DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/21/2022 has been entered.

Status of Claims
This Office Action is in response to communication received on 03/21/2022.
Claim 4, 10 and 16 were canceled.
Claims 1, 5, 8-9, 11, 14-15, 17 and 20 were amended.
Claims 1-20 are pending.

Response to Arguments
With respect to the Claim Objections, in light of the applicant’s amendments the objections are withdrawn.
With respect to the 35 USC § 101 rejection, in light of the applicant’s amendments the rejection is withdrawn.
With respect to the 35 USC § 112 rejection, in light of applicant’s amendments the arguments are found persuasive and the previous rejection has been withdrawn.
With respect to the 35 USC § 103 rejection, the applicant argument with respect to: 
the subject matter that was in claim 4 that was moved up necessitated new grounds of rejection in light of the applicant’s other amendments. 
With respect to the arguments regarding the first and second flag the mapping has been updated in the mapping below to show a first and second flags and that Cherel discloses each sensitive data element has its own flag.
With respect to the argument “the cited portions of Cherel do not teach or suggest tagging the instance of the at least one sensitive data element within the second catalogue with a second flag based on the sensitivity level of the one or more sensitive data elements where the second flag denotes a sensitive cell within a data table, as recited in amended claim 1” as explained above while Cherel discloses the first and second flags it does not disclose sensitivity level, however Kundu in an analogous art has been used to show in the mapping that it would have been obvious for sensitive data also to comprise sensitivity level indication.
The arguments against the newly added limitations, the bulk of which is found at the end of each independent claim necessitated new grounds of rejection; therefore, the examiner has updated the claim mapping below to address the argued claim limitations. The mapping has been updated as necessitated by the applicant amendments and the rejection is maintained.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 8-9, 14-15, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cherel et al. (US 20140136576 A1) hereinafter referred to as Cherel in view of Kundu et al. (US 20170123671 A1) hereinafter referred to as Kundu and in view of Garcia et al. (US 20170206599 A1) hereinafter referred to as Garcia in view of Allen (US 20180276401 A1) hereinafter referred to as Allen.

