DETAILED ACTION

Currently pending claims are 1 – 5, 7, 8, 10 – 15, 17 & 19 – 20.

Response to Arguments

 Applicant's arguments with respect to instant claims have been fully considered but are moot in view of the new ground(s) of rejection necessitated by Applicant's amendments – please see the following section for the detail of rationale to make the corresponding prior-art(s) rejections as set forth below.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 11 & 19 are rejected under 35 U.S.C. 112(b)  or pre-AIA  35 U.S.C. 112, second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention such as the claim languages of the newly added claim element “storinq a last delta link for each entity” because there is nowhere in the instant specification definig what is the exact context of a last delta link.  As such, metes and bound of the claim cannot be determined.  Any other claims not addressed are rejected by virtue of their dependency.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1 – 4, 7, 8, 10 – 14, 17 & 19 – 20 are rejected under 35 U.S.C.103 as being unpatentable over Narayanaswamy et al. (U.S. Patent 2020/0242269), in view of Duggal et al. (U.S. Patent 10,983,843), and in view of Begel et al. (U.S. Patent 2010/0211924).  

As per claim 1, Narayanaswamy teaches a Cloud Access Security Broker (CASB) system (Narayanaswamy: Figure 4 & Para [0053]: providing a CASB system to secure sensitive data, prevent data loss leakage and protect against security threats) comprising: 
a controller (Narayanaswamy: Figure 1A / E-175 & E-184 & Para [0053] – [0054] and Para [0120]: an Introspective Analyzer (including a monitor) of the CASB system constitutes a controller using API connectors to manage and monitor a plurality of different cloud services such as cloud hosted email services, cloud-based storage services and etc.); 
authentication provider contiqured to pertorm authentication of one or more tenants (Narayanaswamy: see above & Para [0063]: providing a N-CASB as a muti-tenants system to authenticate for access control as required);
a message broker connected to the controller (Narayanaswamy: see above & Para [0054] / [0074] and Para [0120]: a functional entity of work-flow management associated with the introspective analyzer (i.e. the controller) using API connectors to crawl through different sensitive data located in different cloud-based servics and validate its data integrity such as (e.g.) using a polling mode to activate various security tasks constitutes a message broker – this is consistent with the disclosure of the instant specification (SPEC: PG-PUB: Para [0016] Line 1 – 5 and Para [0042])); and 
a plurality of workers connected to the message broker and connected to one or more cloud providers having a plurality of files contained therein for one or more tenants (Narayanaswamy: see above & Para [0120] – [0121], Para [0054] and Para [0074]: activating different security tasks (i.e. a plurality of workers) with (e.g.) a polling mode to crawl through different sensitive data with deep inspection located at different cloud-based servics (e.g. cloud hosted email services, cloud-based storage services) and validate its data integrity such as scanning the user’s emails, inspecting identified documents and etc.). 
However, Narayanaswamy does not disclose expressly a plurality of queues configured to store files from the plurality of files for analysis by workers of the plurality of workers based on assignments from the message broker.
Duggal (& Narayanaswamy) teaches a plurality of queues configured to store files from the plurality of files for analysis by workers of the plurality of workers based on assignments from the message broker (Narayanaswamy: see above & Para [0054], Para [0120] – [0121] and Para [0074]: (a) utilizing an introspective analyzer to crawl through the data / file resident in the cloud-based services including a plurality of worker nodes to analyze the changes for detecting anomalous activities and (b) based on policies and rules to crawl through different contents (i.e. different assignments) such as identified documents / emails / files so as to trigger security actions for detecting security threats) || (Duggal: Figure 14 & Col. 25 Line 20 – 30 and Col. 2 Line 45 – 58: (a) as per a plurality of worker nodes in a distributed (service-mesh) cloud-based microservices FaaS (Function as a Servie) system, efficiently providing a plurality of queues via a plurality of event servers to dynamically coordinate collaorating services for processing concurrent (i.e. in-parallel) / multu-threaded event queues) – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0004] Line 10 – 15: a plurality of workers operate in parallel to efficiently process a plurality of queues).     
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of using a plurality of queues configured to store files from the plurality of files for analysis by workers of the plurality of workers because Naggal teaches efficiently providing a cloud-based microservices by using a plurality of queues via a plurality of event servers in a distributed (service-mesh) microservices FaaS (Function as a Servie) system to dynamically coordinate collaorating services for processing concurrent (i.e. in-parallel) / multu-threaded event queues for a plurality of worker nodes (see above) within the Narayanaswamy’s system of utilizing an introspective analyzer to crawl through the data / file resident in the cloud-based services including a plurality of worker nodes to analyze the changes for detecting anomalous activities with a periodical polling mode (see above). 
