DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to amendment filed on June 30, 2022. 
Claims 1, 4, 8, 10, 12, 19, and the specification have been amended. 
Claims 2 and 13 are canceled.
No new claims have been added.
The objections and rejections from the prior correspondence that are not restated herein are withdrawn.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on May 15, 2020, March 19, 2021, March 30, 2021, June 14, 2021, October 4, 2021, November 19, 2021, and April 25, 2022 are in compliance with the provisions of 37 CFR 1.97 and have been considered by the examiner.

Response to Arguments
Applicant's arguments filed on June 30, 2022 have been fully considered but are not persuasive. Applicant argues that AMIT does not teach “a metadata management system external and remote to a plurality of data storage systems,” “identifying by the external metadata management set an electronic data candidate data set residing on at least one of the plurality of data storage systems on which at least one security action should be performed,” and “identifying at least one security action to perform on the identified data candidate set residing on the at least one of the plurality of data storage systems.”
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). It should be noted that the combination of CORREL and AMIT (see CORREL [0018-0019], [0022], Fig. 1, and AMIT C5:L46-59, C6:L4-29 & L40-54, claim 1, and Fig. 2-9) teaches the above limitations as outlined in the rejections below.
Applicant also argues that AMIT does not teach: 
identifying, by the external metadata management system using information included in the external metadata management system, a candidate data set residing on at least one of the plurality of data storage systems on which at least one security action should be performed, 
wherein the at least one security action comprises at least one of a group consisting of: encryption; redaction; application of access controls; application of dissemination controls; inclusion and/or exclusion of partitions, folders, files, file extensions or other divisions of information; specifying encryption protocols and/or levels for encryption; applying and/or configuring operating system protection rules; applying and/or configuring user authentication and/or access recovery mechanisms; applying and/or configuring device usage controls; auditing of system and/or user behavior; applying and/or configuring firewall rules; applying and/or configuring rules regarding anti-virus, anti-spam, and/or anti-spyware; applying and/or configuring rules regarding provisioning, management, and/or integration of third-party applications; and combinations thereof;
implementing, in response to identifying the at least one security action, the at least one identified security action on the identified candidate data set residing on the at least one of the plurality of data storage systems.

The Examiner respectfully disagrees. AMIT C5:L46-59 teach examining metadata of data contained in data storage system 210 and determining whether or not to replicate the data contained in the data storage system 210 based on permissions derived by examining metadata, where CORREL [0018-0019] above teach metadata cluster 2 managing a global namespace referencing files stored in user data storage systems 8b-n; see also AMIT C6:L4-29 & L40-54, claim 1, and Fig. 2-9. AMIT C4:L10-33 also teach sensitive data may be replicated to a private cloud based on metadata or encrypted with a different security encryption algorithm of different strength. Therefore, CORREL in view of AMIT still teaches the newly added limitations as outlined in the rejections below.

Claim Objections
Regarding claim 15, the claim is objected to because the claim recites the limitation “the metadata management system” in lines 4-5, where it is ambiguous as to whether “the metadata management system” refers to the external metadata management system in claim 1. For purposes of examination, the Examiner construes the limitation to mean “the external metadata management system.”
Regarding claim 19, the claim is objected to because the claim recites the limitation “the metadata management system” in lines 5 and 6-7, where it is ambiguous as to whether “the metadata management system” refers to the external metadata management system in claim 1. For purposes of examination, the Examiner construes the limitations in lines 5 and 6-7 to mean “the external metadata management system.”
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-6, 10, 12, 14-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over CORREL (Pub No.: US 2007/0038822 A1), hereafter CORREL, in view of AMIT (Pub. No.: US 10,152,384 B1), hereafter AMIT.