With respect to claim 1, Cherel discloses: A method, comprising: accessing, by a data management system including at least one processor and a memory, a set of data on a network resource, the data formed from a plurality of data elements, the plurality of data elements arranged in at least one data table, (Cherel [0032-0033] disclose data management system comprising servers 110a-110n, wherein data elements are stored in the storage systems illustrated in Fig. 1).
the at least one data table being an input data table; (the disclosed table in Cherel ¶8 are tables on which sensitive information is written, therefore interpreted as input table(s)).
identifying, by the data management system, one or more sensitive data elements within the set of data, (Cherel [0033] discloses “sensitive information detector 162” wherein Cherel [0046] discloses “the sensitive information detector identifying one or more objects in the database that are storing sensitive information”).
the one or more sensitive data elements including sensitive information related to one or more individuals; (Cherel [0005] discloses the sensitive data matter the prior art is trying to solve pertains to “database systems, sensitive information (e.g., PII) once it is no longer needed should be destroyed” wherein the Personally Identifiable Information (PII) is mapped to the information related to one or more individuals).
generating, by the data management system, a first catalogue and a second catalogue, the first catalogue including a first new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the one or more sensitive data elements, (Cherel [0031] and Fig. 1 disclose “database catalog 114a . . . 114n ” mapped to first and second catalogues. Furthermore, Cherel [0021-0022] disclose illustrated Figs. 3-4 wherein [0045-0046] explains in more details setting sensitive data identifiers and storing them in a catalog, illustrated in Figs. 3-4 illustrating the column of table associated with at least one sensitive data element. Moreover, Cherel [0073-0074] disclose creating security policies wherein “a security policy is equivalent to a level” for deletion; which is interpreted as generating a database catalog with the set identifiers and policies in each catalog as illustrated in Fig. 1).
the second catalogue including a second new data element representative of an instance of the at least one sensitive data element of the one or more sensitive data elements (Cherel [0031] and Fig. 1 disclose “database catalog 114a . . . 114n ” mapped to first and second catalogues. Furthermore, Cherel [0021-0022] disclose illustrated Figs. 3-4 wherein [0045-0046] explains in more details setting sensitive data identifiers and storing them in a catalog, illustrated in Figs. 3-4 illustrating the column of table associated with at least one sensitive data element. Moreover, Cherel [0073-0074] disclose creating security policies wherein “a security policy is equivalent to a level” for deletion; which is interpreted as generating a database catalog with the set identifiers and policies in each catalog as illustrated in Fig. 1).
tagging, by the data management system, the at least one sensitive data element within the first catalogue with a first flag based on the sensitive data elements corresponding to the first new data element (Cherel ¶42 discloses “One setting of the secure delete indicator (e.g., set to true or "1") indicates that the object contains sensitive information, and another setting of the secure delete indicator (e.g., set to false or "0") indicates that the object does not contain sensitive information.” Furthermore, Cherel claim 8 disclose “database catalog stores the indicator and a pointer to the one or more security policies for the at least one object” wherein the indicators to the sensitive data are mapped to the flags to the sensitive data within a catalogue. See also Cherel [0043]).
and tagging the instance of the at least one sensitive data element within the second catalogue with a second flag based on the sensitive data elements, (as mapped above each indicator for each object within a catalog has a Boolean/flag indicating presence of sensitive data, which is therefore interpreted as a second flag).
Cherel does not explicitly disclose a “sensitivity level” and generating a catalogue “based on the sensitivity level”.
However, Kundu in an analogous art discloses: determining, by the data management system, a sensitivity level of the one or more sensitive data elements; (Kundu [0069] discloses “identify a component sensitivity level of a component, as depicted in block 504” illustrated in Fig. 5).
generating, by the data management system, a catalogue, the catalogue including new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the sensitivity level of the one or more sensitive data elements; (Kundu illustrates in Fig. 2 generated catalogue representing sensitive data and their sensitivity level, the figure is explained in more details in Kundu paragraphs [0039 to 0044]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel generating, by the data management system, a catalogue, the catalogue including new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the sensitivity level of the one or more sensitive data elements as disclosed by Kundu in order to determine a delete mode commensurate with sensitivity level, see Kundu [0002].
Cherel does not explicitly disclose tagging the at least one sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements.
However, Garcia in an analogous art discloses: and tagging the at least one sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements corresponding to the first new data element (Garcia claim 1 discloses “a plurality of different logical levels being defined to reflect both hierarchies of the received and retrieved sensitive information and hierarchies of the one or more logical containers”. Garcia [0118] discloses, “the color of the flag being based on the highest level of flag applied to all of the financial accounts included in the online account”. [0182] discloses “higher-order rule overriding a lower-order rule. A $7,500 deposit in a bank account is not flagged, but further in the analysis workflow, a $7,500 cash advance is identified in a consumer's credit card account they have made available to the system. Not only is the cash advance in the credit card account flagged for follow-up, but also the deposit in the bank account is flagged for follow-up.” Which is interpreted that a high level new data element, the cash advance, occurring would result in tagging/flagging a deposit data element in the account. The account is mapped to a catalogue).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel by tagging the one or more sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements corresponding to the first new data element as disclosed by Garcia to provide a solution wherein tagged items can be resolved through a machine learning analysis (see Garcia [0026 and 0198]).
Cherel does not explicitly disclose: the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; and based on generating the output data table, within the output data table, propagating the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element.
However, Allen in an analogous art discloses ¶52 issue wherein one column has sensitive data which can take much computation and memory cost using old methods, However Allen discloses: the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; (Allen ¶24 “Once specific locations are determined, then application 111 can annotate the sensitive data within user interface 112. This annotation can include global or individual flagging or marking of the sensitive data.”. Furthermore, Allen ¶53 wherein the flagging process involves “referencing structural identifiers or localizers, such as sheets/rows/columns or slides/objects” therefore a first flag can reference a column and another flag to another sensitive object can reference a cell, see Allen ¶37).
generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; (Allen ¶33 and Fig. 5 illustrates “Shared DLP Service 121” generating “Sensitive Data Indicators” of the identified sensitive elements wherein the indicators comprise flags as disclosed by the prior art such as in Allen ¶75-76).
and based on generating the output data table, within the output data table, propagating the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element. (Allen ¶58 and Fig. 5 illustrates the “Sensitive Data Indicators” propagated form the “Shared DLP Service 121” to the “Application DLP 113”).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel wherein the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; and based on generating the output data table, within the output data table, propagating the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element as disclosed by Allen to reduce computation cost at time when sensitive data is actually being identified and maintain a small memory footprint (see Allen ¶52).

With respect to claim 2, Cherel in view of Kundu, Garcia and Allen disclose: The method of claim 1, wherein a sensitive data element of the one or more sensitive data elements has a first sensitivity level and represents a specified column of the at least one data table. (Kundu as illustrated in Fig. 2 column showing a 0.1 sensitivity as the overall sensitivity for data element 1 as explained in details in Kundu paragraphs [0039-0044]).

With respect to claim 3, Cherel in view of Kundu, Garcia and Allen disclose: The method of claim 1, wherein a sensitive data element of the one or more sensitive data elements has a second sensitivity level and represents a specified cell within a column of the at least one data table. (interpreted in view of applicant specifications paragraph [0025]; Kundu Fig. 2 illustrates rows of second sensitivity levels in each cell/row within the column 210).

