DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Drawings
The applicant’s drawings submitted are acceptable for examination purposes.

Specification
The applicant’s specification submitted is acceptable for examination purposes.
Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-4, 6, 8, 10-11, 13, 16, 18, 20, 22, 23 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Yaskin et al. (U.S. Pub. No. 2010/0198804 A1) in view of O’Hare et al. (U.S. Pub. No. 2012/0331088 A1), further in view of Banerjee et al. (U.S. Patent No. 9,880,757 B1).
Regarding claim 1, Yaskin teaches a method for implementing Universal File Virtualization, the method comprising:
receiving, by system controller, data sets from a plurality of Universal File System (UFS) modules running at a first set of data silos (paragraph [0023], [0025], information stored in selected da silos of an enterprise is used as input to build a representation of all information stored in the chosen silos); 
extracting, by the system controller, metadata, first set of user data and first set of security profile data from the data sets wherein the metadata is stored in the system controller (paragraph [0025]-[0027], [0052], the representation of the information extracted from data silos is stored as a virtual website; information includes records stored in relational databases, objects, documents and the like are represented as documents 120 representing entities that are linked to each other; the security information store security information extracted from the data silos as well as any security information that can be added to data virtualization system; metadata information is extracted from data silos in an enterprise by the crawler; also see paragraph [0055], [0059]).
Yaskin does not explicitly disclose: performing, by the system controller, the plurality of configured data services on the first set of user data and creating a second set of user data and second set of security profile data.
O’Hare teaches: performing, by the system controller, the plurality of configured data services on the first set of user data and creating a second set of user data and second set of security profile data (paragraph [0307]-[0312], generating a session master key and encrypt the data using RSE stream cipher; the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key, generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares).
It would have been obvious to one of ordinary skill in art before the effective filing date of the claim invention to include performing, by the system controller, the plurality of configured data services on the first set of user data and creating a second set of user data and second set of security profile data into security management for data virtualization system of Yaskin.
Motivation to do so would be to include performing, by the system controller, the plurality of configured data services on the first set of user data and creating a second set of user data and second set of security profile data such that there is no possibility of reassembling or restoring the original information without access to the session master key and Parser Master key (O’Hare, paragraph [0059]).
Yaskin as modified by O’Hare further teach: transferring, by the system controller, the second set of user data and the second set of security profile data to a plurality of data containers associated with data controller and a security controller respectively (Yaskin, paragraph [0052], the user information is stored in user identity store and the security roles are stored in the security information store while O’Hare teaches: the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key; generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portion or shares; paragraph [0307]-[0312], the combination of references Yaskin and O’Hare teaches transferring, by the system controller, the second set of user data and the second set of security profile data to a plurality of data containers associated with data controller and a security controller respectively as claimed).
Yaskin as modified by O’Hare do not explicitly disclose: synchronizing, by the system controller, the metadata with at least one of the plurality of UFS modules running in second set of data silos, wherein the plurality of said UFS modules retrieve the metadata from a local storage, and the second set of user data from the plurality of data containers associated with data plane controller, and the security profile from the security controller, in response to receiving a data request from a user at second set of the plurality of UFS modules running in a second set of data silos.
Banerjee teaches:
synchronizing, by the system controller, the metadata with at least one of the plurality of UFS modules running in second set of data silos, wherein the plurality of said UFS modules retrieve the metadata from a local storage, and the second set of user data from the plurality of data containers associated with data plane controller, and the security profile from the security controller, in response to receiving a data request from a user at second set of the plurality of UFS modules running in a second set of data silos (col. 8, line 1-15 and 40-67, col. 9, line 1-18, when a request for a copy of production data is made to the information provisioning orchestration system, the system would communicate with the security provisioning orchestration system providing that the security orchestration system with information about the primary application, the production data to be copied, and the use of the production data; continuously collects metadata about security files and provisioning associated with primary application and production data and updates the information with new information collected; deploying any security product or products to effect the determined security provisioning for the copy data). 
