DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) 1, 10 and 19 relate to methods, device and medium for data protection. The claims require determining an object feature for each protection object in a set of protection objects that generate protected data to obtain determined object features, the set of protection objects comprising at least one protection object configured with a predetermined data protection strategy; determining a set of candidate objects belonging to a same class as the at least one protection object from the set of protection objects according to the determined object features; and configuring the predetermined data protection strategy to at least one candidate object in the set of candidate objects. 
The determining limitations and the configuring limitation, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitation in the mind. It is noted that the device and medium claims cover the same process, but for the recitation of generic computer components. That is, other than reciting “by a processor,” nothing in the claim element precludes the step from practically being performed in the mind. Users can review data, determine a protection strategy, compare candidate objects having the same class, and configuring or adapting the data protection strategy to cover the candidate objects.
This judicial exception is not integrated into a practical application because the features are recited at a high level of generality and do not provide specific detail on how the determining and configuring steps occur. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because although the Specification provides that the application is to a large source of the data, the claims do not require said aspects, and cover any amount of data.
Claims 2, 11 and 20 further recite that the set of candidate objects from the set of protection objects is determined using a classification model. The classification model being trained to identify a protection object with a similarity between the protection object and at least one protection object exceeding a threshold similarity according to the object features as belonging to the same class as the at least one protection object. This step is also considered to be a limitation in the mind. Users can gauge similarities between objects and identify closeness (threshold) for grouping or clustering objects. It is noted that the claim does not specifically disclose how the model is being used.
Claims 3 and 12 further recites the classification model being trained based on a corresponding object feature of the at least one protection object. This step is also considered to be a limitation in the mind. Users often perform analysis to determine co-occurrence or overlapping attributes to determine whether objects are similar.
Claims 4 and 13 further recite the threshold similarity is determined based on a similarity of a corresponding object feature of the at least one protection object. This step is also considered to be a limitation in the mind. Users often perform analysis to determine similarity of co-occurrence or overlapping attributes to determine whether objects are similar.
Claims 5 and 14 further recite comparing and ranking, which are considered to be limitations in the mind. Users often compare and contrast and sort or rank features in order to make determinations.
Claims 6 and 15 further recite providing user with candidate objects and having a user select indicating the at least one candidate object are generic computer components for the user to make selections of the mind.
Claims 7 and 16 further disclose clustering the set of protection objects based on a set of attributes of each protection object and determining the object feature based on the set of attributes and a result of the clustering are considered to be limitations of the mind. Users group or cluster objects to make determinations on how to make decisions.
Claims 8 and 17 further disclose the set of attributes include a predetermined attribute, and external attribute, or an internal attribute. This is considered to be further explanation on the attributes being considered and reviewed by the user. The attributes are considered to be recited at a high level of generality and do not provide significantly more to the claimed invention.
Claims 9 and 18 further disclose the set of protection objects including a virtual machine, a database, a physical device or a file system. This is considered to be further explanation on implementing the method and device on a machine. The attributes are considered to be recited at a high level of generality and do not provide significantly more to the claimed invention.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 9, 10, 18 and 19 are rejected under 35 U.S.C. 102(a)(1)/(a)(2) as being anticipated by Chan et al. (U.S. Publication No. 2016/0364573 A1, hereinafter referred to as “Chan”).
Regarding claim 1, Chan discloses a data protection method, comprising: (data protection method)(e.g., abstract, figure 11 and paragraphs [0004], [0007] and [0008])
determining an object feature for each protection object in a set of protection objects that generate protected data to obtain determined object features, the set of protection objects comprising at least one protection object configured with a predetermined data protection strategy; (object feature for the protection objects are determined that generate protected data to obtain or access the files – data protection policies are applied that include rules that dictate what an how an entity can access the sensitive data)(e.g., figure 11 and paragraphs [0028], [0031], [0052], [0056])
determining a set of candidate objects belonging to a same class as the at least one protection object from the set of protection objects according to the determined object features; and (candidate objects – object class associated with the sensitive data element is generated and instances of the object class or are an object class derived therefore determined)(e.g., paragraphs [0028], [0031], [0032)
configuring the predetermined data protection strategy to at least one candidate object in the set of candidate objects. (data tag is applied to sensitive data elements  - sensitive data elements are objects in the source code that inherit the properties of a SAM-compliant sensitive data object class – predetermined data protection strategy is configured to at least one candidate object. User can periodically update policy)(e.g., figures 8 and 11 and paragraphs [0028], [0031], [0037], [0072] and [0097]-[0100]).