With respect to claim 8, Cherel in view of Kundu, Garcia and Allen disclose: The method of claim 1, wherein the plurality of data elements are distributed across a plurality of data tables, (Cherel [0004] discloses in a database “PII is just one example of sensitive information, and there are other types of sensitive information (such as salary information, performance reviews, confidential product plans, etc.)”. In addition, Cherel [0008] discloses, “table T10 and table T11 are created in tablespace TS4. Assume table T10 contains sensitive information (e.g., PII)” which is interpreted that different data is stored on different databases. See also Cherel [0031-0032] and Fig. 2 showing T10 in database 210a and 210n).
the method further comprising: based on a deletion request, identifying a tag for a requested data element within the first catalogue, the tag indicating the requested data element is included in the one or more sensitive data elements of the plurality of data elements; (Cherel [0046] Fig. 4 step 402 disclose “for each of the one or more objects, the sensitive information detector sets the secure delete indicator to indicate that the object contains sensitive information and identifies one or more security policies for that object in database catalog” wherein setting the indicator is mapped to tagging of sensitive data with security policies. Wherein when a delete request is done the tagged policies are identified in order to select which deletion policy is used, as understood by the examiner from Cherel paragraph [0060]).
based on identifying the tag for the requested data element, identifying the requested data element stored in one or more data tables of the plurality of data tables; and deleting the requested data element from the one or more data tables. (Cherel [0060] discloses “the database performs secure deletion of sensitive information. In block 502, the database processes the statement. For example, if the statement is to drop a table, the table is dropped. In block 504, the database identifies objects accessed by the statement. In block 506, the database determines which, if any, of the identified objects contain sensitive information using the secure delete indicator associated with each object in the database catalog” which is interpreted based on identifying the deletion policy tagged to the sensitive data policy and identifying which object is to be deleted from a table, then the sensitive data is deleted).

With respect to claim 9, Cherel discloses: A system, comprising: one or more processors; and a computer-readable storage medium, coupled to the one or more processors, storing program instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: accessing, by a data management system including at least one processor and a memory, a set of data on a network resource, the data formed from a plurality of data elements, (Cherel [0031] discloses “multiple servers in accordance with certain embodiments. Servers 100a . . . 100n (where a and n represent positive integers) are coupled to an Enterprise Service Bus (ESB) 150. Each server 100a . . . 100n contains a database 110a . . . 110n. Each database 110a . . . 110n includes one or more tablespaces, with each tablespace storing one or more tables 112a . . . 112n. Each database 110a . . . 110n also includes a database catalog 114a . . . 114n and a database I/O layer 116a . . . 116n”. Additionally, Cherel [0033] discloses, “a security policy system 160, a sensitive information detector 162, and a Lightweight Directory Access Protocol (LDAP) system 164 are coupled to the ESB 150. Via the ESB 150, the servers 100a . . . 100n interact with the security policy system 160, the sensitive information detector 162, and the LDAP system 164. The LDAP system 164 is used to identify users of the databases and servers, and to specify what groups they are in (where the group membership is used for authorization rules used when accessing the databases and servers)”. The examiner understands from the cited paragraphs that users can access data on servers wherein the databases comprise of tablespaces and catalogues which is interpreted as data formed from a plurality of data elements. Which is additionally supported by Cherel [0140] “"comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components”).
the plurality of data elements arranged in at least one data table, (Cherel [0032-0033] disclose data management system comprising servers 110a-110n, wherein data elements are stored in the storage systems illustrated in Fig. 1).
the at least one data table being an input data table; (the disclosed table in Cherel ¶8 are tables on which sensitive information is written, therefore interpreted as input table(s)).
identifying, by the data management system, one or more sensitive data elements within the set of data, (Cherel [0033] discloses “sensitive information detector 162” wherein Cherel [0046] discloses “the sensitive information detector identifying one or more objects in the database that are storing sensitive information”).
the one or more sensitive data elements including sensitive information related to one or more individuals; (Cherel [0005] discloses the sensitive data matter the prior art is trying to solve pertains to “database systems, sensitive information (e.g., PII) once it is no longer needed should be destroyed” wherein the Personally Identifiable Information (PII) is mapped to the information related to one or more individuals).
generating, by the data management system, a first catalogue and a second catalogue, the first catalogue including a first new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the one or more sensitive data Page 4 of 15Appl. No. Reply to Office Action of elements, (Cherel [0031] and Fig. 1 disclose “database catalog 114a . . . 114n ” mapped to first and second catalogues. Furthermore, Cherel [0021-0022] disclose illustrated Figs. 3-4 wherein [0045-0046] explains in more details setting sensitive data identifiers and storing them in a catalog, illustrated in Figs. 3-4 illustrating the column of table associated with at least one sensitive data element. Moreover, Cherel [0073-0074] disclose creating security policies wherein “a security policy is equivalent to a level” for deletion; which is interpreted as generating a database catalog with the set identifiers and policies in each catalog as illustrated in Fig. 1).
the second catalogue including a second new data element representative of an instance of the at least one sensitive data element of the one or more sensitive data elements (Cherel [0031] and Fig. 1 disclose “database catalog 114a . . . 114n” mapped to first and second catalogues. Furthermore, Cherel [0021-0022] disclose illustrated Figs. 3-4 wherein [0045-0046] explains in more details setting sensitive data identifiers and storing them in a catalog, illustrated in Figs. 3-4 illustrating the column of table associated with at least one sensitive data element. Moreover, Cherel [0073-0074] disclose creating security policies wherein “a security policy is equivalent to a level” for deletion; which is interpreted as generating a database catalog with the set identifiers and policies in each catalog based on the sensitive data as illustrated in Fig. 3).
tagging, by the data management system, the at least one sensitive data element within the first catalogue with a first flag based on the one or more sensitive data elements corresponding to the first new data element (Cherel ¶42 discloses “One setting of the secure delete indicator (e.g., set to true or "1") indicates that the object contains sensitive information, and another setting of the secure delete indicator (e.g., set to false or "0") indicates that the object does not contain sensitive information.” Furthermore, Cherel claim 8 disclose “database catalog stores the indicator and a pointer to the one or more security policies for the at least one object” wherein the indicators to the sensitive data are mapped to the flags to the sensitive data within a catalogue. See also Cherel [0043]).
and tagging the instance of the at least one sensitive data element within the second catalogue with a second flag based on the one or more sensitive data elements, (as mapped above each indicator for each object within a catalog has a Boolean/flag indicating presence of sensitive data, which is therefore interpreted as a second flag).
Cherel does not explicitly disclose a “sensitivity level” and generating a catalogue “based on the sensitivity level”.
However, Kundu in an analogous art discloses: determining, by the data management system, a sensitivity level of the one or more sensitive data elements; (Kundu [0069] discloses “identify a component sensitivity level of a component, as depicted in block 504” illustrated in Fig. 5).
generating, by the data management system, a catalogue, the catalogue including new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the sensitivity level of the one or more sensitive data elements; (Kundu illustrates in Fig. 2 generated catalogue representing sensitive data and their sensitivity level, the figure is explained in more details in Kundu paragraphs [0039 to 0044]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel generating, by the data management system, a catalogue, the catalogue including new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the sensitivity level of the one or more sensitive data elements as disclosed by Kundu in order to determine a delete mode commensurate with sensitivity level, see Kundu [0002].
Cherel does not explicitly disclose tagging the at least one sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements.
However, Garcia in an analogous art discloses: and tagging the at least one sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements corresponding to the first new data element (Garcia claim 1 discloses “a plurality of different logical levels being defined to reflect both hierarchies of the received and retrieved sensitive information and hierarchies of the one or more logical containers”. Garcia [0118] discloses, “the color of the flag being based on the highest level of flag applied to all of the financial accounts included in the online account”. [0182] discloses “higher-order rule overriding a lower-order rule. A $7,500 deposit in a bank account is not flagged, but further in the analysis workflow, a $7,500 cash advance is identified in a consumer's credit card account they have made available to the system. Not only is the cash advance in the credit card account flagged for follow-up, but also the deposit in the bank account is flagged for follow-up.” Which is interpreted that a high level new data element, the cash advance, occurring would result in tagging/flagging a deposit data element in the account. The account is mapped to a catalogue).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel by tagging the one or more sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements corresponding to the first new data element as disclosed by Garcia to provide a solution wherein tagged items can be resolved through a machine learning analysis (see Garcia [0026 and 0198]).
Cherel does not explicitly disclose: the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; and based on generating the output data table, within the output data table, propagating the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element.
However, Allen in an analogous art discloses ¶52 issue wherein one column has sensitive data which can take much computation and memory cost using old methods, However Allen discloses: the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; (Allen ¶24 “Once specific locations are determined, then application 111 can annotate the sensitive data within user interface 112. This annotation can include global or individual flagging or marking of the sensitive data.”. Furthermore, Allen ¶53 wherein the flagging process involves “referencing structural identifiers or localizers, such as sheets/rows/columns or slides/objects” therefore a first flag can reference a column and another flag to another sensitive object can reference a cell, see Allen ¶37).
generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; (Allen ¶33 and Fig. 5 illustrates “Shared DLP Service 121” generating “Sensitive Data Indicators” of the identified sensitive elements wherein the indicators comprise flags as disclosed by the prior art such as in Allen ¶75-76).
and based on generating the output data table, within the output data table, propagating the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element. (Allen ¶58 and Fig. 5 illustrates the “Sensitive Data Indicators” propagated form the “Shared DLP Service 121” to the “Application DLP 113”).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel wherein the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; and based on generating the output data table, within the output data table, propagating the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element as disclosed by Allen to reduce computation cost at time when sensitive data is actually being identified and maintain a small memory footprint (see Allen ¶52).