It would have been obvious to one of ordinary skill in art before the effective filing date of the claim invention to include synchronizing, by the system controller, the metadata with at least one of the plurality of UFS modules running in second set of data silos, wherein the plurality of said UFS modules retrieve the metadata from a local storage, and the second set of user data from the plurality of data containers associated with data plane controller, and the security profile from the security controller, in response to receiving a data request from a user at second set of the plurality of UFS modules running in a second set of data silos into security management for data virtualization system of Yaskin.
Motivation to do so would be to include synchronizing, by the system controller, the metadata with at least one of the plurality of UFS modules running in second set of data silos, wherein the plurality of said UFS modules retrieve the metadata from a local storage, and the second set of user data from the plurality of data containers associated with data plane controller, and the security profile from the security controller, in response to receiving a data request from a user at second set of the plurality of UFS modules running in a second set of data silos to securely manage copy data (Banerjee, col. 3, line 9).
Regarding claim 3, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 1, further teach wherein UFS modules can access primary data through standard NAS protocols and comprise the steps of, transferring the data from primary client computing systems (O’Hare, paragraph [0124], receiving the forwarded data and assemble the data into useable formats; transmission of data to be stored in data storage facilities D1 through D4); 
creating the metadata, first set of user data and first set of security profile data (Yaskin, paragraph [0025]-[0027], [0052], the representation of the information extracted from data silos is stored as a virtual website; information includes records stored in relational databases, objects, documents and the like are represented as documents 120 representing entities that are linked to each other; the security information store security information extracted from the data silos as well as any security information that can be added to data virtualization system; metadata information is extracted from data silos in an enterprise by the crawler; also see paragraph [0055], [0059]); 
determining the configured data services and service profile from the configuration module in the first UFS module, running in first data silo (Yaskin, paragraph [0042], if a user or security role is defined in the security information store and an entity or entity field is identified as accessible for this user or security role, the corresponding entity or a field data can be retrieved); 
performing configured data services in the first order, to first set of user data, by first UFS module, creating second set of user data, second set of security profile data and sending second set of security profile data (O’Hare, paragraph [0307]-[0312], generating a session master key and encrypt the data using RSE stream cipher; the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key, generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares) and the metadata to security controller and system controller respectively (O’Hare, paragraph [0307]-[0312], generating a session master key and encrypt the data using RSE stream cipher; the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key, generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares); 
transferring, by the first UFS module, the second set of user data among plurality of data containers (Yaskin, paragraph [0052], the user information is stored in user identity store and the security roles are stored in the security information store while O’Hare teaches: the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key; generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portion or shares; paragraph [0307]-[0312], the combination of references Yaskin and O’Hare teaches transferring, by the first UFS module, the second set of user data among plurality of data containers as claimed); 
system controller synchronize to at least one of the second UFS modules associated with the system controller running in second data silo (Yaskin, paragraph [0052], the user information is stored in user identity store and the security roles are stored in the security information store while O’Hare teaches: the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key; generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portion or shares; paragraph [0307]-[0312]) and sending security data to the security controller (Yaskin, paragraph [0052], the user information is stored in user identity store and the security roles are stored in the security information store while O’Hare teaches: the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key; generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portion or shares; paragraph [0307]-[0312]; noted, as the stream including key for each data share that going to be stored, thus it implies that security data is sent to the controller); 
retrieving, by the second UFS module, the metadata from the local storage, second set of data from the data containers associated with the data controller, third set of security profile from the security controller, in response to a data request from a user (Banerjee, col. 8, line 1-15 and 40-67, col. 9, line 1-18, when a request for a copy of production data is made to the information provisioning orchestration system, the system would communicate with the security provisioning orchestration system providing that the security orchestration system with information about the primary application, the production data to be copied, and the use of the production data; continuously collects metadata about security files and provisioning associated with primary application and production data and updates the information with new information collected; deploying any security product or products to effect the determined security provisioning for the copy data); 
determining the data services allowed to perform for the said user (O’Hare, paragraph [0200], [paragraph [0392], [0395], [0403] using the masterKey for control data as needed based on roles, responsibilities, membership, rights, etc.); 
and performing data services upon second set of data with third set of security profile data, in the second order to create first set of user data and output to user (O’Hare, paragraph [0392],[0395], [0403], secured data is only accessible by other member of target group based on the assigned digital certificate). 
