DETAILED ACTION

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The present office action is responsive to communications received on 4/29/2022. Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/28/2020 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Election/Restrictions
Applicant's election with traverse of Group I, claims 1-7 in the reply filed on 4/29/2022 is acknowledged.  The traversal is on the ground(s) that “the Restriction Requirement is traversed on the basis that if the search and examination of an entire application can be made without serious burden, the Examiner must examine it on the merits” (p. 8, last paragraph). This is not found persuasive because Group II and III use artificial intelligence (AI) in each of the following steps to 
determine a portion of the data that can/cannot be shared with the particular audience,
assign a confidence level to the security level categorization,
recognize industry-standard file types associated with the data,
classify received data having a combination of bits associated with text or an image or both,
categorize the data as one a plurality of predetermined security levels based on analyzed content of the classified data,
categorize the specific word or groups of words into a respective one of the plurality of security levels,
assign each of the assigned security levels a confidence level,
categorize each segment of the plurality of segments into a respective one of the plurality of security levels,
categorize the specific word or groups of words and each segment of the plurality of segments into a respective one of the plurality of security levels.

Serious search and examination burden would exist if restriction was not required because of separate classification/different field of search, such as G06N 20/00, G06N 3/00 and G06N 5/00.
The requirement is still deemed proper and is therefore made FINAL.

Claims 8-20 are withdrawn from further consideration pursuant to 37 CFR 1.142(b), as being drawn to a nonelected invention, there being no allowable generic or linking claim. Applicant timely traversed the restriction (election) requirement in the reply filed on 4/29/2022.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 7 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The rejection(s) under 35 U.S.C. 112(b) is/are determined by the following reasons:
Claim 7 recites the limitation "sharing the watermarked first data with the particular audience." There is insufficient antecedent basis for this term “the particular audience” in the claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 4 are rejected under 35 U.S.C. 103 as being unpatentable over Grzymala-Busse (US 20100024037 A1) in view of Bostick (US 20170124082 A1).

Regarding claim 1, Grzymala-Busse teaches a method, comprising:
receiving first data at a processing resource; ([0032] data aggregator 10 which obtains new data in step 110 (shown in FIG. 2) from a search agent, traffic filter or other data interface or input module)
determining at the processing resource whether the first data comprises a combination of bits associated with text or an image, or both; ([0033] Data [analogous to claim limitation “combination of bits”] is initially obtained and provided to data aggregator 10 in step 110 in a variety of different possible formats (including but not limited to: clear text, pdf's, relational database structures, zipped files, archived files, check21 data, DTMF tones, audio data and digital images) from a data interface or input module.)
comparing the combination of bits to second data stored on a memory resource or storage coupled to the processing resource via a network; ([0032] Once the data is standardized, it is sent to data parser 20 which uses parsing rules 25 (i.e. broad pattern matching via regular expressions) to look over the standardized data at step 130.)
identifying one or more words represented by the first data or one or more images represented by the first data, or both, based at least in part on the comparison; ([0032] If data parser 20 does find potentially sensitive information, the data is analyzed by an information retrieval stage 30 at step 140 to determine if the data “makes sense” (i.e. the data is compared to attributes relating to sensitive information to determine whether the data exhibits any of those attributes) in the context of being sensitive information.)
assigning to the first data first metadata representative of a first security categorization and a first ([0032]If the data does “make sense” it is scored at step 150 by security evaluator 40. The security evaluator can be set by the user to define a desired level of scrutiny. The level may depend upon the particular data source, or other prerequisites set by the user.)
transmitting, to a set of users via the network and based at least in part on the first or second security categorizations and the first or second  ([0032] If the data is scored below a preset level of scrutiny, the data is returned to its original format and pushed out to the data stream through data output mechanism 60 (step 155). If the data is scored at or above the preset level of scrutiny, the data is sent to policy enforcer 50 at step 160. In one embodiment, policy enforcer 50 will use a rule table to evaluate the score and determine whether data remediation (i.e. encryption, flagging, masking, deleting, etc.) (step 180) is necessary, or whether no remediation is required (i.e. data pass-through at step 170). In another embodiment flagged data is reviewed by a system user/operator to manually select the desired remediation option. Once any remediation is completed, the data is returned to its original format and pushed out to the data stream through data output mechanism 60 (step 190); however, with the sensitive information being flagged, masked or obfuscated, as the case may be.)

