Notice of Pre-AIA  or AIA  Status
Claims 1-20 are presented for examination.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/8/20, 9/17/21, 10/7/21, and 2/24/22 have all been considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-12 and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Brisebois (U.S. Patent 9,578,060) in view of Meier (U.S. Patent Publication 2018/0159884).

Regarding claims 1 and 20: 
Brisebois discloses a computing platform, and corresponding non-transitory media for use therein, comprising: at least one processor (e.g. claim 16, and Figure 1); a communication interface communicatively coupled to the at least one processor (Figure 1, Ibid); and memory storing computer-readable instructions (e.g. claim 16, and Figure 1) that, when executed by the at least one processor, cause the computing platform to: retrieve, for a particular data transmission of the plurality of data transmissions, a content of the particular data transmission (e.g. col. 9, lines 27-57: the data classification engine receives content to be classified from the data collection engine, wherein the content may include inter alia communications via email, voicemail, etc.); analyze, via the computing device, the content (Ibid; see also col. 10, lines 33-65 regarding an example of analyzing the content of an email); determine, in real-time via the computing device and based on the analyzing, a security classification for the content (i.e. identifying certain content as sensitive, requiring additional security constraints for access: e.g. col. 14, line 65 – col. 15, line 13); and cause, in real-time via the computing device, the content to be marked with the determined security classification (Ibid).
	Although Brisebois discloses wherein the classification engine in at least some embodiments may classify data at or substantially near the time of collection by the collection engine (col. 9, lines 45-47; see also col. 12, lines 38-40), Brisebois appears to be silent regarding detecting, in real-time and via a computing device, a plurality of data transmissions between applications over a communications network.  However, Meier discloses a related invention for monitoring communications between a plurality of business applications (Abstract, and each of paragraphs 0005-0011) wherein the ability to monitor communications in real-time to identify potentially sensitive information is taught (e.g. paragraph 0061).  It would have been obvious prior to the filing date of the instant application to modify the Brisebois invention to allow its data collector to gather communications among business applications for analysis and classification, as the ability to detect the presence of sensitive information allows one to block the communication if it is determined to be unauthorized (Meier, Ibid, particularly the last sentence of paragraph 0061; see also paragraph 0003; cf. Brisebois, Abstract, wherein one of the goals of that invention is to detect violations of data security policies as part of a data loss prevention system).

Regarding claim 2:	The combination further discloses wherein the instructions, when executed by the at least one processor, cause the computing platform to: train a machine learning model to generate a new security classification (Brisebois, col. 6, lines 10-15; machine learning at col. 12, lines 8-11).

Regarding claim 3:	The combination further discloses wherein the security classification for the content is based on the new security classification (Brisebois, Ibid).

Regarding claim 4:	The combination further discloses wherein the instructions, when executed by the at least one processor, cause the computing platform to: train a machine learning model to perform the determining the security classification for the content (Brisebois: optimizing or updating the existing machine learning model at col. 10, lines 10-32).

Regarding claim 5:	The combination further discloses 4, wherein the instructions, when executed by the at least one processor, cause the computing platform to: apply the machine learning model to perform the determining the security classification for the content (various examples listed in Brisebois, columns 10 & 11).

Regarding claim 6:	The combination further discloses wherein the instructions, when executed by the at least one processor, cause the computing platform to: identify, for the particular data transmission, one or more prior transmissions associated with the particular data transmission (Brisebois, col. 18, lines 32-52); determine prior content associated with the one or more prior transmissions, and wherein the determining the security classification is based on the prior content (Brisebois, Ibid).

Regarding claim 7:	The combination further discloses wherein the instructions, when executed by the at least one processor, cause the computing platform to: identify, for the particular data transmission, a reported security classification for the content; detect an anomaly between the reported security classification and the determined security classification; and trigger one or more security actions based on the detected anomaly (Brisebois: the data loss prevention system detects potential violations of the established security policies, and provides for enforcement actions against those who violate them: see e.g. col. 49, line 24 – col. 50, line 26; see also Table 6, including the section regarding the US Patriot Act in column 51, and the Brisebois invention’s ability to track the movement of sensitive information).

