DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the amendment filed on 07/07/2022. Claims 1 – 3, 11, 12, 15, 21, 23, 26, and 32 have been amended. Claim 4, 6 – 8, 10, 14, 16 – 20, 22, 24, 25, and 27 – 30 are canceled. Claims 1 – 3, 5, 9, 11 – 13, 15, 21, 23, 26, 31, and 32 are pending for consideration. 

Response to Arguments
Applicant’s arguments in Arguments/Remarks filed on 07/07/2022 (hereafter Remarks) have been considered but they are not persuasive. The Remarks has being filed in response to the Office Action dated 05/25/2022 (hereafter OA).
On p. 10 of the Remark Applicant stated that Ford does not disclose or suggest that the first user receives a notification from the second user based on occurrence of transfer of the data object for which the transfer to the second user is prevented.  Therefore, Ford fails to disclose, teach or suggest to "obtaining notification from the second data controller based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented," as in independent Claim 1. (Emphasis added by Applicant).
Examiner respectfully notes that Applicant’s amendment to claim 1 changed a scope of the claim and necessitated additional search and analysis. As the result, Applicant’s arguments on pp. 10, 11, and 12 are moot in view of new ground of rejection. The dependent claims are rejected upon their dependences on the base claims.
Accordingly, rejection under 103 is maintained.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 3, 5, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Mraz et al. (US 2014/0337410 A1) (hereafter Mraz), in view of Ford et al. (US 2017/0041296 A1) (hereafter Ford), in view of Nakahara et al. (US 2008/0281942) (hereafter Nakahara), in view of Trepetin et al. (US 10936744) (hereafter Trepetin), and in view of Korsunsky et al. (US 2011/0238855) (hereafter Korsunsky).

Regarding claim 1 Mraz teaches: A method for handling transfer of a data object between network domains (Mraz, in Para. [0003] discloses “A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains. A CDS may be one-way only (from a low to a high domain or from a high to a low domain) or may be two-way.”), the method being performed by a first data controller of a first network domain, the method comprising: obtaining a request for transmission of the data object to a second data controller of a second network domain (Examiner note: obtaining requests (i.e. call for operations) and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system in conjunction with the controlling system 200; the first (second) controller of the first (second) network domain is met by the first (second) server 205 (server 210) located in the first (second) network domain) (Mraz, in Para. [0003] discloses “A cross-domain solution (CDS) is a system that provides the ability to access or transfer data between two networks having differing security domains” Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.” Mraz, in Para. [0024] discloses “Each server platform 205, 210 is administered separately. Each server platform 205,210 is unambiguously associated with the network to which it is connected. Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.”);  
[obtaining an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;] (Ford) 
[determining that the data object in the first network domain is to be modified prior to transfer of the data object to the second network domain; performing the modification by splitting the data object into at least a first data object part and a second object part to be received by separate receivers in the second network domain,] (Korsunsky) 
[wherein performing modification on the data object further comprises performing at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain;] (Trepetin) 
[enabling transfer of the data object to the second network domain according to the identifier;] (Ford) 
[obtaining notification from the second data controller based on occurrence of  transfer of the data object for which transfer of the data object to the second network domain is prevented; and issuing a message in response to having obtained the notification.] (Nakahara)
Mraz does not explicitly teach: obtaining an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;
enabling transfer of the data object to the second network domain according to the identifier;
Ford from the analogous technical field teaches:  obtaining an identifier identifying allowable transfer of the data object between the first network domain and the second network domain (Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange”);
enabling transfer of the data object to the second network domain according to the identifier (Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”);
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature as well as notifications through communication between users, i.e. user devices, in order to improve security and management of the data transfer in the system (Ford, [0081, 0152]).
Mraz as modified by Ford fails to explicitly teach: obtaining notification from the second data controller based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented; and issuing a message in response to having obtained the notification.
Nakahara from the analogous technical field teaches: obtaining notification from the second data controller based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented (Examiner note: sending/obtaining notification about occurred initially prevented data transfer is met by the preset actions of the postprocess C144, as depicted in Fig. 18 of Nakahara) (Nakahara, in Para. [0210] discloses “If the communication unit 106 of the terminal device 100 receives a termination notification to the effect that data was received from the server 200, then the data transfer unit 103 is notified of such. The data transfer unit 103 acquires the transfer postprocess C144 from the transfer control information C131 and determines whether it is necessary to perform the postprocess on the transferred data”); and issuing a message in response to having obtained the notification (Nakahara, in Para. [0210] further discloses “If it is necessary to perform the postprocess, then the data transfer unit 103 performs the process set in the transfer postprocess C144. For example, if the transfer postprocess C144 is set to "delete the transfer completed data," then the transfer completed data is deleted from the data storage unit 112. In addition, if, for example, the transfer postprocess C144 is set to "lock the transfer completed data," then the transfer completed data is locked in an unavailable state.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, in view of the teaching of Nakahara which discloses operations of data transfer unit and the postprocess unit related to the data transfer analysis and appropriate notification generation in order to improve the data transfer management and control in the system (Nakahara, [0210]).
Mraz as modified by Ford and Nakahara fails to explicitly teach: wherein performing modification on the data object further comprises performing at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain;
Trepetin from the analogous technical field teaches: wherein performing modification on the data object further comprises performing at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain (Trepetin, in col.1, ll.29-32 discloses “the invention provides a method and system of anonymizing a database such that it may be queried efficiently while still retaining the ability to not decrypt requested data.” Trepetin, in col.40, ll.33-36 discloses “This family provides cloud and data centers computing with a new way of database operations, data hosting, transmission and computational analysis using ciphered data.”);
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford and Nakahara, in view of the teaching of Trepetin which discloses anonymizing data/database and controlling data transfer/transmission in order to higher security of the data management in the system (Trepetin, col.1, ll.29-32, col.40, ll.33-36).
Mraz as modified by Ford, Nakahara, and Trepetin fails to explicitly teach: determining that the data object in the first network domain is to be modified prior to transfer of the data object to the second network domain; performing the modification by splitting the data object into at least a first data object part and a second object part to be received by separate receivers in the second network domain,
Korsunsky from the analogous technical field teaches: determining that the data object in the first network domain is to be modified prior to transfer of the data object to the second network domain; performing the modification by splitting the data object into at least a first data object part and a second object part to be received by separate receivers in the second network domain (Examiner note: split the data objects into two parts followed by the separate processing is met by splitting normalized data 428 encompassing the data flow 444 into two parts/copies processed separately by units 314 and 702; determination if split data object modifications are required is met by the operation of the firewall application 514) (Korsunsky, in Para. [0197] discloses “The normalized data 428 may encompass a representation of the data flow 444.” Korsunsky, in Para. [0476] discloses “the path of the data flow 444 may include a split where one copy of the data flow proceeds to the machine learning logic 314 and another copy proceeds to the data flow router 702.” Korsunsky, in Para. [0562] discloses “The firewall application 514 may allow, deny, or modify the data flow 444, as appropriate and as is described in greater detail hereinafter.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, Nakahara, and Trepetin, in view of the teaching of Korsunsky which discloses split of the data objects into two parts followed by the separate processing in order to achieve higher security of data processing in the network (Korsunsky, [0197, 0476, 0562]).