Regarding claim 4, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 1, further teach dis-aggregating and running the system controller, the plurality of data containers associated with the data controller and the security controller in separate computing systems with mutually independent communication paths, wherein dis-aggregating further comprises: enabling the plurality of UFS modules to receive metadata updates from the system controller (Banerjee, col. 8, line 1-15 and 40-67, col. 9, line 1-18, continuously collects metadata about security files and provisioning associated with primary application and production data and updates the information with new information collected; deploying any security product or products to effect the determined security provisioning for the copy data); enabling the plurality of UFS modules running in a corresponding computing system to send or receive data to and from the plurality of data containers (O’Hare, paragraph [0307]-[0313], generating a session master key and encrypt the data using RSE stream cipher; the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key, generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares; reversing the steps for original data); enabling the plurality of UFS modules to send or receive data to and from the security controller (O’Hare, paragraph [0174], [0178], [0179], transmitting the digital signature to the authentication engine; transmitting a digital signature to the cryptographic engine); enabling the system controller to exchange data with the plurality of data containers and the security controller; enabling the security controller to exchange data with the system controller and the plurality of data containers (O’Hare, paragraph [0174], [0178], [0179], transmitting the digital signature to the authentication engine; transmitting a digital signature to the cryptographic engine); and retrieving the user data transmitted through each of the plurality of first set of UFS modules running in a first set of data silos, through tree structured file system paths from the configured in a second set of UFS modules running in second set of data silos (O’Hare, paragraph [0415], sending the different portions of parsed data along different path thus creating multiple streams of data). 
Regarding claim 6, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 1, further teach wherein the plurality of configured data services comprises at least one of data compression, data encryption, data reed-solomon erasure coding and data deduplication (O’Hare, paragraph [0307]-[0312], generating a session master key and encrypt the data using RSE stream cipher; the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key, generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares). 
Regarding claim 8, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 1, further teach running the plurality of UFS modules from a plurality of geographically separated locations, communicatively connected to the system controller, the plurality of data containers associated with data controller and the security controller through independent TCP/IP based communication mechanisms (Yaskin, paragraph [0037], data virtualization system comprises a computing system that take data available in various data silos of enterprise while O’Hare teaches each of the engines are geographically separated, such that, for example first engine may reside in a first location, the second engine may reside in second location, etc., paragraph [0189]). 
Regarding claim 10, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 1, further teach running the plurality of UFS modules as a separate computing system or as module in an external computing system having heterogeneous access protocols to copy the data from the primary computer systems to the secondary storage, wherein the heterogeneous access protocols comprise at least one of NAS protocol, OS level copy operation, SaaS provider API access protocol and HTTP based protocols (O’Hare teaches each of the engines are geographically separated, such that, for example first engine may reside in a first location, the second engine may reside in second location, etc., paragraph [0189]).
As per claims 11, 13, 16, 18 and 20, these claims are rejected on grounds corresponding to the arguments given above for rejected claims 1, 3, 6, 8 and 10 respectively and are similarly rejected.