Regarding claim 8:	The combination further discloses 7, wherein the one or more security actions comprises: modifying, based on a machine learning model, the reported security classification (Brisebois, col. 12, lines 14-17).

Regarding claim 9:	The combination further discloses wherein the instructions, when executed by the at least one processor, cause the computing platform to: retrieve, via the computing device and from a repository and for the particular data transmission, a first security profile associated with a source application, and a second security profile associated with a destination application; and based on a determination that the determined security classification is not compatible with one or more of the first security profile and the second security profile, trigger one or more security actions for the particular data transmission (Brisebois, col. 45, lines 10-33; and col. 50, lines 27-40; see also Table 5 on columns 39 & 40, particularly the row regarding “Monitoring Routing of Sensitive Information”).

Regarding claim 10:	The combination further discloses wherein the instructions, when executed by the at least one processor, cause the computing platform to: based on a determination that the determined security classification is compatible with one or more of the first security profile and the second security profile, release the particular data transmission to the destination application (e.g., “Allow with warning”: Brisebois, col. 50, lines 27-40).

Regarding claim 11:	The combination further discloses wherein the instructions, when executed by the at least one processor, cause the computing platform to: detect, based on a determination that the first security profile does not match the second security profile, a potentially unauthorized data transmission, and wherein the retrieving the content of the particular data transmission comprises retrieving the content of the potentially unauthorized data transmission (Brisebois, col. 45, lines 10-67).

Regarding claim 12:	The combination further discloses 9, wherein the instructions, when executed by the at least one processor, cause the computing platform to: identify a first user associated with the source application; identify a second user associated with the destination application, and wherein the retrieving the first security profile comprises retrieving a first access authorization associated with the first user, and wherein the retrieving the second security profile comprises retrieving a second access authorization associated with the second user (Brisebois, col. 48, lines 30-50; see also Table 5 of columns 39 & 40, wherein the sender and recipient of a message that has been detected as violating a DLP rule are both flagged for reporting).

Regarding claim 14:	The combination further discloses 9, wherein the one or more security actions comprise modifying, via the computing device, one or more of the first security profile and the second security profile (Brisebois, col. 46, lines 20-38).

Regarding claim 15:	The combination further discloses wherein the one or more security actions comprise preventing, via the computing device, a data transmission related to the particular data transmission (e.g. “Block sending” and “Block receiving”, Brisebois, col. 50, lines 27-40).

Regarding claim 16:	The combination further discloses wherein the one or more security actions comprise generating a risk profile of an enterprise user associated with the particular data transmission, wherein the risk profile is indicative of a likelihood of the enterprise user to transmit an unauthorized data transmission (Brisebois, col. 43, lines 47-58).

Regarding claim 17:	The combination further discloses 16, wherein the instructions, when executed by the at least one processor, cause the computing platform to: based on a determination that the enterprise user is associated with an unauthorized data transmission, send a notification to the enterprise user; detect another unauthorized data transmission associated with the enterprise user; and update the risk profile of the enterprise user to indicate a high likelihood of the enterprise user to transmit an additional unauthorized data transmission (Brisebois, col. 43, line 59 – col. 44, line 55: the system can track a user’s quasi-violations of security policy, with the system being able to dynamically adjust the risk of a user based on the number of quasi-violations).

Regarding claim 18:	The combination further discloses wherein the one or more security actions comprise generating a risk profile of an application associated with the particular data transmission, and wherein the risk profile is indicative of a likelihood of the application to transmit an unauthorized data transmission (Brisebois, columns 43-44, Ibid).

Regarding claim 19:
	The rationale for rejecting claims 1 & 9 applies mutatis mutandis to claim 19.

Allowable Subject Matter
Claim 13 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: U.S. Patent Publications 2020/0380160 (Kraus); 2020/0134083 (Elliman); and 2018/0197105 (Luo).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849. The examiner can normally be reached 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        8/27/2022