Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are pending.
Information Disclosure Statement PTO-1449 
	The Information Disclosure Statement submitted by applicant on 08-19-2020 has been considered. Please see attached PTO-1449. 
EXAMINER’S AMENDMENT
	The application has been amended as follows: 
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with applicant’s attorney Mr. Ryan Odessa (Reg. No. 7991),  on 08-11-2022 .

	Claims are amended as follows:
1.	(Currently Amended) A non-transitory computer-readable storage medium having computer-readable code stored thereon for programming one or more processors to perform steps of:
presenting a user interface and receiving an expression including one or more Data Loss Prevention (DLP) dictionaries, a corresponding threshold for comparison, and a selection of one or more logical operators;
obtaining [[an]] the expression including the one or more DLP dictionaries, the corresponding threshold for comparison, and the selection of one or more logical operators via the user interface for a DLP  engine;
storing the expression in a database associated with a DLP service;
evaluating the one or more DLP dictionaries to a score for comparison with the corresponding threshold, wherein the one or more logical operators are used to combine the evaluation of the one or more DLP dictionaries;
monitoring traffic from one or more users;
evaluating the traffic using the DLP engine and the expression; and
determining a DLP trigger based on a result of the expression that is a logical TRUE.

2.	(Canceled) 

3.	(Currently Amended) The non-transitory computer-readable storage medium of claim [[2]] 1, wherein the user interface includes a tree having one or more levels, and wherein the steps further include
presenting an expression preview as the selection is received.

10.		(Currently Amended) A method comprising:
presenting a user interface and receiving an expression including one or more Data Loss Prevention (DLP) dictionaries, a corresponding threshold for comparison, and a selection of one or more logical operators;
obtaining [[an]] the expression including the one or more DLP dictionaries, the corresponding threshold for comparison, and the selection of one or more logical operators via the user interface for a DLP  engine;
storing the expression in a database associated with a DLP service;
evaluating the one or more DLP dictionaries to a score for comparison with the corresponding threshold, wherein the one or more logical operators are used to combine the evaluation of the one or more DLP dictionaries;
monitoring traffic from one or more users;
evaluating the traffic using the DLP engine and the expression; and
determining a DLP trigger based on a result of the expression that is a logical TRUE.

11.	(Canceled)

12.	(Currently Amended) The method of claim [[11]] 10, wherein the user interface includes a tree having one or more levels, and further comprising
presenting an expression preview as the selection is received.

19.		(Currently Amended) A cloud-based system comprising:
a plurality of enforcement nodes each including a micro-processor and a memory connected to one another; 
a central authority connected to the plurality of enforcement nodes; and
a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service is configured to:
present a user interface and receive an expression including one or more Data Loss Prevention (DLP) dictionaries, a corresponding threshold for comparison, and a selection of one or more logical operators;
obtain [[an]] the expression including the one or more DLP dictionaries, the corresponding threshold for comparison, and the selection of one or more logical operators via the user interface for a DLP  engine;
store the expression in a database associated with [[a]] the DLP service;
evaluate the one or more DLP dictionaries to a score for comparison with the corresponding threshold, wherein the one or more logical operators are used to combine the evaluation of the one or more DLP dictionaries;
monitor traffic from one or more users;
evaluate the traffic using the DLP engine and the expression; and
determine a DLP trigger based on a result of the expression that is a logical TRUE.