Regarding claim 9, Chan discloses the method according to claim 1. Chan further discloses wherein the set of protection objects comprises at least one of the following: a virtual machine, a database, a physical device, or a file system. (file system – object files)(e.g., paragraphs [0028]-[0030] and [0087]).

Regarding claim 10, Chan discloses an electronic device, comprising: a processor; and a memory coupled to the processor and having instructions stored therein, wherein the instructions, when executed by the processor, cause the electronic device to execute actions comprising: (device having processor and memory with stored instructions)(e.g., figure 3 and paragraphs [0047]-[0048])
determining an object feature for each protection object in a set of protection objects that generate protected data to obtain determined object features, the set of protection objects comprising at least one protection object configured with a predetermined data protection strategy; (object feature for the protection objects are determined that generate protected data to obtain or access the files – data protection policies are applied that include rules that dictate what an how an entity can access the sensitive data)(e.g., figure 11 and paragraphs [0028], [0031], [0052], [0056])
determining a set of candidate objects belonging to a same class as the at least one protection object from the set of protection objects according to the determined object features; and (candidate objects – object class associated with the sensitive data element is generated and instances of the object class or are an object class derived therefore determined)(e.g., paragraphs [0028], [0031], [0032)
configuring the predetermined data protection strategy to at least one candidate object in the set of candidate objects. (data tag is applied to sensitive data elements  - sensitive data elements are objects in the source code that inherit the properties of a SAM-compliant sensitive data object class – predetermined data protection strategy is configured to at least one candidate object. User can periodically update policy)(e.g., figures 8 and 11 and paragraphs [0028], [0031], [0037], [0072] and [0097]-[0100]).
Claim 18 has substantially similar limitations as stated in claim 9; therefore, it is rejected under the same subject matter. 

Regarding claim 19, Chan discloses a computer program product tangibly stored on a computer-readable medium and comprising machine-executable instructions, wherein the machine-executable instructions, when executed, cause a machine to perform a method, the method comprising: (product stored on a medium)(e.g., paragraph [0105])
determining an object feature for each protection object in a set of protection objects that generate protected data to obtain determined object features, the set of protection objects comprising at least one protection object configured with a predetermined data protection strategy; (object feature for the protection objects are determined that generate protected data to obtain or access the files – data protection policies are applied that include rules that dictate what an how an entity can access the sensitive data)(e.g., figure 11 and paragraphs [0028], [0031], [0052], [0056])
determining a set of candidate objects belonging to a same class as the at least one protection object from the set of protection objects according to the determined object features; and (candidate objects – object class associated with the sensitive data element is generated and instances of the object class or are an object class derived therefore determined)(e.g., paragraphs [0028], [0031], [0032)
configuring the predetermined data protection strategy to at least one candidate object in the set of candidate objects. (data tag is applied to sensitive data elements  - sensitive data elements are objects in the source code that inherit the properties of a SAM-compliant sensitive data object class – predetermined data protection strategy is configured to at least one candidate object. User can periodically update policy)(e.g., figures 8 and 11 and paragraphs [0028], [0031], [0037], [0072] and [0097]-[0100]).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim(s) 2-4, 7, 8, 11-13, 16 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Chan in view of Tandecki et al. (U.S. Publication No. 2021/0049421 A1, hereinafter referred to as “Tandecki”).
Regarding claim 2, Chan discloses the method according to claim 1. Chan does not appear to specifically disclose wherein determining the set of candidate objects from the set of protection objects comprises: determining the set of candidate objects from the set of protection objects using a classification model, the classification model being trained to identify a protection object with a similarity between the protection object and the at least one protection object exceeding a threshold similarity according to the determined object features as belonging to the same class as the at least one protection object.
On the other hand, Tandecki, which also relates to data protection (e.g., paragraphs [0082]-[0084]), does disclose wherein determining the set of candidate objects from the set of protection objects comprises: determining the set of candidate objects from the set of protection objects using a classification model, the classification model being trained to identify a protection object with a similarity between the protection object and the at least one protection object exceeding a threshold similarity according to the determined object features as belonging to the same class as the at least one protection object. (classification of data being protected can include determining whether data is similar based on threshold similarity. )(e.g., figures 4, 6 and 7 and paragraphs [0082] and [0127]-[0129]).
Chan discloses data protection for objects and similar objects using data protection policies. Chan discloses that transitive rules associated with the sensitive data element can be applied to data objects that are similar and within the same class. However, Chan does not appear to specifically disclose that the candidate objects from the set of protection objects are determined using a classification model that is trained based on a similarity threshold. On the other hand, Tandecki does disclose that classification of objects in a model that are subject to data protection can be determined through a similarity threshold. This provides an effective manner to determine other objects within a class. Therefore, it would have been obvious to one of ordinary skill in the art at the time of Applicant’s filing to incorporate the classification model of Tandecki to Chan to further enhance the determination in which objects in the class are determined for deciding the data protection strategy.