With respect to claim 14, Cherel in view of Kundu, Garcia and Allen disclose: The system of claim 9, wherein the plurality of data elements are distributed across a plurality of data tables, (Cherel [0004] discloses in a database “PII is just one example of sensitive information, and there are other types of sensitive information (such as salary information, performance reviews, confidential product plans, etc.)”. In addition, Cherel [0008] discloses, “table T10 and table T11 are created in tablespace TS4. Assume table T10 contains sensitive information (e.g., PII)” which is interpreted that different data is stored on different databases. See also Cherel [0031-0032] and Fig. 2 showing T10 in database 210a and 210n).
the operations further comprising: based on a deletion request, identifying a tag for a requested data element within the first catalogue, the tag indicating the requested data element is included in the one or more sensitive data elements of the plurality of data elements; (Cherel [0046] Fig. 4 step 402 disclose “for each of the one or more objects, the sensitive information detector sets the secure delete indicator to indicate that the object contains sensitive information and identifies one or more security policies for that object in database catalog” wherein setting the indicator is mapped to tagging of sensitive data with security policies. Wherein when a delete request is done the tagged policies are identified in order to select which deletion policy is used, as understood by the examiner from Cherel paragraph [0060]).
based on identifying the tag for the requested data element, identifying the requested data element stored in one or more data tables of the plurality of data tables; and deleting the requested data element from the one or more data tables. (Cherel [0060] discloses “the database performs secure deletion of sensitive information. In block 502, the database processes the statement. For example, if the statement is to drop a table, the table is dropped. In block 504, the database identifies objects accessed by the statement. In block 506, the database determines which, if any, of the identified objects contain sensitive information using the secure delete indicator associated with each object in the database catalog” which is interpreted based on identifying the deletion policy tagged to the sensitive data policy and identifying which object is to be deleted from a table, then the sensitive data is deleted).

