Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Status of Claims:
Claims 1-20 are pending in this Office Action.
Claims 1-6, 9, 11-18 and 20 are amended.

Response to Arguments
Applicant’s arguments, filed 04/19/2022 have been fully considered and are persuasive.  Specifically, in regards to amended claim language clarifying use of hash values.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Raichelgauz.  Please see citation below.

Examiner Comments
Additionally, the following limitations do not make the scope indeterminate, however there seems to be some inconsistencies.  Clarification is requested.  
Claim 1 recites “,,,hash values associated with files…flag a respective file…when a hash value associated with said respective file…”.  Please clarify if the respective file is one on the files for which metadata is retrieved in the earlier limitations.
Claim 20, seems to have repetitious claim limitations, “…flagging a respective…”.  Please provide clarifications.



Applicant’s invention as claimed:

Examiner Comments
Additionally, the following limitations do not make the scope indeterminate, however there seems to be some inconsistencies.  Clarification is requested.  
Claim 12 recites both “bad content” and “restricted content”, these seem to be used interchangeably.  Clarification/correction is requested. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 1, 2, 7, 12-14 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Krasadakis (US 2018 / 0246486), herein after Krasadakis and further in view of Raichelgauz et al. (US 2014/0310825), herein after Raichelgauz.

Regarding claims 1 and 20, 
Krasadakis teaches a method of automatically identifying restricted content on a computer system, said method comprising: accessing a remote computer network (see fig. 1 and paras. 28 and 44, system for continuously monitoring activity data and identifying restricted content, wherein system access remote data collectors 112, 114 and data access layers 117 (i.e. remote computer network); 
identifying a storage device of said remote computer network: retrieving metadata from the storage device of said remote computer network, (see fig. 1 and para. 28, system identifies data structures and contextual information of activity (see also, para. 96) (i.e. metadata) from a remote activity database 117 (i.e. storage device), wherein the contextual information includes metadata entries unique to activity (e.g. device, timestamp, activity identifier) stored in the database (see further para. 96));
and flagging a respective file stored on the storage device and indicating a file identifier associated with said respective file (see paras. 110-111, flagging activity context information (i.e. metadata entry) that matches known restricted content information (i.e. metadata associated with restricted content) included in the restricted content repository, wherein content that is compared may include documents (i.e. file) included in organization information when flagging activity context information, (see further paras. 44 and 50)).
Krasadakis fails to explicitly teach wherein said metadata comprises hash values associated with files stored on said storage device, retrieving hash values and comparing said hash values associated with files stored on said storage device to said hash values associated with known restricted content.
However, in analogous art Raichelgauz teaches wherein the metadata comprises hash values associated with files stored on the storage device (Applicants specification provides for use of signature algorithm to create hash values (para. 39). Here, see paras. 27-30, wherein metadata is associated with signatures (see further paras. 51-59) (i.e. hash values) to identify specific multimedia content concept provided from server (i.e. storage device));  
and retrieving hash values associated with known restricted content from a remote database (see paras. 35-36, retrieving signatures (i.e. hash values) associated with predetermined inappropriate content (i.e. restricted content) from a data warehouse (i.e. remote database)); 
comparing said hash values associated with files stored on said storage device to said hash values associated with known restricted content (see paras. 34-36, matching generated signatures of content (i.e. hash values associated with files) to signatures of predetermined inappropriate content);
when a hash value associated with said respective file substantially matches at least one of said hash values associated with known restricted content (see para. 34, when the generated signature (i.e. hash value) associated with content correlates (i.e. matches) with at least on signature of a predetermined inappropriate content, wherein inappropriate content is further flagged (see also. para. 73)).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include wherein said metadata comprises hash values associated with files stored on said storage device, retrieving hash values and comparing said hash values associated with files stored on said storage device to said hash values associated with known restricted content as taught in Raichelgauz. One would do so for the benefit of comparing and determining inappropriate content (see paras. 34-36).    