Regarding claim 3, Chan in view of Tandecki discloses the method according to claim 2. Chan in view of Tandecki further discloses wherein the classification model is trained based on a corresponding object feature of the at least one protection object. (data tags are included for data protection strategy)(e.g., paragraphs [0010], [0030] and [0031])(characteristics are identified, which may be subject to data protection)(e.g., paragraphs [0030] and [0080]-[0083]). 

Regarding claim 4, Chan in view of Tandecki discloses the method according to claim 2. Tandecki further discloses wherein the threshold similarity is determined based on a similarity of a corresponding object feature of the at least one protection object. (e.g., paragraphs [0050], [0051], [0107], [0115] and [0127]). 


Regarding claim 7, Chan discloses the method according to claim 1. Chan discloses object classes (e.g., paragraph [0028]; however, Chan does not appear to specifically disclose  wherein determining the object feature for each protection object in the set of protection objects comprises: clustering the set of protection objects based on a set of attributes of each protection object in the set of protection objects; and determining the object feature of each protection object based on the set of attributes and a result of the clustering.
On the other hand, Tandecki, does disclose wherein determining the object feature for each protection object in the set of protection objects comprises: clustering the set of protection objects based on a set of attributes of each protection object in the set of protection objects; and (objects are clustered based on attributes of the protection objects)(e.g., figures 4 and 7 and paragraphs [0061], [0070]-[0072], [0074] and [0082])
 determining the object feature of each protection object based on the set of attributes and a result of the clustering. (object feature is based on the set of attributes and cluster)(e.g., figures 4 and 7 and paragraphs [0075], [0076] and [0135]).
It would have been obvious to combine Tandecki with Chan for the reasons set forth in claim 2, above. Furthermore, it would have been obvious to incorporate the clustering technique as disclosed in Tandecki to Chan to further enhance the manner in which object features are determined in determining items subject to the data protection.

Regarding claim 8, Chan in view of Tandecki discloses the method according to claim 7. Chan in view of Tandecki further discloses wherein the set of attributes of a first protection object in the set of protection objects comprises at least one of the following: a predetermined attribute, an external attribute monitored from the outside of the first protection object, or an internal attribute monitored inside the first protection object. (sensitive data element can be predetermined – social security number)(Chan: e.g., paragraphs [0031] and [0069])(attribute can be personally-identifiable information)(Tandecki: e.g., paragraph [0081]).
Claims 11-13, 16 and 17 have substantially similar limitations as stated in claims 2-4, 7 and 8, respectively; therefore, they are rejected under the same subject matter.

Conclusion
The prior art made of record, listed on form PTO-892, and not relied upon is considered pertinent to applicant's disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD L BOWEN whose telephone number is (571)270-5982. The examiner can normally be reached Monday through Friday 7:30AM - 4:00PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aleksandr Kerzhner can be reached on (571)270-1760. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD L BOWEN/            Primary Examiner, Art Unit 2165