Regarding claim 1, CORREL teaches:
A method of performing a security action on electronic data residing on an electronic data storage system comprising: maintaining an external metadata management system remote from and in communication with a plurality of electronic data storage systems (see CORREL [0018] & Fig. 1 storage systems 8a-n, network 14, and metadata cluster 2),
wherein each electronic data storage system stores electronic data and comprises one or more processors having circuitry and logic for performing calculations and logic operations (CORREL [0018] teaches global namespace referencing files stored in user data storage systems, and [0021] teaches storage system 8a-n including storage subsystems 30 that manage access to volumes configured in the storage devices 32, where [0038] teaches code or logic implemented in tangible medium comprising hardware logic, which includes integrated circuit chip and ASICs; [0022] also teaches user storage systems 8b-n storing the user data in the filesets managed by the metadata cluster 2),
and wherein the metadata management system comprises one or more metadata processors having circuitry and logic for performing calculations and logic operations (CORREL [0018] teaches metadata cluster 2 includes metadata engines that include metadata server programs to manage a global namespace referencing files, where [0038] teaches code or logic implemented in tangible medium comprising hardware logic, which includes integrated circuit chip and ASICs);
operating the external metadata management system to store metadata corresponding to the electronic data residing on the plurality of data storage systems (CORREL [0018-0019] teach metadata cluster 2 manages a global namespace referencing files stored in user data storage systems 8b-n, where each metadata engine may be assigned to handle particular file sets in the global namespace such that the workload of the global namespace is distributed across the metadata engines, and the metadata server performs the global namespace management operations and maintains file metadata comprising information on the file sets; [0022] teaches the user storage systems store the user data in the file sets managed by the metadata cluster 2, and metadata servers implement a global namespace implementing a distributed file system comprised of a plurality of file sets that map to storage locations in the user storage systems; [0050] teaches file sets and metadata are maintained in separate storage systems over a network).
CORREL does not appear to explicitly teach identifying, by the external metadata management system using information included in the external metadata management system, a candidate data set residing on at least one of the plurality of data storage systems on which at least one security action should be performed, wherein the at least one security action comprises at least one of a group consisting of: encryption; redaction; application of access controls; application of dissemination controls; inclusion and/or exclusion of partitions, folders, files, file extensions or other divisions of information; specifying encryption protocols and/or levels for encryption; applying and/or configuring operating system protection rules; applying and/or configuring user authentication and/or access recovery mechanisms; applying and/or configuring device usage controls; auditing of system and/or user behavior; applying and/or configuring firewall rules; applying and/or configuring rules regarding anti-virus, anti-spam, and/or anti-spyware; applying and/or configuring rules regarding provisioning, management, and/or integration of third-party applications; and combinations thereof; in response to identifying the candidate data set residing on the at least one of the plurality of data storage systems on which at least one security action should be performed, identifying the at least one security action that should be performed on the identified candidate data set; and implementing, in response to identifying the at least one security action, the at least one identified security action on the identified candidate data set residing on the at least one of the plurality of data storage systems.