Regarding claim 12, 
Krasadakis teaches a computer system for automatically and remotely identifying restricted content on a remote computer system (see fig. 1 and paras. 28 and 44, system for continuously monitoring activity data and identifying restricted content, wherein system monitors remote data collectors 112, 114 and data access layers 117 (i.e. remote computer network); 
said computer system comprising: a memory for storing a list of known restricted content, said list comprising metadata that identifies said known restricted content; and a processor that executes instructions of a method to identify the restricted content (see paras. 44-45, storing in a restricted content repository 144 (i.e. remote database) list of restricted information, said restricted information comprising activity objects and metadata that identifies restricted content (see further paras. 108-110) and system continuously monitors activity data for restricted content); 
said method comprising: identifying a storage device of said remote computer system, retrieving metadata from said storage device of said remote computer system, (see fig. 1 and para. 28, system identifies data structures and contextual information of activity (see also, para. 96) (i.e. metadata) from a remote activity database 117 (i.e. storage device), wherein the contextual information includes metadata entries unique to activity (e.g. device, timestamp, activity identifier) stored in the database (see further para. 96)(i.e. describe files stored)); 
and flagging a respective file stored on the storage device (see paras. 110-111, flagging activity context information (i.e. metadata entry) that matches known restricted content information (i.e. metadata associated with restricted content) included in the restricted content repository, wherein content that is compared may include documents (i.e. file) included in organization information when flagging activity context information, (see further paras. 44 and 50)).
Krasadakis fails to explicitly teach wherein said metadata comprises hash values associated with files stored on said storage device, retrieving hash values and comparing said hash values associated with files stored on said storage device to said hash values associated with known restricted content.
However, in analogous art Raichelgauz teaches wherein said metadata comprises hash values associated with files stored on said storage device (Applicants specification provides for use of signature algorithm to create hash values (para. 39). Here, see paras. 27-30, wherein metadata is associated with signatures (see further paras. 51-59) (i.e. hash values) to identify specific multimedia content concept provided from server (i.e. storage device));  
retrieving hash values that identify said known restricted content from said memory (see paras. 35-36, retrieving signatures (i.e. hash values) associated with predetermined inappropriate content (i.e. restricted content) from a data warehouse (i.e. remote database));  
comparing said hash values associated with files stored on said storage device to said hash values associated with known restricted content (see paras. 34-36, matching generated signatures of content (i.e. hash values associated with files) to signatures of predetermined inappropriate content);
when a hash value associated with said file substantially matches at least one of said hash values associated with a known restricted content (see para. 34, when the generated signature (i.e. hash value) associated with content correlates (i.e. matches) with at least on signature of a predetermined inappropriate content, wherein inappropriate content is further flagged (see also. para. 73)).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include wherein said metadata comprises hash values associated with files stored on said storage device, retrieving hash values and comparing said hash values associated with files stored on said storage device to said hash values associated with known restricted content as taught in Raichelgauz. One would do so for the benefit of comparing and determining inappropriate content (see paras. 34-36).    

Regarding claims 2,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 1 above.
Krasadakis further teaches comprising identifying a network location within said storage device associated with the [hash] value associated with said respective file (see paras. 44, 54, wherein content that is compared may include information indicating the network identifier associated with content from organization associated with documents (i.e. file) and pointer information (i.e. hash value) for the organization and included in organization information when flagging activity context information).
Krasadakis fails to explicitly teach use of a hash value.
However, in analogous art Raichelgauz teaches hash value see paras. 27-30, wherein metadata is associated with signatures (see further paras. 51-59) (i.e. hash values) to identify specific multimedia content concept provided from server (i.e. storage device).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include hash value as taught in Raichelgauz. One would do so for the benefit of comparing and determining inappropriate content (see paras. 34-36).    

Regarding claim 7,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 1 above.
Krasadakis teaches comprising identifying computer systems of the remote computer network that are powered off (see paras. 24-28, wherein activity context information can include machine data about sensors including status information, login/logout/restart/device usage (i.e. computer systems powered off)).

Regarding claim 13,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 12 above.
Krasadakis fails to explicitly teach retrieving the hash values of known restricted content from a remote database of known restricted content, said database comprising metadata associated with the known restricted content.
However, in analogous art Raichelgauz teaches wherein said method further comprises retrieving the hash values of known restricted content from a remote database of known restricted content (see paras. 35-36, retrieving signatures (i.e. hash values) associated with predetermined inappropriate content (i.e. restricted content) from a data warehouse (i.e. remote database));, 
said database comprising metadata associated with the known restricted content (Applicants specification provides for use of signature algorithm to create hash values (para. 39). Here, see paras. 27-30, wherein metadata is associated with signatures (see further paras. 51-59) (i.e. hash values) to identify specific multimedia content concept provided from server (i.e. storage device));  
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include retrieving the hash values of known restricted content from a remote database of known restricted content, said database comprising metadata associated with the known restricted content as taught in Raichelgauz. One would do so for the benefit of comparing and determining inappropriate content (see paras. 34-36).    