With respect to claim 15, Cherel discloses: A computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions being executable by one or more processors to cause the one or more processors to perform operations comprising: accessing, by a data management system including at least one processor and a memory, a set of data on a network resource, the data formed from a plurality of data elements, (Cherel [0031] discloses “multiple servers in accordance with certain embodiments. Servers 100a . . . 100n (where a and n represent positive integers) are coupled to an Enterprise Service Bus (ESB) 150. Each server 100a . . . 100n contains a database 110a . . . 110n. Each database 110a . . . 110n includes one or more tablespaces, with each tablespace storing one or more tables 112a . . . 112n. Each database 110a . . . 110n also includes a database catalog 114a . . . 114n and a database I/O layer 116a . . . 116n”. Additionally, Cherel [0033] discloses, “a security policy system 160, a sensitive information detector 162, and a Lightweight Directory Access Protocol (LDAP) system 164 are coupled to the ESB 150. Via the ESB 150, the servers 100a . . . 100n interact with the security policy system 160, the sensitive information detector 162, and the LDAP system 164. The LDAP system 164 is used to identify users of the databases and servers, and to specify what groups they are in (where the group membership is used for authorization rules used when accessing the databases and servers)”. The examiner understands from the cited paragraphs that users can access data on servers wherein the databases comprise of tablespaces and catalogues which is interpreted as data formed from a plurality of data elements. Which is additionally supported by Cherel [0140] “"comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components”).
the plurality of data elements arranged in at least one data table, (Cherel [0032-0033] disclose data management system comprising servers 110a-110n, wherein data elements are stored in the storage systems illustrated in Fig. 1).
the at least one data table being an input data table; (the disclosed table in Cherel ¶8 are tables on which sensitive information is written, therefore interpreted as input table(s)).
identifying, by the data management system, one or more sensitive data elements within the set of data, (Cherel [0033] discloses “sensitive information detector 162” wherein Cherel [0046] discloses “the sensitive information detector identifying one or more objects in the database that are storing sensitive information”).
the one or more sensitive data elements including sensitive information related to one or more individuals; (Cherel [0005] discloses the sensitive data matter the prior art is trying to solve pertains to “database systems, sensitive information (e.g., PII) once it is no longer needed should be destroyed” wherein the Personally Identifiable Information (PII) is mapped to the information related to one or more individuals).
generating, by the data management system, a first catalogue and a second catalogue, the first catalogue including a first new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the one or more sensitive data elements, (Cherel [0031] and Fig. 1 disclose “database catalog 114a . . . 114n ” mapped to first and second catalogues. Furthermore, Cherel [0021-0022] disclose illustrated Figs. 3-4 wherein [0045-0046] explains in more details setting sensitive data identifiers and storing them in a catalog, illustrated in Figs. 3-4 illustrating the column of table associated with at least one sensitive data element. Moreover, Cherel [0073-0074] disclose creating security policies wherein “a security policy is equivalent to a level” for deletion; which is interpreted as generating a database catalog with the set identifiers and policies in each catalog as illustrated in Fig. 1).
the second catalogue including a second new data element representative of an instance of the at least one sensitive data element of the one or more sensitive data elements; (Cherel [0031] and Fig. 1 disclose “database catalog 114a . . . 114n ” mapped to first and second catalogues. Furthermore, Cherel [0021-0022] disclose illustrated Figs. 3-4 wherein [0045-0046] explains in more details setting sensitive data identifiers and storing them in a catalog, illustrated in Figs. 3-4 illustrating the column of table associated with at least one sensitive data element. Moreover, Cherel [0073-0074] disclose creating security policies wherein “a security policy is equivalent to a level” for deletion; which is interpreted as generating a database catalog with the set identifiers and policies in each catalog as illustrated in Fig. 1).
tagging, by the data management system, the at least one sensitive data element within the first catalogue with a first flag based on the one or more sensitive data elements corresponding to the first new data element (Cherel ¶42 discloses “One setting of the secure delete indicator (e.g., set to true or "1") indicates that the object contains sensitive information, and another setting of the secure delete indicator (e.g., set to false or "0") indicates that the object does not contain sensitive information.” Furthermore, Cherel claim 8 disclose “database catalog stores the indicator and a pointer to the one or more security policies for the at least one object” wherein the indicators to the sensitive data are mapped to the flags to the sensitive data within a catalogue. See also Cherel [0043]).
and tagging the instance of the at least one sensitive data element within the second catalogue with a second flag based on the one or more sensitive data elements, (as mapped above each indicator for each object within a catalog has a Boolean/flag indicating presence of sensitive data, which is therefore interpreted as a second flag).
Cherel does not explicitly disclose a “sensitivity level” and generating a catalogue “based on the sensitivity level”.
However, Kundu in an analogous art discloses: determining, by the data management system, a sensitivity level of the one or more sensitive data elements; (Kundu [0069] discloses “identify a component sensitivity level of a component, as depicted in block 504” illustrated in Fig. 5).
generating, by the data management system, a catalogue, the catalogue including new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the sensitivity level of the one or more sensitive data elements; (Kundu illustrates in Fig. 2 generated catalogue representing sensitive data and their sensitivity level, the figure is explained in more details in Kundu paragraphs [0039 to 0044]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel generating, by the data management system, a catalogue, the catalogue including new data element representative of a column of a data table associated with at least one sensitive data element of the one or more sensitive data elements and generated based on the sensitivity level of the one or more sensitive data elements as disclosed by Kundu in order to determine a delete mode commensurate with sensitivity level, see Kundu [0002].
Cherel does not explicitly disclose tagging the at least one sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements.
However, Garcia in an analogous art discloses: and tagging the at least one sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements corresponding to the first new data element (Garcia claim 1 discloses “a plurality of different logical levels being defined to reflect both hierarchies of the received and retrieved sensitive information and hierarchies of the one or more logical containers”. Garcia [0118] discloses, “the color of the flag being based on the highest level of flag applied to all of the financial accounts included in the online account”. [0182] discloses “higher-order rule overriding a lower-order rule. A $7,500 deposit in a bank account is not flagged, but further in the analysis workflow, a $7,500 cash advance is identified in a consumer's credit card account they have made available to the system. Not only is the cash advance in the credit card account flagged for follow-up, but also the deposit in the bank account is flagged for follow-up.” Which is interpreted that a high level new data element, the cash advance, occurring would result in tagging/flagging a deposit data element in the account. The account is mapped to a catalogue).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel by tagging the one or more sensitive data elements within the catalogue based on the sensitivity level of the one or more sensitive data elements corresponding to the first new data element as disclosed by Garcia to provide a solution wherein tagged items can be resolved through a machine learning analysis (see Garcia [0026 and 0198]).
Cherel does not explicitly disclose: the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; and based on generating the output data table, propagating, within the output data table, the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element.
However, Allen in an analogous art discloses ¶52 issue wherein one column has sensitive data which can take much computation and memory cost using old methods, However Allen discloses: the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; (Allen ¶24 “Once specific locations are determined, then application 111 can annotate the sensitive data within user interface 112. This annotation can include global or individual flagging or marking of the sensitive data.”. Furthermore, Allen ¶53 wherein the flagging process involves “referencing structural identifiers or localizers, such as sheets/rows/columns or slides/objects” therefore a first flag can reference a column and another flag to another sensitive object can reference a cell, see Allen ¶37).
generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; (Allen ¶33 and Fig. 5 illustrates “Shared DLP Service 121” generating “Sensitive Data Indicators” of the identified sensitive elements wherein the indicators comprise flags as disclosed by the prior art such as in Allen ¶75-76).
and based on generating the output data table, propagating, within the output data table, the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element. (Allen ¶58 and Fig. 5 illustrates the “Sensitive Data Indicators” propagated form the “Shared DLP Service 121” to the “Application DLP 113”).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel wherein the first flag denoting a sensitive column within a data table and the second flag denoting a sensitive cell within a data table; generating an output data table from the input data table, the output data table including a subset of data elements of the plurality of data elements, the subset of data elements including at least one sensitive data element; and based on generating the output data table, within the output data table, propagating the first flag for one or more columns associated with the at least one sensitive data element and propagating the second flag for instances associated with the at least one sensitive data element as disclosed by Allen to reduce computation cost at time when sensitive data is actually being identified and maintain a small memory footprint (see Allen ¶52).