However, CORREL in view of AMIT teaches identifying, by the external metadata management system using information included in the external metadata management system, a candidate data set residing on at least one of the plurality of data storage systems on which at least one security action should be performed (AMIT C5:L46-59 teach examining metadata of data contained in data storage system 210 and determining whether or not to replicate the data contained in the data storage system 210 based on permissions derived by examining metadata, where CORREL [0018-0019] above teach metadata cluster 2 managing a global namespace referencing files stored in user data storage systems 8b-n; see also AMIT C6:L4-29 & L40-54, claim 1, and Fig. 2-9),
wherein the at least one security action comprises at least one of a group consisting of: encryption; redaction; application of access controls; application of dissemination controls; inclusion and/or exclusion of partitions, folders, files, file extensions or other divisions of information; specifying encryption protocols and/or levels for encryption; applying and/or configuring operating system protection rules; applying and/or configuring user authentication and/or access recovery mechanisms; applying and/or configuring device usage controls; auditing of system and/or user behavior; applying and/or configuring firewall rules; applying and/or configuring rules regarding anti-virus, anti-spam, and/or anti-spyware; applying and/or configuring rules regarding provisioning, management, and/or integration of third-party applications; and combinations thereof (see AMIT C5:L46-59, C6:L4-29 & L40-54, claim 1, and Fig. 2-9 above for replicating data based on metadata (i.e. access recovery mechanisms); C4:L10-33 also teach sensitive data may be replicated to a private cloud based on metadata or encrypted with a different security encryption algorithm of different strength);
in response to identifying the candidate data set residing on the at least one of the plurality of data storage systems on which at least one security action should be performed, identifying the at least one security action that should be performed on the identified candidate data set (see AMIT C5:L46-59, C6:L4-29 & L40-54, claim 1, and Fig. 2-9, where metadata associated with data is examined and determined to replicate the data to public or private cloud, where CORREL [0018-0019] above teach metadata cluster 2 managing a global namespace referencing files stored in user data storage systems 8b-n);
implementing, in response to identifying the at least one security action, the at least one identified security action on the identified candidate data set residing on the at least one of the plurality of data storage systems (see AMIT C5:L46-59, C6:L4-29 & L40-54, claim 1, Fig. 2-9, and CORREL [0018-0019] above).
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of CORREL and AMIT before them, to include AMIT’s data replication based on metadata in CORREL’s distributed storage system. One would have been motivated to make such a combination in order to provide practical data protection without requiring manual creation of copies of selected files as taught by AMIT (C1:L31-37).
Regarding claim 12, the claim recites similar limitation as corresponding claim 1 and is rejected for similar reasons as claim 1 using similar teachings and rationale. CORREL also teaches A non-transitory computer readable medium comprising programming instructions that when executed cause a processor (see CORREL [0038]).
Regarding claim 3, CORREL in view of AMIT teaches the elements of claim 2 as outlined above. CORREL in view of AMIT also teaches:
wherein the at least one security action comprises encryption of the candidate data set (AMIT claim 1 teaches sensitive data being encrypted using a different strength encryption than the general data and the common data). 
The same motivation that was utilized for combining CORREL and AMIT as set forth in claim 1 is equally applicable to claim 3.
Regarding claim 4, CORREL in view of AMIT teaches the elements of claim 1 as outlined above. CORREL in view of AMIT also teaches:
wherein identifying the at least one security action comprises: extracting one or more facets of the candidate data set stored with the metadata in the external metadata management system; and using the one or more facets to identify the at least one security action (AMIT C6:L40-54 teach examining metadata of data contained in data storage system and determining whether or not the replicate the data contained in the data storage system to either private cloud or public cloud; C4:L44-55 also teach files with a metadata security level greater than a threshold may be replicated, and metadata may limit replication based on permissions to certain files in the file system; see also claim 1).
The same motivation that was utilized for combining CORREL and AMIT as set forth in claim 1 is equally applicable to claim 4.
Regarding claim 5, CORREL in view of AMIT teaches the elements of claim 4 as outlined above. CORREL in view of AMIT also teaches:
wherein the extracted one or more facets are identified by performing data analytics on the candidate data set (AMIT C4:L18-34 teach subsets of data may be portion of the data marked as sensitive data, common data, or general data, and sensitive data may be replicated to a private cloud based on metadata, and common & general data may be replicated to a public cloud based on metadata, where the subsets of data would need to be checked/analyzed to determine the subsets of data marked as sensitive, common, or general data; see also claim 1). 
The same motivation that was utilized for combining CORREL and AMIT as set forth in claim 1 is equally applicable to claim 5.
Regarding claim 6, CORREL in view of AMIT teaches the elements of claim 4 as outlined above. CORREL in view of AMIT also teaches:
wherein the extracted one or more facets are identified by performing data analytics on at least one component of metadata corresponding to the candidate data set (see AMIT C6:L40-54 & C4:L44-55 as taught above in reference to claim 4). 
The same motivation that was utilized for combining CORREL and AMIT as set forth in claim 1 is equally applicable to claim 6.