Regarding claim 22, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 11, further teach transferring the data from primary client computing systems (O’Hare, paragraph [0124], receiving the forwarded data and assemble the data into useable formats; transmission of data to be stored in data storage facilities D1 through D4);
creating the metadata, first set of user data, first set of security profile data (Yaskin, paragraph [0025]-[0027], [0052], the representation of the information extracted from data silos is stored as a virtual website; information includes records stored in relational databases, objects, documents and the like are represented as documents 120 representing entities that are linked to each other; the security information store security information extracted from the data silos as well as any security information that can be added to data virtualization system; metadata information is extracted from data silos in an enterprise by the crawler; also see paragraph [0055], [0059]); 
determine the configured data services and service profile from the configuration module in the first UFS module, running in first data silo (Yaskin, paragraph [0042], if a user or security role is defined in the security information store and an entity or entity field is identified as accessible for this user or security role, the corresponding entity or a field data can be retrieved);
 performing configured data services in the first order, to first set of user data, by first UFS module, creating second set of user data, second set of security profile data and sending second set of security profile data and the metadata to security controller and system controller respectively (O’Hare, paragraph [0307]-[0312], generating a session master key and encrypt the data using RSE stream cipher; the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key, generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares); 
transfer, by the first UFS module, the second set of user data among plurality of data containers (Yaskin, paragraph [0052], the user information is stored in user identity store and the security roles are stored in the security information store while O’Hare teaches: the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key; generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portion or shares; paragraph [0307]-[0312], the combination of references Yaskin and O’Hare teaches transferring, by the first UFS module, the second set of user data among plurality of data containers as claimed); 
send security data to the security controller (Yaskin, paragraph [0052], the user information is stored in user identity store and the security roles are stored in the security information store while O’Hare teaches: the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key; generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portion or shares, noted, as the stream including key for each data share that going to be stored, thus it implies that security is sent to the controller); 
retrieve, by the second UFS module, the metadata from the local storage, second set of data from the data containers associated with the data controller, third set of security profile from the security controller, in response to a data request from a user, determine the data services allowed to perform for the said user (Banerjee, col. 8, line 1-15 and 40-67, col. 9, line 1-18, when a request for a copy of production data is made to the information provisioning orchestration system, the system would communicate with the security provisioning orchestration system providing that the security orchestration system with information about the primary application, the production data to be copied, and the use of the production data; continuously collects metadata about security files and provisioning associated with primary application and production data and updates the information with new information collected; deploying any security product or products to effect the determined security provisioning for the copy data); determining the data services allowed to perform for the said user (O’Hare, paragraph [0200], [paragraph [0392], [0395], [0403] using the masterKey for control data as needed based on roles, responsibilities, membership, rights, etc.); 
and perform data services upon second set of data with third set of security profile data, in the second order to create first set of user data and output to user (O’Hare, paragraph [0392],[0395], [0403], secured data is only accessible by other member of target group based on the assigned digital certificate). 
Regarding claim 23, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 11, further teach dis-aggregating and running the system controller, the plurality of data containers associated with the data controller and the security controller in separate computing systems with mutually independent communication paths, wherein dis-aggregating further comprises: enable the plurality of UFS modules to receive metadata updates from the system controller (Banerjee, col. 8, line 1-15 and 40-67, col. 9, line 1-18, continuously collects metadata about security files and provisioning associated with primary application and production data and updates the information with new information collected; deploying any security product or products to effect the determined security provisioning for the copy data); enable the plurality of UFS modules running in a corresponding computing system to send or receive data to and from the plurality of data containers (O’Hare, paragraph [0307]-[0313], generating a session master key and encrypt the data using RSE stream cipher; the resulting four shares of data will contain encrypted portions of the original data and portion of the session master key, generating a stream cipher key for each of the four data shares, encrypting each share, then store the encryption keys in different locations from the encrypted data portions or shares; reversing the steps for original data); enable the plurality of UFS modules to send or receive data to and from the security controller (O’Hare, paragraph [0174], [0178], [0179], transmitting the digital signature to the authentication engine; transmitting a digital signature to the cryptographic engine). 
As per claim 25, this claim is rejected on grounds corresponding to the arguments given above for rejected claim 4 and is similarly rejected.