With respect to claim 20, Cherel in view of Kundu, Garcia and Allen disclose: The computer program product of claim 15, wherein the plurality of data elements are distributed across a plurality of data tables, (Cherel [0004] discloses in a database “PII is just one example of sensitive information, and there are other types of sensitive information (such as salary information, performance reviews, confidential product plans, etc.)”. In addition, Cherel [0008] discloses, “table T10 and table T11 are created in tablespace TS4. Assume table T10 contains sensitive information (e.g., PII)” which is interpreted that different data is stored on different databases. See also Cherel [0031-0032] and Fig. 2 showing T10 in database 210a and 210n).
the operations further comprising: based on a deletion request, identifying a tag for a requested data element within the first catalogue, the tag indicating the requested data element is included in the one or more sensitive data elements of the plurality of data elements; (Cherel [0046] Fig. 4 step 402 disclose “for each of the one or more objects, the sensitive information detector sets the secure delete indicator to indicate that the object contains sensitive information and identifies one or more security policies for that object in database catalog” wherein setting the indicator is mapped to tagging of sensitive data with security policies. Wherein when a delete request is done the tagged policies are identified in order to select which deletion policy is used, as understood by the examiner from Cherel paragraph [0060]).
based on identifying the tag for the requested data element, identifying the requested data element stored in one or more data tables of the plurality of data tables; and deleting the requested data element from the one or more data tables. (Cherel [0060] discloses “the database performs secure deletion of sensitive information. In block 502, the database processes the statement. For example, if the statement is to drop a table, the table is dropped. In block 504, the database identifies objects accessed by the statement. In block 506, the database determines which, if any, of the identified objects contain sensitive information using the secure delete indicator associated with each object in the database catalog” which is interpreted based on identifying the deletion policy tagged to the sensitive data policy and identifying which object is to be deleted from a table, then the sensitive data is deleted).

