corresponding specific location); 
determine the permission associated with the identifier ([0028] In step 211, the system determines whether the location associated with the device requesting access is allowed to access the requested dataset); 
when the permission associated with the identifier indicates that the data structure is permitted (i.e., location is authorized) to be transmitted to the receiving device, transmit the received data structure to the receiving device ([0030] Upon querying database 209, the system in step 211 determines whether location 205 is authorized to access the requested dataset … If the location is authorized to access the dataset, then in step 213 the system provides the user/PAD the requested access to the dataset); and 
when the permission associated with the identifier indicates that the data structure is not permitted to be transmitted to the receiving device, deny access to at least the portion of the embedded data ([0030] Upon querying database 209, the system in step 211 determines whether location 205 is authorized to access the requested dataset. If the location is not authorized to access the dataset, then the method proceeds to step 217 where access to the dataset is denied).
It would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to modify Burgess and Zhai references and include a system and a method of determining access permission to a dataset based at least in part of a geographic location of the user’s device attempting to access the dataset, as disclosed by Joa.
The motivation to determine the access permission to a dataset based on geographic location is to prevent access to sensitive data when the user’s device is not at the authorized location.
The combination of Burgess, Zhai and Joa fails to disclose:
	the sensor device destroy the data by overwriting at least the portion of the embedded data. 
However, Cignetti discloses:
	the server [sensor device] destroy the data by overwriting at least the portion of the embedded data (Col. 14, Line # 46-51; Returning to FIG. 10, if it is determined that the encryption keys have not been exposed 1006, the keys or other sensitive data may then be selectively deleted or otherwise destroyed 1008. The data may be deleted or otherwise destroyed 1008 by overwriting the keys with random data, non-random data, zeros, ones or other suitable information).
	It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai and Joa references and include a technique for enhancing data security in which sensitive data is destroyed by overwriting the data in determination that the data has been potentially accessed by unauthorized entity, as disclosed by Cignetti.
	The motivation to destroy the sensitive data in case the data has been potentially accessed by the unauthorized entity is to discourage the unauthorized entity to perform further attempts to access the sensitive data.  
Regarding claim 13, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The method of claim 12, wherein the sensor device is a network router (Zhai: [0046] FIG. 3 schematically shows a security sensor deployed in a host that is a part of the infrastructure of a network. The host manages traffic between at least two nodes of the network. One of the nodes may be remote. For example, the host can manage traffic between a local server and the internet. The host may be a router, a switch, or a firewall).
Regarding claim 14, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The method of claim 12, wherein the sensor device is a network sniffer (Zhai: [0047] FIG. 4 schematically shows that a security sensor may be deployed in a network that transmits data wirelessly. The security sensor may sniff data in wireless communication without physical connection to any nodes of the network).
Regarding claim 15, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The method of claim 12, wherein the data structure contains financial data (Burgess: [0214] In this embodiment, “high” security level requires the use of stripping out highly sensitive data from the document data and storing it in a separate cognitive data file. Samples of highly sensitive data could comprise identity numbers such as social security numbers, names, locations, financial numbers, pricing information, etc.).
Regarding claim 16, the combination of Burgess, Zhai, Joa and Cignetti discloses:
The method of claim 12, wherein the data structure contains healthcare data (Burgess: [0086] This automated control logic can implement data security standards though the use of rule-based logic as an aid to automate a data security policy (e.g., Health Insurance Portability and Accountability Act)).


Claims 8-10, and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Burgess et al., (US20120151553A1) in view of Zhai (US20160352759A1) in view of Joa et al., (US20120198570A1) in view of Cignetti et al., (US9231923B1) and further in view of Mahaffey et al., (US20150128205A1).
Regarding claim 8, the combination of Burgess, Zhai, Joa and Cignetti fails to disclose:
	The system of claim 1, wherein the permission is determined by comparing the accessing device to a whitelist.
However, Mahaffey discloses:
	wherein the permission is determined by comparing the accessing device to a whitelist ([0126] Providing a secure connection or safe browsing experience may be facilitated through controlling a domain name system (DNS) server for resolving network addresses of all connections via whitelisting or blacklisting by specific domains or top-level domains (TLDs) or categories of destinations; [0314] Whitelisting techniques, blacklisting techniques, or both may used to help determine the network connection type. For example, in a specific implementation, a security policy includes a listing of remote destination categories. In this specific implementation, if a remote destination falls within a category of the listing, a network connection of a first type may be required between the mobile communications device and the remote destination).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai, Joa and Cignetti references and include a system which monitors outgoing requests to remote device(s) and check whether they are in allowed [whitelist] category to communicate with the local device, as disclosed by Mahaffey.
	The motivation to monitor and check the remote device(s) whether they are in allowed category to communication with the local device is to proactively protect the local device from communicating with malicious entities.  
Regarding claim 9, the combination of Burgess, Zhai, Joa and Cignetti fails to disclose:
The system of claim 1, wherein the permission is determined by comparing the accessing device to a blacklist.