wherein the controller is configured to crawl through the plurality of files for the one or more tenants, based on policy and configuration for the one or more tenants and push a file from the plurality of files into one of the plurality of queues responsive to the file being one of a unique file entry or a new event (Narayanaswamy: see above & Para [0054], Para [0120] – [0121] and Para [0074]: based on policies and rules to crawl through different contents of identified documents / emails / files so as to trigger security actions for securely detecting the threats as needed) || (Duggal: Figure 14 & Col. 25 Line 20 – 30 and Col. 2 Line 45 – 58: (a) see above and (b) storing (pushing) an associated file into a corresponding queue in response to a new incoming event of a unique file entry within a batch of files associated with various tenants), and wherein a first crawl one of
fetchinq admin loqs for file-related activities for a tenant in batches, processing the batch for unique file entries in the batch, pushing the file info into a queue, repeatinq until the entire loq is crawled, and storing the log's stream-position for a next crawl
(a) utilizing an introspective analyzer to crawl through the data / file resident in the cloud-based services including a plurality of worker nodes to analyze the changes for detecting anomalous activities and based on policies and rules to crawl through different contents of identified documents / emails / files so as to trigger security actions (i.e. event data logs) for securely detecting the threats as needed (Narayanaswamy: see above & Para [0054], Para [0120] – [0121] and Para [0074]).
(b) as per a plurality of worker nodes in a distributed (service-mesh) cloud-based microservices FaaS (Function as a Servie) system, efficiently providing a plurality of queues via a plurality of event servers to dynamically coordinate collaorating services for processing concurrent (i.e. in-parallel) / multu-threaded event queues) and storing (pushing) an associated file into a corresponding queue in response to a new incoming event of a unique file entry within a batch of files associated with various tenants (Duggal: Figure 14 & Col. 25 Line 20 – 30 and Col. 2 Line 45 – 58), and
(c) As such, Examiner respectfully notes according to the queue-processing mechnism in the field, a queue has only limited storage memory space and thus a 1st run of queue only consumes a portion of the batch of files and thus it’s clearly required a pointer for storing (recording) the event log's stream-position w.r.t. where it was left from the previous processing corresponding to the event log batch files to indicate the position for the next starting pointer (i.e. the next run of crawling) of the remaining batch files so as to contnue processing all of the batch files (see above), or 
 crawling through the entire list of entities for a tenant, storing the list of entities for each tenant, storinq a last delta link (pls. refer to 35 USC § 112 rejection) for each entity, updating tenant info, and repeatinq for all tenants, wherein the first craw is synchronized with a Data Leakage Prevention (DLP) scan frequency and subsequent crawls performed periodically crawl incrementally (see below).
(a) Narayanaswamy teaches an Introspective Analyzer (including a monitor) of the CASB system as a controller using API connectors to manage and monitor a plurality of different cloud services such as cloud hosted email services, cloud-based storage services and etc. (Narayanaswamy: Figure 1A / E-175 & E-184 & Para [0053] – [0054] and Para [0120]) and to synchronize (coordinate) with a Data Leakage Prevention (DLP) based on policies and rules (Narayanaswamy: Para [0049] and Para [0054]) since Narayanaswamy further teaches the introspective analyzer can crawl the data / file resident in the cloud-based services with a polling mode (e.g. performed regularly and at a set time interval (e.g. periodical such as on a basis of time of day or day of week and etc.)) analyze the changes for detecting anomalous activities (Narayanaswamy: see above & Para [0054] Line 1 – 9 and Para [0068]); additionally,
(b)  Begel teaches providing a more efficient cawling mechanism to first start a baseline crawling on each file (code) check-in and then until a later recent check-in (e.g. file changed) such that the changed file’s differences (i.e. incremental difference w,r,t, checkin/out configuration management system) can be effectively analyzed – i.e. before and after the modifie files snapshots can be parsed and compared (Begel: Para [0208] / [0207]) – this is consistent with the disclosure of the instant specification (SPEC-PG.PUB: Para [0050]).  As such Applicant's arguments are respectfully traversed.
	           It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of including all files by a first crawl and subsequent performing the crawling periodically crawl incrementally because Begel teaches to provide a more efficient cawling mechanism to first start a baseline crawling on each file (code) check-in and then until a later recent check-in (e.g. file changed) such that the changed file’s differences can be effectively analyzed – i.e. before and after the modifie files snapshots can be parsed and compared (see above) within the Narayanaswamy’s system of utilizing an introspective analyzer to crawl through the data / file resident in the cloud-based services with a periodical polling mode to analyze the changes for detecting anomalous activities (see above).