Claims 5-7, 11-13, and 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cherel, Kundu, Garcia and Allen as applied to claims 1-3, 8-9, 14-15, and 20 above, and further in view of Nagarajan et al. (US 20090172644 A1) hereinafter referred to as Nagarajan.

With respect to claim 5, Cherel in view of Kundu, Garcia and Allen disclose: The method of claim 1, wherein propagating the tag for the at least one sensitive data element further comprises: tagging the at least one sensitive data element within the first catalogue based on a sensitivity level of the at least one sensitive data element and inclusion of the at least one sensitive data element within the output data table. (Nagarajan [0035] discloses Fig.4 illustrating a table wherein data is tainted/tagged and tracking it in the “Tracking Thread Code” which is mapped to output table. Wherein the data could be tagged based on sensitivity level according to Nagarajan [0002]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel, Kundu, Garcia and Allen as modified above wherein propagating the tag for the at least one sensitive data element further comprises: tagging the at least one sensitive data element within the first catalogue based on a sensitivity level of the at least one sensitive data element and inclusion of the at least one sensitive data element within the output table as disclosed by Nagarajan, to perform dynamic information flow tracking efficiently (see Nagarajan [0002]).

With respect to claim 6, Cherel in view of Kundu, Garcia, Allen and Nagarajan disclose: The method of claim 5, wherein tagging the at least one sensitive data element further comprises: tagging one or more cells of a column within the second catalogue based on the sensitivity level of the at least one sensitive data element, the second catalogue associated with the output data table and the tagged one or more cells representing at least one cell within the output data table. (Nagarajan [0023] discloses “Referring now to FIG. 2, original code is shown in the left column and illustrative code the compiler 130 may generate to track operation of the original code is shown in the right column. In particular, the original code begins at line 200 with a read operations that results in data received from a spurious input channel being stored at a memory location Mem. The compiler 130 may generate flow tracking code shown at line 200 that updates a taint value associated with the memory location Mem to reflect that the data stored at the memory location Mem is tainted. As mentioned above, the compiler 130 may consider data received via input channels as spurious and therefore tainted” wherein the right column in Fig. 2 is mapped to the catalogue and the rows shown in the column are mapped to the cells; wherein as shown in the rows they are associated with the tagged data which could be tagged based on sensitivity level as recited in Nagarajan [0002]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the first and second catalogues disclosed by Cherel, Kundu, Garcia and Allen wherein tagging the at least one sensitive data element further comprises: tagging one or more cells of a column within the second catalogue based on the sensitivity level of the at least one sensitive data element, the second catalogue associated with the output data table and the tagged one or more cells representing at least one cell within the output data table as disclosed by Nagarajan, to perform dynamic information flow tracking efficiently (see Nagarajan [0002]).

With respect to claim 7, Cherel in view of Kundu, Garcia, Allen and Nagarajan disclose: The method of claim 5, wherein tagging the at least one sensitive data element within the first catalogue further comprises: tagging a column of the first catalogue based on the sensitivity level of the at least one sensitive data element, the first catalogue associated with the output data table and the tagged column representing a column within the output data table. (Kundu [0039-0044] and Fig. 2 illustrating the output column tagged with value “0.1” for sensitivity level wherein the illustrated catalogue is associated with the output as explicitly cited on the Figure 2 unit 210 title).

With respect to claim 11, Cherel in view of Kundu, Garcia and Allen disclose: The system of claim 9, wherein propagating the tag for the at least one sensitive data element further comprises: tagging the at least one sensitive data element within the first catalogue based on a sensitivity level of the at least one sensitive data element and inclusion of the at least one sensitive data element within the output data table. (Nagarajan [0035] discloses Fig.4 illustrating a table wherein data is tainted/tagged and tracking it in the “Tracking Thread Code” which is mapped to output table. Wherein the data could be tagged based on sensitivity level according to Nagarajan [0002]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel, Kundu, Garcia and Allen as modified above wherein propagating the tag for the at least one sensitive data element further comprises: tagging the at least one sensitive data element within the first catalogue based on a sensitivity level of the at least one sensitive data element and inclusion of the at least one sensitive data element within the output table as disclosed by Nagarajan, to perform dynamic information flow tracking efficiently (see Nagarajan [0002]).