Allowable Subject Matter
	Claims 1, 3-10, 12-20 are allowed.
The following is an examiner’s statement of reasons for allowance:
	The prior art Conikee et al. (US Publication No. 2019/0171846) of record discloses, a system and method for monitoring and protecting sensitive data that includes identifying sensitive data and statically tracking sensitive data using data flow analysis across a code base, monitoring flow of the data during application runtime, and responding to vulnerabilities according to a sensitive data characterization of the data. Identifying sensitive data includes processing a semantic description of the data in the application code and characterizing the sensitive data. Monitoring flow of the data includes: identifying and characterizing sensitive data through data usage, updating
the characterization for the sensitive data through data usage, and enforcing security measures on the data according to the sensitive data characterization of the data.
	The prior art  Brisebois et al. (US Publication No. 2017/0329972) of record discloses, systems and techniques for assessing a risk associated with a data loss prevention (DLP) policy violation are described. Characteristics of data associated with the DLP policy violation and user information associated with a participant associated with the DLP policy violation may be determined. An expertise and a position of the participant may be determined and correlated with the one or more characteristics of the data to determine a risk assessment associated with the DLP policy violation. After determining that the risk assessment satisfies a threshold, a subject matter expert may be determined based on the characteristics of the data, and an alert may be sent to the subject matter expert requesting review of the DLP policy violation.
	The prior art Hastings et al. (US Patent No. 9,197,628) of record discloses,  methods and systems for Data Leak Prevention (DLP) in a private network. According to one embodiment, information is received from a network administrator defining a DLP rule to be applied to packets associated with an upper layer protocol and defining an action to take when one or more conditions associated with the DLP rule are satisfied. The DLP rule is defined in terms of a regular expression and/or a string that are configured to detect existence of one or more forms of sensitive information carried by the packets. A packet originated by a host device within the private network is received and determined to be associated with the upper layer protocol. The received packet is scanned for sensitive information by applying the DLP rule to one or more fields of the command, request or method. When the scanning results in a conclusion that the sensitive information is contained within the received packet, then the defined action is performed.
	The prior art Kabat et al. (US Publication No. 2014/0020045) of record discloses, systems and/or methods for deploying and implementing data loss prevention (DLP) policy definition. In one embodiment, DLP policies may be identified by an organization to run on top of a set of electronic file systems. Organizations and their administrators may implement a set of DLP policy instance which are derived from DLP policy templates. DLP policy templates may comprise both structure and meaning--and may acquire a given DLP policy by the replacement of parameterized expressions with desired parameter values. In another embodiment, the state of the DLP policy instance may change according to the lifecycle of the policy instance deployment.
	The prior art Satish et al. (US Patent No. 8,250,085) of record discloses, a
method and system for improving data loss prevention via cross leveraging fingerprints of protected data is described. In one embodiment, fingerprints of sensitive data of multiple organizations are shared across data loss prevention (DLP) systems of these organizations. A DLP system of each organization monitors information content associated with this organization to detect sensitive data of other organizations, and notifies one or more users within the organization upon detecting sensitive data of other organizations. In addition, a report of external data loss detection is provided to users
within an organization whose sensitive data is detected in information content of the other organizations.
	The prior art Torney et al. (US Patent No. 9,111,069) of record discloses, a method and apparatus for detection of DLP violations with language detection. A DLP product may monitor data content associated with the computing system, and identify a language of the data content. Based on the identified language, the DLP product identifies from among multiple DLP policies a first set of one or more DLP policies that are applicable for the identified language (referred to herein as language-specific DLP policies). The DLP product scans the data content using the first set to detect a violation of one of the DLP policies in the data content, and performs a DLP action in response to the detected violation.
However, prior arts taken singly or in combination, fail to anticipate or render, receiving an expression including one or more Data Loss Prevention (DLP) dictionaries, a corresponding threshold for comparison, and a selection of one or more logical operators; obtaining the expression including the one or more DLP dictionaries, the corresponding threshold for comparison, and the selection of one or more logical operators via the user interface for a DLP engine; evaluating the one or more DLP dictionaries to a score for comparison with the corresponding threshold, wherein the one or more logical operators are used to combine the evaluation of the one or more DLP dictionaries; determining a DLP trigger based on a result of the expression that is a logical TRUE  (as claimed in claim 1, 10 and 19).
Claims are allowed in view of the above claim limitations when in combination with the remaining claim limitations.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437