Regarding claim 10, CORREL in view of AMIT teaches the elements of claim 1 as outlined above. CORREL in view of AMIT also teaches:
identifying a security level associated with the candidate data set based on at least one of a group consisting of: one or more facets extracted from the candidate data set and stored with the metadata in the external metadata management system, one or more facets extracted from metadata associated with the candidate data set and stored with the metadata in the external metadata management system, one or more custom tags corresponding to metadata associated with the candidate data set, and combinations thereof; and using the security level to identify the at least one security action (AMIT C4:L18-34 teach subsets of data may be portion of the data marked as sensitive data, common data, or general data, and sensitive data may be replicated to a private cloud based on metadata, and common & general data may be replicated to a public cloud based on metadata, where sensitive data is encrypted using a different strength encryption than the general data and the common data; see also claim 1).
The same motivation that was utilized for combining CORREL and AMIT as set forth in claim 1 is equally applicable to claim 10.
Regarding claim 14, the claim recites similar limitation as corresponding claim 3 and is rejected for similar reasons as claim 3 using similar teachings and rationale.
Regarding claim 15, the claim recites similar limitation as corresponding claim 4 and is rejected for similar reasons as claim 4 using similar teachings and rationale.
Regarding claim 16, the claim recites similar limitation as corresponding claim 5 and is rejected for similar reasons as claim 5 using similar teachings and rationale.
Regarding claim 17, the claim recites similar limitation as corresponding claim 6 and is rejected for similar reasons as claim 6 using similar teachings and rationale.
Regarding claim 19, the claim recites similar limitation as corresponding claim 10 and is rejected for similar reasons as claim 10 using similar teachings and rationale.

Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over CORREL in view of AMIT as applied to claims 1 and 12 above, and further in view of PEPPER (Pub. No.: US 2009/0119576 A1), hereafter PEPPER.
Regarding claim 7, CORREL in view of AMIT teaches the elements of claim 1 as outlined above. CORREL in view of AMIT also teaches:
wherein identifying the at least one security action comprises: identifying one or more […] metadata corresponding to the candidate data set; and using the one or more […] metadata to identify the at least one security action (see AMIT C5:L46-59, C6:L4-29 & L40-54, claim 1, and Fig. 2-9 as taught above in reference to claim 1).
CORREL in view of AMIT does not appear to explicitly teach identifying one or more custom tags for metadata.
However, PEPPER teaches the limitation (PEPPER [0048-0049] teach using custom tag fields to facilitate metadata organization and searching, creating additional dimensions of metadata/metadata relationship, where the custom tag is used to pinpoint the location of the metadata container; [0010] also teaches the metadata containers may be organized for searching the custom tags).
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of CORREL, AMIT, and PEPPER before them, to include PEPPER’s custom tags in CORREL and AMIT’s distributed storage system with metadata. One would have been motivated to make such a combination in order to improve metadata organization and searching as taught by PEPPER ([0010] & [0048-0049]).
Regarding claim 18, the claim recites similar limitation as corresponding claim 7 and is rejected for similar reasons as claim 7 using similar teachings and rationale.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over CORREL in view of AMIT as applied to claim 1 above, and further in view of RIESER (Pub. No.: US 2019/0190921 A1), hereafter RIESER.
Regarding claim 8, CORREL in view of AMIT teaches the elements of claim 1 as outlined above. CORREL in view of AMIT also teaches:
wherein identifying the candidate data set residing on at least one of the plurality of data storage systems on which at least one security action should be performed comprises […] selecting the candidate data set using metadata stored in the external metadata management system (see AMIT C5:L46-59, C6:L4-29 & L40-54, claim 1, and Fig. 2-9 as taught above in reference to claim 1). 
CORREL in view of AMIT does not appear to explicitly teach receiving a query from a user that includes one or more rules for selecting the candidate data set.
However, RIESER teaches the limitation (RIESER [0023] teaches receiving from the user data filter criteria entered by the user, and adding the data filter criteria to the analytic request; see also [0174-0175]).