Regarding claim 14,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 12 above.
Krasadakis teaches wherein said method further comprises identifying a network location associated with the respective file (see paras. 44-45, retrieve and compare activity context information to restricted content information (i.e. metadata for restricted content), wherein activity context information can include location information (i.e. network location) of the activity database from which the sensor data was received from (see, paras. 25-28)).

Regarding claim 16,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 12 above.
Krasadakis teaches wherein said method further comprises identifying a computer system associated with the respective file (see paras. 44-45, retrieve and compare activity context information to restricted content information (i.e. metadata for restricted content), wherein activity context information can include unique identifier information of the device (i.e. computer system) from which the sensor data was received from (see, paras. 25-28)).




Claim 3, 4, 8-10 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Krasadakis in view of Raichelgauz and further in view of Zacher et al. (US 2015/0143466), herein after Zacher.
Regarding claim 3,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 1 above.
Krasadakis in view of Raichelgauz fails to explicitly teach identifying a file path associated with the respective metadata entry that matches one of said metadata associated with known restricted content.
However, in analogous art Zacher teaches identifying a user associated with the hash value associated with said respective file (see paras. 22-24, flagging a file for prohibited content and indicating a file name (i.e. identifier) , hash value (see para. 6) associated with metadata about the content).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include identifying a file path associated with the respective metadata entry that matches one of said metadata associated with known restricted content as taught in Zacher. One would do so for the benefit of providing additional file information (see para. 6).    

Regarding claim 4,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 1 above.
Krasadakis in view of Raichelgauz fails to explicitly teach identifying a computer system associated with the with the hash value.
However, in analogous art Zacher teaches comprising identifying a computer system associated with the with the hash value associated with said respective file (see paras. 31-33, identifying user associated with content that is matched with prohibited content).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include identifying a computer system associated with the with the hash value as taught in Zacher. One would do so for the benefit of providing additional file information (see para. 6).    

Regarding claim 8,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 1 above.
Krasadakis in view of Raichelgauz fails to explicitly teach comprising identifying files of said computer network that are inaccessible.
However, in analogous art Zacher teaches comprising identifying files of said computer network that are inaccessible (see paras. 20-24, identifying files of said network that are limited from being accessed because of access privileges or prohibited flag (see also, para. 35)).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include comprising identifying files of said computer network that are inaccessible as taught in Zacher. One would do so for the benefit of providing additional file information (see para. 6).    

Regarding claim 9,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 1 above.
Krasadakis in view of Raichelgauz fails to explicitly teach identifying files that have been added or modified since a just previous scan.
However, in analogous art Zacher teaches wherein the retrieving metadata from the storage device of said remote computer network comprises identifying files that have been added or modified since a previous scan (see paras. 24, 26 and 31, metadata of content includes identifying files that have been recently uploaded by user and have not been classified (i.e. added or modified since previous scan)).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include identifying files that have been added or modified since a just previous scan as taught in Zacher. One would do so for the benefit of providing additional file information (see para. 6).    

Regarding claim 10,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 9 above.
Krasadakis in view of Raichelgauz fails to explicitly teach retrieving only metadata from the storage device for the files that have been added or modified since the just previous scan
However, in analogous art Zacher teaches wherein the retrieving metadata from the storage device of said remote computer network comprises retrieving only metadata from the storage device for the files that have been added or modified since the just previous scan (see paras. 24, 26 and 31, metadata of content includes identifying files that have been recently uploaded by user and have not been classified (i.e. added or modified since previous scan), the system only processes and stores content including updating access control when the file is uploaded (i.e. only metadata for files that have been added or modified)).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include retrieving only metadata from the storage device for the files that have been added or modified since the just previous scan as taught in Zacher. One would do so for the benefit of providing additional file information (see para. 6).    

Regarding claim 15,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 12 above.
Krasadakis in view of Raichelgauz fails to explicitly teach identifying a user associated with the respective metadata entry that matches the known metadata entry that identifies the known restricted content.
However, in analogous art Zacher teaches wherein said method further comprises identifying a user associated with the respective file (see paras. 31-33, identifying user associated with content that is matched with prohibited content).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include identifying a user associated with the respective metadata entry that matches the known metadata entry that identifies the known restricted content as taught in Zacher. One would do so for the benefit of providing additional file information (see para. 6).    