Grzymala-Busse teaches to score/classify utilizing pattern matching as well as to identify/locate/secure/remove personally identifying and other sensitive information in different data formats including clear text and digital images, but does not explicitly teach first confidence level as well as second metadata representative of a second security categorization and a second confidence level that based at least in part on the identified image or images. This aspect of the claim is identified as a difference.
However, Bostick in an analogous art explicitly teaches
assigning to the first data first metadata representative of a first security categorization and a first confidence level that is based at least in part on the identified word or words and second metadata representative of a second security categorization and a second confidence level that based at least in part on the identified image or images; ([0004] assigning confidence levels to data, including: analyzing …; comparing …; determining at least one confidence level based on the comparing; and assigning the at least one confidence level to at least one data item. [0028] The data streams 12 may include, for example, text, images, etc. (and associated metadata) posted by the entity 16 on the social media accounts 14. The analysis engine 18 may include, for example, an interest analyzer 40 and an image analyzer 42, which are configured to determine and track the content of each data stream 12 as well as the sentiment of the entity 16. The analysis engine 18 may be implemented, for example, using any suitable text analysis software, image analysis software, and/or the like. [0035] Based on this comparison, the comparison system 26 assigns confidence levels 28 at process P4 to various data items) Here Bostick discloses detailed examples of assign a higher/lower confidence level to the images in ¶31.
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “managing sensitive information” concept of Grzymala-Busse, and the “analyzing text/images and assigning confidence levels to data” approach of Bostick. One of ordinary skill in the art would have been motivated to perform such a modification to provide a measure of the accuracy/reliability of the text/images information analysis (Bostick [0016]).

Regarding claim 4, Grzymala-Busse in view of Bostick teaches all the features with respect to claim 1, as outlined above. The combination further teaches determining a sharing status of the first data based at least in part on the comparison of the combination of bits to the second data, the first confidence level, and the second confidence level. ([Grzymala-Busse 0032] If data parser 20 does find potentially sensitive information, the data is analyzed by an information retrieval stage 30 at step 140 to determine if the data “makes sense” (i.e. the data is compared to attributes relating to sensitive information to determine whether the data exhibits any of those attributes) in the context of being sensitive information. If the data is scored below a preset level of scrutiny, the data is returned to its original format and pushed out to the data stream through data output mechanism 60 (step 155). If the data is scored at or above the preset level of scrutiny, the data is sent to policy enforcer 50 at step 160. In one embodiment, policy enforcer 50 will use a rule table to evaluate the score and determine whether data remediation (i.e. encryption, flagging, masking, deleting, etc.) (step 180) is necessary, or whether no remediation is required (i.e. data pass-through at step 170). In another embodiment flagged data is reviewed by a system user/operator to manually select the desired remediation option. Once any remediation is completed, the data is returned to its original format and pushed out to the data stream through data output mechanism 60 (step 190); however, with the sensitive information being flagged, masked or obfuscated, as the case may be.) Here reference Grzymala-Busse discloses sharing status based on comparison and level of scrutiny. Reference Bostick discloses level of scrutiny being confidence levels for text/images. Therefore the combination discloses the entire limitation.

Claims 2-3 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Grzymala-Busse (US 20100024037 A1) in view of Bostick (US 20170124082 A1) and Borkar (US 20200143016 A1).

Regarding claim 2, Grzymala-Busse in view of Bostick teaches all the features with respect to claim 1, as outlined above. But the combination does not teach assigning to the first data third metadata representative of one of a plurality of predetermined security levels that is based at least in part on the identified word or words, the identified image or images, or both. This aspect of the claim is identified as a difference.
However, Borkar in an analogous art explicitly teaches 
assigning to the first data third metadata representative of one of a plurality of predetermined security levels that is based at least in part on the identified word or words, the identified image or images, or both. ([0148-0149] provide policies to classify data accessed from a network application into classifications or categories (e.g., levels of confidentiality and/or sensitivity), such as strictly confidential, confidential, internal and public data [analogous to claim limitation “third metadata representative of one of a plurality of predetermined security levels”]. In some embodiments, the embedded browser may automatically classify and protect documents based on the content within the document. For instance, if there is personally identifiable information (such as credit card information) [analogous to claim limitation “identified word or words”] in a document, the embedded browser may automatically encrypt the document (including watermarking the document) when the document is generated, provided or downloaded, for instance. The originator of the document may also tag such a document based on the sensitive information in the document.)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “managing sensitive information” concept of Grzymala-Busse, and the “classification of content” approach of Borkar. One of ordinary skill in the art would have been motivated to perform such a modification to protect documents based on the content within the document. Thus, enterprises may classify, label and protect their content, so as to prevent data loss and data leakage (Borkar [0149-0150]).

Regarding claim 3, Grzymala-Busse in view of Bostick and Borkar teaches all the features with respect to claim 2, as outlined above. The combination further teaches assigning fourth metadata to the one of the plurality of predetermined security levels that is based at least in part on the identified word or words, the identified image or images, or both. ([Borkar 0148-0149] provide policies to classify data accessed from a network application into classifications or categories (e.g., levels of confidentiality and/or sensitivity), such as strictly confidential, confidential, internal and public data [analogous to claim limitation “fourth metadata to the one of the plurality of predetermined security levels”]. In some embodiments, the embedded browser may automatically classify and protect documents based on the content within the document. For instance, if there is personally identifiable information (such as credit card information) [analogous to claim limitation “identified word or words”] in a document, the embedded browser may automatically encrypt the document (including watermarking the document) when the document is generated, provided or downloaded, for instance. The originator of the document may also tag such a document based on the sensitive information in the document.)