As per claims 11 & 19, the claims contain(s) similar limitations to claim(s) 1 and thus are rejected with the same rationale.

As per claim 2 and 12, Narayanaswamy as modified teaches wherein the plurality of workers are further configured to cause an action in the one or more cloud providers based on the crawl and based on the policy and the configuration (Narayanaswamy: see above & Para [0054], Para [0120] – [0121] and Para [0074]: based on policies and rules to crawl through different contents of identified documents / emails). 

As per claim 3 and 13, Narayanaswamy as modified teaches wherein the action includes any of allowing a file, deleting a file, quarantining a file, and providing a notification (Narayanaswamy: see above & Para [0082] / Last sentence).  

As per claim 4, 14 and 20, Narayanaswamy as modified teaches a Data Leakage Prevention (DLP) engine configured to scan the plurality of files based on the policy and the configuration, and to provide an action based on the scan (Narayanaswamy: Para [0049] and Para [0054]: to synchronize (coordinate) with a Data Leakage Prevention (DLP) based on policies and rules).  

As per claim 7 and 17, Narayanaswamy as modified teaches wherein the plurality of workers include a plurality of types of workers, each being configured to perform a specific task in the CASB system (Narayanaswamy: see above & Para [0120] – [0121], Para [0054] and Para [0074]: activating different security tasks (i.e. a plurality of workers) to crawl through different sensitive data with deep inspection located in different cloud-based servics (e.g. cloud hosted email services, cloud-based storage services) and validate its data integrity such as scanning the user’s emails, inspecting identified documents and etc.).  


As per claim 8, Narayanaswamy as modified teaches the cloud- based security system is configured to analyze files of the plurality of files and provide an action (Narayanaswamy: see above & Para [0082] / Last sentence).  

As per claim 10, Narayanaswamy as modified teaches including a regulator that monitors the performance of all the workers and performs control based thereon (Narayanaswamy: see above & Figure 1A / E-184).  


Claims 5 and 15 are rejected under 35 U.S.C.103 as being unpatentable over Narayanaswamy et al. (U.S. Patent 2020/0242269), in view of Duggal et al. (U.S. Patent 10,983,843), in view of Begel et al. (U.S. Patent 2010/0211924), and in view of Viktorov et al. (U.S. Patent 10,715,540).  

As per claim 5 and 15, Viktorov (& Narayanaswamy) teaches providing a sandbox configured to execute a file of the plurality of files, and provide an action based on the execution and based on the policy and the configuration (Narayanaswamy: see above & Para [0054] Line 1 – 9 and Para [0068]: an introspective analyzer crawls and analyzes the data / file resident in the cloud-based services to detect the violations of files so as to perform security actions such as quarantining the target files) || (Viktorov: Abstract & Col. 9 Line 49 – 55 and Col. 6 Line 40 – 46: provideing protection from malicious and harmful content in a cloud-based services with specified actions such as quarantining the target files by using a sandbox processing means). 
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention was made to propose the modification of providing a sandbox configured to execute a file of the plurality of files, and provide an action based on the execution and based on the policy and the configuration because Viktorov teaches effectively and securely provideing protection from malicious and harmful content in a cloud-based services with specified actions such as quarantining the target files by using a sandbox processing means (see above) within the Narayanaswamy’s system of utilizing an introspective analyzer to crawl through the data / file resident in the cloud-based services to detect the violations of files so as to perform security actions such as quarantining the target files (see above). 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The examiner can normally be reached Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




---------------------------------------------------
                  /Longbit Chai/
           Longbit Chai E.E. Ph.D.
    Primary Examiner, Art Unit 2431
                   No. #2316 – 2022
---------------------------------------------------