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Yaskin et al. (U.S. Pub. No. 2010/0198804 A1) in view of O’Hare et al. (U.S. Pub. No. 2012/0331088 A1) and Banerjee et al. (U.S. Patent No. 9,880,757 B1), further in view of Locher et al. (U.S. Pub. No. 2019/0081984 A1) and Herzi (U.S. Patent No. 6,484,262 B1).
Regarding claim 7, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 1, but do not explicitly disclose: wherein the system controller comprises at least one of a metadata module, a configuration module and a UFS module and further comprises: receiving configuration parameters from the user for data services, data classification policies and security profiles; distributing configuration and management data to each of the plurality of UFS modules connected to the system controller; distributing security configuration data to the security controller.
Locher teaches: wherein the system controller comprises at least one of a metadata module, a configuration module and a UFS module and further comprises: receiving configuration parameters from the user for data services, data classification policies and security profiles (paragraph [0062], [0068], [0071], [0104], the user trigger the automation generation commands to initiate the process of setting the security configuration; once the process is initiated, the computing device may automatically generate a plurality of commands to set the security configuration, the computing device may set one or several security related parameter values of at least one of the network and in particular of several networked devices; parsing the one or several documents of textual specification of the security settings; the agent may coordinate and distribute the commands for settings the security configuration); distributing configuration and management data to each of the plurality of UFS modules connected to the system controller; distributing security configuration data to the security controller (paragraph [0062], [0068], [0071], parsing the one or several documents of textual specification of the security settings; the user trigger the automation generation commands to initiate the process of setting the security configuration; once the process is initiated, the computing device ma automatically generate a plurality of commands to set the security configuration, the agent may coordinate and distribute the commands for settings the security configuration).
It would have been obvious to one of ordinary skill in art before the effective filing date of the claim invention to include wherein the system controller comprises at least one of a metadata module, a configuration module and a UFS module and further comprises: receiving configuration parameters from the user for data services, data classification policies and security profiles; distributing configuration and management data to each of the plurality of UFS modules connected to the system controller; distributing security configuration data to the security controller into security management for data virtualization system of Yaskin.
Motivation to do so would be to include wherein the system controller comprises at least one of a metadata module, a configuration module and a UFS module and further comprises: receiving configuration parameters from the user for data services, data classification policies and security profiles; distributing configuration and management data to each of the plurality of UFS modules connected to the system controller; distributing security configuration data to the security controller to address issue with time consuming and error-prone (Locher, paragraph [0004], line 14-15).
Yaskin as modified by O’Hare, Banerjee and Locher do not explicitly disclose: instructing the security controller to perform the security checks at configured intervals.
Herzi teaches: instructing the security controller to perform the security checks at configured intervals (col. 4, line 14-19, incorporating the security measure of receiving an authorization during a specified time period or security check interval, such a time period or security check interval may include a daily interval, weekly interval, monthly interval or any other duration as established for a given security policy). 
It would have been obvious to one of ordinary skill in art before the effective filing date of the claim invention to include instructing the security controller to perform the security checks at configured intervals into security management for data virtualization system of Yaskin.
Motivation to do so would be to include instructing the security controller to perform the security checks at configured intervals to provide an improved level of security and an improved security measure against undesired theft of a computer system (Herzi, col. 1, line 29-30).
As per claim 17, this claim is rejected on grounds corresponding to the arguments given above for rejected claim 7 and is similarly rejected
Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Yaskin et al. (U.S. Pub. No. 2010/0198804 A1) in view of O’Hare et al. (U.S. Pub. No. 2012/0331088 A1) and Banerjee et al. (U.S. Patent No. 9,880,757 B1), further in view of Shenoy, JR. et al. (U.S. Pub. No. 2019/0098037 A1).