Regarding claim 7, Grzymala-Busse in view of Bostick teaches all the features with respect to claim 4, as outlined above. Grzymala-Busse in view of Bostick and Borkar further teaches wherein responsive to the sharing status indicating the first data can be shared: ([Borkar 0149] automatically classify and protect documents based on the content within the document.)
watermarking the first data; and sharing the watermarked first data with the particular audience. ([Borkar 0149] automatically encrypt the document (including watermarking the document) when the document is generated, provided or downloaded, for instance.) Here Borkar discloses “the particular audience” by reciting “The level of sensitivity/confidentiality may correspond to availability of the content to particular users or personnel within the enterprise (such as management only, or management and people working on a particular project, or only people in a particular department working on a particular project, etc.)” (¶171).

Allowable Subject Matter
Claims 5-6 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

The following is a statement of reasons for the indication of allowable subject matter:
In interpreting the currently amended claims, in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.

Grzymala-Busse (US 20100024037 A1) teaches sharing status by identifying sensitive information and quarantining or removing same. Sharing status determines whether data remediation (i.e. encryption, flagging, masking, deleting, etc.) is necessary, or whether no remediation is required (i.e. data pass-through).

Borkar (US 20200143016 A1) teaches sharing status (classification of content, such as top secret, secret, strictly confidential, confidential, strongly sensitive, sensitive, proprietary, internal (or not for distribution outside of the enterprise), subject to attorney-client privilege, public, etc.) with particular audience (such as management only, or management and people working on a particular project, or only people in a particular department working on a particular project, etc.)

The prior art of record fails to teach or suggest, individually or in combination, each and every limitation of the claimed invention as a whole. For example, Grzymala-Busse and Borkar in combination do not disclose “updating the memory resource with sharing status (can be shared, cannot be shared, approval decision from administrator responsive to undetermined sharing status)” as well as “notifying sender responsive to sharing status indicating that data can/cannot be shared, notifying sender of results of the requested approval responsive to undetermined sharing status”, within the context of the claimed invention as a whole, as recited in claims 5-6.
Thus, the Examiner finds that the prior art does not provide sufficient teaching or motivation for anticipating or rendering obvious, within the claimed invention as a whole, without the usage of impermissible hindsight reasoning.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20200082111 A1, "Security Application for Data Security Formatting, Tagging and Control", by Leemet, teaches that a security program is configured to intercept disk (I/O) operations that read/write from/to disk. This allows the security program to confirm and control access to data based on security rules. Further, the security program can categorize data based on security rules and then format and store data on disk in a format that prevents access by application(s) of the computer. The security program is further configured to re-format data to be accessible by the application in a format accessible by the application(s) when a request to access the data complies with security rules.
US 20050138110 A1, "Data security system and method with multiple independent levels of security", by Redlich, teaches securing data, and particularly security sensitive words, characters or data objects in the data, in a computer system with multiple independent levels of security (MILS). Each level of MILS has a computer sub-network with networked workstations. The MILS sub-networks are connected together via security guard computer(s) and each guard computer has separate memories for each level. The method extracts the security sensitive words/data (a granular action), from the source document for each MILS level, stores the extracted data in a corresponding extract store for each level and permits reconstruction/reassembly of the dispersed data via said extracted data at each said level of said multiple security levels and remainder data only in the presence of a predetermined security clearance commensurate with each MILS level.
US 20030189603 A1, "Assignment and use of confidence levels for recognized text", by Goyal, teaches organizing and prioritizing recognized text, categorizing recognized text according to confidence levels in the correctness of the recognized text.
US 20220043935 A1, "Data processing systems and methods for automatically redacting unstructured data from a data subject access request", by Brannon, teaches redacting analyzing unstructured data in a request for data associated with a data subject to determine whether the unstructured data is relevant to the request. The relevancy of pieces of the unstructured data may be determined by determining a categorization for each such piece of unstructured data and comparing them to known personal data associated with the data subject having the same categorization. Pieces of the unstructured data that do not match known personal data having the same categorization are redacted from the request before the request is processed. Moreover, analyzing the unstructured data comprises: determining a first confidence score for the first categorization and a second confidence score for the second categorization; determining the first categorization for the first piece of the unstructured data based on the first confidence score; and determining the second categorization for the second piece of the unstructured data based on the first confidence score.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638.  The examiner can normally be reached on Monday to Friday, 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HAN YANG/Examiner, Art Unit 2493