However, Mahaffey discloses:
wherein the permission is determined by comparing the accessing device to a blacklist ([0058] attempted connections to blacklisted domains and/or internet protocol (IP) addresses or ranges may be detected and/or prevented. The blacklisting of domains and addresses may be at any level of the domain structure. For example, a domain may be blacklisted if it matches “*.ru” or “*.badsite.ru.” Furthermore, blacklisting may include specific IP addresses, or IP address blocks for specific organizations or geographic top-level domains).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai, Joa and Cignetti references and include a system which monitors outgoing requests to remote device(s) and check whether they are in disallowed [blacklist] category to communicate with the local device, as disclosed by Mahaffey.
	The motivation to monitor and check the remote device(s) whether they are in allowed category to communication with the local device is to proactively protect the local device from communicating with malicious entities.  
Regarding claim 10, the combination of Burgess, Zhai, Joa and Cignetti fails to disclose:
The system of claim 1, wherein the permission is determined by comparing a GPS location of the accessing device to a blacklist of geographic locations.
However, Mahaffey discloses:
wherein the permission is determined by comparing a GPS location of the accessing device to a blacklist of geographic locations ([0266] In some implementations, an operation may be performed in response to determining that an application is attempting to connect to or request content from a server in a particular country. For example, a SNC policy manager may include a country blacklist that specifies that all traffic being sent to one or more particular countries should be dropped. A system component, such as a safe browsing module, may identify a destination country for each request leaving the mobile communications device based on the country that the DNS address associated with the request resolves to. If the country identified based on the DNS address matches a country identified in the blacklist, a system component, such as a SNC service manager, may drop the request).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai, Joa and Cignetti references and include a system which monitors outgoing requests to remote device(s) and check whether they are in disallowed [blacklist] category to communicate with the local device, as disclosed by Mahaffey.
The motivation to monitor and check the remote device(s) whether they are in allowed category to communication with the local device is to proactively protect the local device from communicating with malicious entities.  
Regarding claim 17, the combination of Burgess, Zhai, Joa and Cignetti fails to disclose:
The method of claim 12, wherein the permission is determined by comparing the accessing device to a whitelist.
However, Mahaffey discloses:
	wherein the permission is determined by comparing the accessing device to a whitelist ([0126] Providing a secure connection or safe browsing experience may be facilitated through controlling a domain name system (DNS) server for resolving network addresses of all connections via whitelisting or blacklisting by specific domains or top-level domains (TLDs) or categories of destinations; [0314] Whitelisting techniques, blacklisting techniques, or both may used to help determine the network connection type. For example, in a specific implementation, a security policy includes a listing of remote destination categories. In this specific implementation, if a remote destination falls within a category of the listing, a network connection of a first type may be required between the mobile communications device and the remote destination).
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai, Joa and Cignetti references and include a system which monitors outgoing requests to remote device(s) and check whether they are in allowed [whitelist] category to communicate with the local device, as disclosed by Mahaffey.
	The motivation to monitor and check the remote device(s) whether they are in allowed category to communication with the local device is to proactively protect the local device from communicating with malicious entities.  
Regarding claim 18, the combination of Burgess, Zhai, Joa and Cignetti fails to disclose:
The method of claim 12, wherein the permission is determined by comparing the accessing device to a blacklist.
However, Mahaffey discloses:
wherein the permission is determined by comparing the accessing device to a blacklist ([0058] attempted connections to blacklisted domains and/or internet protocol (IP) addresses or ranges may be detected and/or prevented. The blacklisting of domains and addresses may be at any level of the domain structure. For example, a domain may be blacklisted if it matches “*.ru” or “*.badsite.ru.” Furthermore, blacklisting may include specific IP addresses, or IP address blocks for specific organizations or geographic top-level domains).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai, Joa and Cignetti references and include a system which monitors outgoing requests to remote device(s) and check whether they are in disallowed [blacklist] category to communicate with the local device, as disclosed by Mahaffey.
	The motivation to monitor and check the remote device(s) whether they are in allowed category to communication with the local device is to proactively protect the local device from communicating with malicious entities.  
Regarding claim 19, the combination of Burgess, Zhai, Joa and Cignetti fails to disclose:
The method of claim 12, wherein the permission is determined by comparing a GPS location of the accessing device to a blacklist of geographic locations.
However, Mahaffey discloses:
wherein the permission is determined by comparing a GPS location of the accessing device to a blacklist of geographic locations ([0266] In some implementations, an operation may be performed in response to determining that an application is attempting to connect to or request content from a server in a particular country. For example, a SNC policy manager may include a country blacklist that specifies that all traffic being sent to one or more particular countries should be dropped. A system component, such as a safe browsing module, may identify a destination country for each request leaving the mobile communications device based on the country that the DNS address associated with the request resolves to. If the country identified based on the DNS address matches a country identified in the blacklist, a system component, such as a SNC service manager, may drop the request).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Burgess, Zhai, Joa and Cignetti references and include a system which monitors outgoing requests to remote device(s) and check whether they are in disallowed [blacklist] category to communicate with the local device, as disclosed by Mahaffey.
The motivation to monitor and check the remote device(s) whether they are in allowed category to communication with the local device is to proactively protect the local device from communicating with malicious entities.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018.  The examiner can normally be reached on 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/SYED M AHSAN/Patent Examiner, Art Unit 2432