With respect to claim 12, Cherel in view of Kundu, Garcia, Allen and Nagarajan disclose: The system of claim 11, wherein tagging the at least one sensitive data element further comprises: tagging one or more cells of a column within the second catalogue based on the sensitivity level of the at least one sensitive data element, the second catalogue associated with the output data table and the tagged one or more cells representing at least one cell within the output data table. (Nagarajan [0023] discloses “Referring now to FIG. 2, original code is shown in the left column and illustrative code the compiler 130 may generate to track operation of the original code is shown in the right column. In particular, the original code begins at line 200 with a read operations that results in data received from a spurious input channel being stored at a memory location Mem. The compiler 130 may generate flow tracking code shown at line 200 that updates a taint value associated with the memory location Mem to reflect that the data stored at the memory location Mem is tainted. As mentioned above, the compiler 130 may consider data received via input channels as spurious and therefore tainted” wherein the right column in Fig. 2 is mapped to the catalogue and the rows shown in the column are mapped to the cells; wherein as shown in the rows they are associated with the tagged data which could be tagged based on sensitivity level as recited in Nagarajan [0002]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the first and second catalogues disclosed by Cherel, Kundu, Garcia and Allen wherein tagging the at least one sensitive data element further comprises: tagging one or more cells of a column within the second catalogue based on the sensitivity level of the at least one sensitive data element, the second catalogue associated with the output data table and the tagged one or more cells representing at least one cell within the output data table as disclosed by Nagarajan, to perform dynamic information flow tracking efficiently (see Nagarajan [0002]).

With respect to claim 13, Cherel in view of Kundu, Garcia, Allen and Nagarajan disclose: The system of claim 11, wherein tagging the at least one sensitive data element within the first catalogue further comprises: tagging a column of the first catalogue based on the sensitivity level of the at least one sensitive data element, the first catalogue associated with the output data table and the tagged column representing a column within the output data table. (Kundu [0039-0044] and Fig. 2 illustrating the output column tagged with value “0.1” for sensitivity level wherein the illustrated catalogue is associated with the output as explicitly cited on the Figure 2 unit 210 title).

With respect to claim 17, Cherel in view of Kundu, Garcia, Allen and Nagarajan disclose: The computer program product of claim 15, wherein propagating the tag for the at least one sensitive data element further comprises: tagging the at least one sensitive data element within the first catalogue based on a sensitivity level of the at least one sensitive data element and inclusion of the at least one sensitive data element within the output data table. (Nagarajan [0035] discloses Fig.4 illustrating a table wherein data is tainted/tagged and tracking it in the “Tracking Thread Code” which is mapped to output table. Wherein the data could be tagged based on sensitivity level according to Nagarajan [0002]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Cherel, Kundu, Garcia and Allen as modified above wherein propagating the tag for the at least one sensitive data element further comprises: tagging the at least one sensitive data element within the first catalogue based on a sensitivity level of the at least one sensitive data element and inclusion of the at least one sensitive data element within the output table as disclosed by Nagarajan, to perform dynamic information flow tracking efficiently (see Nagarajan [0002]).

With respect to claim 18, Cherel in view of Kundu, Garcia, Allen and Nagarajan disclose: The computer program product of claim 17, wherein tagging the at least one sensitive data element further comprises: tagging one or more cells of a column within the second catalogue based on the sensitivity level of the at least one sensitive data element, the second catalogue associated with the output data table and the tagged one or more cells representing at least one cell within the output data table. (Nagarajan [0023] discloses “Referring now to FIG. 2, original code is shown in the left column and illustrative code the compiler 130 may generate to track operation of the original code is shown in the right column. In particular, the original code begins at line 200 with a read operations that results in data received from a spurious input channel being stored at a memory location Mem. The compiler 130 may generate flow tracking code shown at line 200 that updates a taint value associated with the memory location Mem to reflect that the data stored at the memory location Mem is tainted. As mentioned above, the compiler 130 may consider data received via input channels as spurious and therefore tainted” wherein the right column in Fig. 2 is mapped to the catalogue and the rows shown in the column are mapped to the cells; wherein as shown in the rows they are associated with the tagged data which could be tagged based on sensitivity level as recited in Nagarajan [0002]).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the first and second catalogues disclosed by Cherel, Kundu, Garcia and Allen wherein tagging the at least one sensitive data element further comprises: tagging one or more cells of a column within the second catalogue based on the sensitivity level of the at least one sensitive data element, the second catalogue associated with the output data table and the tagged one or more cells representing at least one cell within the output data table as disclosed by Nagarajan, to perform dynamic information flow tracking efficiently (see Nagarajan [0002]).

With respect to claim 19, Cherel in view of Kundu, Garcia, Allen and Nagarajan disclose: The computer program product of claim 17, wherein tagging the at least one sensitive data element within the first catalogue further comprises: tagging a column of the first catalogue based on the sensitivity level of the at least one sensitive data element, the first catalogue associated with the output data table and the tagged column representing a column within the output data table. (Kundu [0039-0044] and Fig. 2 illustrating the output column tagged with value “0.1” for sensitivity level wherein the illustrated catalogue is associated with the output as explicitly cited on the Figure 2 unit 210 title).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322. The examiner can normally be reached Mon to Fri 8:30AM - 5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/H.S.G./Examiner, Art Unit 2493                                               
                                                                                                                                                         /CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493