Claim 5, 6, 17 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Krasadakis in view of Raichelgauz and further in view of Narayanaswamy et al. (US 2017 / 0264640), herein after Narayanaswamy.
Regarding claim 5,
Krasadakis in view of Raichelgauz to explicitly teach wherein the metadata entries and said metadata associated with known restricted content comprise an MD5 hash.
However, in analogous art Narayanaswamy teaches wherein the hash values comprise an MD5 hash (see paras. 349 and 407, wherein integrity checksums are applied to all content metadata models including content files and files marked as sensitive content (i.e. metadata entries and restricted content) to identify, the checksum being performed with a MD5 hash).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include wherein the metadata entries and said metadata associated with known restricted content comprise an MD5 hash as taught in Cowan. One would do so for the benefit of classifying content properly (see para. 349).    



Regarding claim 6,
Krasadakis in view of Zacher teaches the limitations as described in claim 1 above.
Krasadakis in view of Raichelgauz to explicitly teach wherein the metadata entries and said metadata associated with known restricted content comprise an SHA hash.
However, in analogous art Narayanaswamy teaches wherein hash values comprise an SHA hash (see paras. 349 and 407, wherein integrity checksums are applied to all content metadata models including content files and files marked as sensitive content (i.e. metadata entries and restricted content) to identify, the checksum being performed with a SHA hash).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include wherein the metadata entries and said metadata associated with known restricted content comprise an MD5 hash as taught in Cowan. One would do so for the benefit of classifying content properly (see para. 349).    

Regarding claim 17,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 12 above.
Krasadakis fails to explicitly teach wherein the metadata entries and said metadata associated with known restricted content comprise an MD5 hash.
However, in analogous art Narayanaswamy teaches wherein the hash values comprise an MD5 hash (see paras. 349 and 407, wherein integrity checksums are applied to all content metadata models including content files and files marked as sensitive content (i.e. metadata entries and restricted content) to identify, the checksum being performed with a MD5 hash).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include wherein the metadata entries and said metadata associated with known restricted content comprise an MD5 hash as taught in Cowan. One would do so for the benefit of classifying content properly (see para. 349).    

Regarding claim 18,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 12 above.
Krasadakis fails to explicitly teach wherein the metadata entries and said metadata associated with known restricted content comprise an SHA hash.
However, in analogous art Narayanaswamy teaches wherein the hash values comprises an SHA hash (see paras. 349 and 407, wherein integrity checksums are applied to all content metadata models including content files and files marked as sensitive content (i.e. metadata entries and restricted content) to identify, the checksum being performed with a SHA hash).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include wherein the metadata entries and said metadata associated with known restricted content comprise an MD5 hash as taught in Cowan. One would do so for the benefit of classifying content properly (see para. 349).    

Claim 11 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Krasadakis (US 2018 / 0246486), herein after Krasadakis in view of Raichelgauz and further in view of Pereira et al. (US 10 , 210 , 252), herein after Pereira. 
Regarding claim 11,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 1 above.
Krasadakis in view of Raichelgauz fails to explicitly teach flagging duplicate of a sensitive file.
However, in analogous art Pereira teaches further comprising flagging a hash value that represents a duplicate of a sensitive file (see col. 9, ll. 37-45, flagging copies of uploaded content that represents a reoccurring or duplicate of inappropriate or sensitive content).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include flagging duplicate of a sensitive file as taught in Pereira. One would do so for the benefit of allowing accuracy in removal (see col. 9, ll. 37-45).    

Regarding claim 19,
Krasadakis in view of Raichelgauz teaches the limitations as described in claim 12 above.
Krasadakis fails to explicitly teach flagging duplicate of a sensitive file.
However, in analogous art Pereira teaches wherein the retrieving metadata from the storage device of said remote computer network comprises identifying files that have been added or modified after a previous scan and retrieving metadata from the storage devices for the flies that have been added or modified since the previous scan (see col. 9, ll. 37-45, flagging copies of uploaded content that represents a reoccurring or duplicate of inappropriate or sensitive content).
The claimed subject matter as a whole would have been obvious, before the effective filing date of the claimed invention, to one of ordinary skill in the art.  It would have been obvious to one of ordinary skill in the art to include flagging duplicate of a sensitive file as taught in Pereira. One would do so for the benefit of allowing accuracy in removal (see col. 9, ll. 37-45).    

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to EMAD H SIDDIQI whose telephone number is (469)295-9126. The examiner can normally be reached M-F 9 am-5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on 571-272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Emad Siddiqi/Examiner, Art Unit 2458                                                                                                                                                                                                        
/KEVIN T BATES/Supervisory Patent Examiner, Art Unit 2458