Accordingly, it would have been obvious to a person having ordinary skill in the art at the time of the effective filing of the invention, having the teachings of CORREL, AMIT, and RIESER before them, to modify CORREL and AMIT’s distributed storage system with metadata receiving user data filter criteria as taught by RIESER. Using the known technique of receiving from the user data filter criteria entered by the user to provide the predictable result of a user specifying data filter criteria in CORREL and AMIT would have been obvious to a person having ordinary skill in the art, since a person having ordinary skill in the art would recognize that CORREL and AMIT was ready for improvement to incorporate the receiving from the user data filter criteria entered by the user as taught by RIESER.

Claims 9, 11, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over CORREL in view of AMIT as applied to claims 1 and 12 above, and further in view of HUANG (Pub. No.: US 2016/0371500 A1), hereafter HUANG.
Regarding claim 9, CORREL in view of AMIT teaches the elements of claim 1 as outlined above. CORREL in view of AMIT also teaches:
wherein identifying the candidate data set residing on at least one of the plurality of data storage systems on which at least one security action should be performed comprises identifying the candidate data set based on metadata received (see AMIT C5:L46-59, C6:L4-29 & L40-54, claim 1, and Fig. 2-9 as taught above in reference to claim 1, where metadata associated with data is examined and determined to replicate the data to public or private cloud). 
CORREL in view of AMIT does not appear to explicitly teach identifying the candidate data set… in response to a data operation event performed on the candidate data set.
However, CORREL in view of AMIT and HUANG teaches the limitation (HUANG [0039] teaches detecting a condition or set of conditions that indicate that the computing device has become subject or susceptible to an unauthorized access, where [0038] teaches the data protection response may comprise deleting the sensitive data, generating an alert when the sensitive data is accessed, or disabling a sensitive file from being opened).
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of CORREL, AMIT, and HUANG before them, to include HUANG’s data protection response in CORREL and AMIT’s distributed storage system with metadata. One would have been motivated to make such a combination in order to further improve protecting sensitive data from unauthorized access as taught by HUANG ([0002-0003]).
Regarding claim 11, CORREL in view of AMIT teaches the elements of claim 1 as outlined above. CORREL in view of AMIT does not appear to explicitly teach:
receiving a real-time alert comprising a threat to the at least one security action; and identifying at least one remedial action for countering the threat.
However, CORREL in view of AMIT and HUANG teaches the limitation (HUANG [0039] teaches detecting a condition or set of conditions that indicate that the computing device has become subject or susceptible to an unauthorized access, where [0038] teaches the data protection response may comprise deleting the sensitive data, generating an alert when the sensitive data is accessed, or disabling a sensitive file from being opened).
Accordingly, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention, having the teachings of CORREL, AMIT, and HUANG before them, to include HUANG’s data protection response in CORREL and AMIT’s distributed storage system with metadata. One would have been motivated to make such a combination in order to further improve protecting sensitive data from unauthorized access as taught by HUANG ([0002-0003]).
Regarding claim 20, the claim recites similar limitation as corresponding claim 11 and is rejected for similar reasons as claim 11 using similar teachings and rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
JUNG (Pub. No.: US 2017/0220487 A1) – “SYSTEM-ON-CHIPS AND OPERATION METHODS THEREOF” relates to identifying range characteristics based on address and level table, and performing encryption based on the identified range characteristic.
KITAMURA (Pub. No.: US 2011/0167277 A1) – “PROCESSING DEVICE, PROCESSING SYSTEM AND CONTROL METHOD FOR PROCESSING DEVICE” relates to determining an encryption level according to an attribute of obtained data using a correspondence table.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW J CHEONG whose telephone number is (571)270-3779.  The examiner can normally be reached on Monday through Friday from 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tim Vo can be reached on 571-272-3642.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ANDREW J CHEONG/Primary Examiner, Art Unit 2138