Regarding claim 9, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 1, further teach configuring the security controller for: receiving security profile data from the system controller (Yaskin, paragraph [0025]-[0027], [0052], the security information store security information extracted from the data silos as well as any security information that can be added to data virtualization system; metadata information is extracted from data silos in an enterprise by the crawler) but do not explicitly disclose: monitoring the data activity operations on the plurality of configured data containers associated with the data controller; monitoring the data activity operations on the plurality of configured UFS modules; extracting system activity events from the plurality of UFS modules and the plurality of data containers associated with data controller; disabling the data access to the plurality of UFS modules if the configured security policies are satisfied; and reporting the file access activity to the system controller. 
Shenoy, JR. teaches monitoring the data activity operations on the plurality of configured data containers associated with the data controller; monitoring the data activity operations on the plurality of configured UFS modules (paragraph [0031], [0048], scanning the activity data to determine whether there are one or more action of interest; monitoring and control system can analyze use of services 112a-112b and identifies activities that may be a threat to an organization or individual subscriber); extracting system activity events from the plurality of UFS modules and the plurality of data containers associated with data controller (paragraph [0031], canning the activity data to determine whether there are one or more action of interest); disabling the data access to the plurality of UFS modules if the configured security policies are satisfied (paragraph [0031], [0133], comparing the flagged actions with the security rules to determine when there are one or more security violations; a security policy can also describe an action that is taken when an event is detected, such as blocking access to a service, or disabling a user account); and reporting the file access activity to the system controller (paragraph [0051], users may have access information such as reports generated by the security management and control system and the ability perform remediation actions suggested by the security management and control system, among other capabilities).
It would have been obvious to one of ordinary skill in art before the effective filing date of the claim invention to include monitoring the data activity operations on the plurality of configured data containers associated with the data controller; monitoring the data activity operations on the plurality of configured UFS modules; extracting system activity events from the plurality of UFS modules and the plurality of data containers associated with data controller; disabling the data access to the plurality of UFS modules if the configured security policies are satisfied; and reporting the file access activity to the system controller into security management for data virtualization system of Yaskin.
Motivation to do so would be to include monitoring the data activity operations on the plurality of configured data containers associated with the data controller; monitoring the data activity operations on the plurality of configured UFS modules; extracting system activity events from the plurality of UFS modules and the plurality of data containers associated with data controller; disabling the data access to the plurality of UFS modules if the configured security policies are satisfied; and reporting the file access activity to the system controller to ensure the organization’s own systems do not come to harm through the use of cloud services (Shenoy, paragraph [0005], line 3-5).
Regarding claim 19, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 11, further teach receiving security profile data from the system controller module (Yaskin, paragraph [0025]-[0027], [0052], the security information store security information extracted from the data silos as well as any security information that can be added to data virtualization system; metadata information is extracted from data silos in an enterprise by the crawler) but do not explicitly disclose: monitoring the data activity operations on the plurality of configured UFS modules; extracting system activity events from the plurality of UFS modules and the plurality of data containers; disabling data access to the plurality of data containers associated with data controller, if the configured security policies are satisfied; disabling the data access to the plurality of UFS modules if the configured security policies are satisfied; and report the file access activity to the system controller. 
Shenoy, JR. teaches monitoring the data activity operations on the plurality of configured UFS modules (paragraph [0031], [0048], scanning the activity data to determine whether there are one or more action of interest; monitoring and control system can analyze use of services 112a-112b and identifies activities that may be a threat to an organization or individual subscriber); extracting system activity events from the plurality of UFS modules and the plurality of data containers (paragraph [0031], canning the activity data to determine whether there are one or more action of interest); disabling the data access to the plurality of UFS modules if the configured security policies are satisfied (paragraph [0031], [0133], comparing the flagged actions with the security rules to determine when there are one or more security violations; a security policy can also describe an action that is taken when an event is detected, such as blocking access to a service, or disabling a user account); and reporting the file access activity to the system controller (paragraph [0051], users may have access information such as reports generated by the security management and control system and the ability perform remediation actions suggested by the security management and control system, among other capabilities).
It would have been obvious to one of ordinary skill in art before the effective filing date of the claim invention to include monitoring the data activity operations on the plurality of configured UFS modules; extracting system activity events from the plurality of UFS modules and the plurality of data containers; disabling data access to the plurality of data containers associated with data controller, if the configured security policies are satisfied; disabling the data access to the plurality of UFS modules if the configured security policies are satisfied; and report the file access activity to the system controller into security management for data virtualization system of Yaskin.
Motivation to do so would be to include monitoring the data activity operations on the plurality of configured UFS modules; extracting system activity events from the plurality of UFS modules and the plurality of data containers; disabling data access to the plurality of data containers associated with data controller, if the configured security policies are satisfied; disabling the data access to the plurality of UFS modules if the configured security policies are satisfied; and report the file access activity to the system controller to ensure the organization’s own systems do not come to harm through the use of cloud services (Shenoy JR., paragraph [0005], line 3-5).
Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Yaskin et al. (U.S. Pub. No. 2010/0198804 A1) in view of O’Hare et al. (U.S. Pub. No. 2012/0331088 A1) and Banerjee et al. (U.S. Patent No. 9,880,757 B1), further in view of Vassilev et al. (U.S. Pub. No. 2010/0257218 A1).
Regarding claim 24, Yaskin as modified by O’Hare and Banerjee teach all claimed limitations as set forth in rejection of claim 11, but do not explicitly disclose wherein the plurality of UFS modules are further configured to: aggregate the union of data sets copied from the plurality of UFS modules from a plurality of data locations; generate a universal tree of filename space available in a configured UFS module; and allow the user to access the filename space as if the data is stored in a single system.
Vassilev teaches: wherein the plurality of UFS modules are further configured to: aggregate the union of data sets copied from the plurality of UFS modules from a plurality of data locations; generate a universal tree of filename space available in a configured UFS module; and allow the user to access the filename space as if the data is stored in a single system (Fig. 3, paragraph [0040]-[0041], the directory and files structures of sub-file system 301, sub-file system 302 and sub-file system 303 are merged under a single virtual unified file system, the virtual unified file system presenting to the user a single virtual unified directory and file structure).
It would have been obvious to one of ordinary skill in art before the effective filing date of the claim invention to include wherein the plurality of UFS modules are further configured to: aggregate the union of data sets copied from the plurality of UFS modules from a plurality of data locations; generate a universal tree of filename space available in a configured UFS module; and allow the user to access the filename space as if the data is stored in a single system into security management for data virtualization system of Yaskin.
Motivation to do so would be to include wherein the plurality of UFS modules are further configured to: aggregate the union of data sets copied from the plurality of UFS modules from a plurality of data locations; generate a universal tree of filename space available in a configured UFS module; and allow the user to access the filename space as if the data is stored in a single system to address a need for various improvements to the traditional system (Vassilev, paragraph [0010]).
Yaskin as modified by O’Hare, Banerjee and Vassilev further teach: wherein the actual user data is stored in the plurality of decentralized data containers associated with data controller (O’Hare, paragraph [0517], the data depository or depositories may be located in the same physical or geographically separated, to reconstruct the original data set, an authorize set of user shares and the shared workgroup key may be required); and wherein the metadata is synchronized from the system controller and the security monitoring, security configuration and the security policies are executed by the security controller (Banerjee, col. 8, line 1-15 and 40-67, col. 9, line 1-18, when a request for a copy of production data is made to the information provisioning orchestration system, the system would communicate with the security provisioning orchestration system providing that the security orchestration system with information about the primary application, the production data to be copied, and the use of the production data; continuously collects metadata about security files and provisioning associated with primary application and production data and updates the information with new information collected; deploying any security product or products to effect the determined security provisioning for the copy data). 
Allowable Subject Matter
Claims 2, 5, 12, 14, 15 and 21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KEN HOANG whose telephone number is (571)272-8401. The examiner can normally be reached M-F 7:30am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fred Ehichioya can be reached on (571) 272-4034. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KEN HOANG/            Examiner, Art Unit 2168