Regarding claim 2 Mraz, as modified by Ford, Nakahara, Trepetin, and Korsunsky, teaches: The method according to claim 1, wherein obtaining said request comprises[[:]] obtaining a request from the second data controller for transmission of the data object to the second network domain (Examiner note: as noted above, obtaining requests (i.e. call for operations) and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system in conjunction with the controlling system 200; request for a transfer from the second data controller is met by a call for a relevant filter application from the second server 210) (Mraz, in Para. [0056] discloses “Instances of FIOE may be located in both the first server 205 and the Second server 210, though they are configured to call different filter applications” Mraz, in Para. [0025] discloses “system 200 preferably provides for twenty-four separate file transfer data streams from first server 205 to second server 210.” Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)” Mraz, in Para. [0024] discloses “Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.” Mraz, in Para. [0021] discloses “system 200 presents 24 network interfaces 220 at the data inlet designed to carry primary data flow across the CDS accreditation boundary.” Mraz, in Para. [0020] discloses “system 200 may comprise the following major components:…(5) multiple instances of File Integrity Orchestration Engine (FIOE) software, which orchestrates invocation of data filter software applications” Mraz, in Para. [0059] discloses “FIOE calls the first of a series of data filters (step 602).”).

Regarding claim 3 Mraz, as modified by Ford, Nakahara, Trepetin, and Korsunsky, teaches: The method according to claim 1, wherein obtaining said request comprises[[:]] obtaining a request from a local send function of the first data controller for transmission of the data object to the second network domain (Examiner note: data filters comprise all domain information including the local functions) (Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.” Mraz, in Para. [0017] discloses “This gives the customer complete control over which data filters are applied to any given data transfer…Since customer-supplied custom data filters may include confidential information, such filters are preferably positioned only within the higher security domain.”).

Regarding claim 5 Mraz, as modified by Ford, Nakahara, Trepetin, and Korsunsky, teaches: The method according to claim 1, wherein said allowable transfer comprises at least one of: preventing transfer of the data object to the second network domain, allowing transfer of the data object to the second network domain, preventing modification of the data object in the second network domain transfer, allowing modification of the data object in the second network domain, and requiring modification of the data object in the first network domain prior to transfer of the data object to the second network domain (Examiner note: allowing or preventing data transfer are met by operations of the data filters) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters that permit forward data transfer based on the following criteria: (1) the file is not executable; (2) the file contains only 7-bit printable ASCII content; (3) the file is free of recognizable viruses and other malware; and (4) the file contains no "dirty words." To discern whether particular content is allowable (e.g., only non-executable 7-bit ASCII files are permitted), the system must be able to accurately identify the file/data types and deny all unless expressly permitted.”).

Regarding claim 9 Mraz, as modified by Ford, Nakahara, Trepetin, and Korsunsky, teaches: The method according to claim 1, wherein said enabling handling comprises: (Examiner note: as noted above, allowing or preventing data transfer are met by operations of the data filters) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters that permit forward data transfer based on the following criteria: (1) the file is not executable; (2) the file contains only 7-bit printable ASCII content; (3) the file is free of recognizable viruses and other malware; and (4) the file contains no "dirty words." To discern whether particular content is allowable (e.g., only non-executable 7-bit ASCII files are permitted), the system must be able to accurately identify the file/data types and deny all unless expressly permitted.”), transferring the data object to the second network domain; or preventing transfer of the data object to the second network domain (Examiner note: as noted above, the data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system allowing or preventing data transfer) (Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.”).

Claims 31, and 32 are rejected under 35 U.S.C. 103 as being unpatentable over Mraz et al. (US 2014/0337410 A1) (hereafter Mraz), in view of Ford et al. (US 2017/0041296 A1) (hereafter Ford), in view of Nakahara et al. (US 2008/0281942) (hereafter Nakahara), in view of Trepetin et al. (US 10936744) (hereafter Trepetin), in view of Korsunsky et al. (US 2011/0238855) (hereafter Korsunsky), and in view of Saros et al. (US 2012/0044059) (hereafter Saros).

Regarding claim 31 Mraz, as modified by Ford, Nakahara, Trepetin, and Korsunsky, fails to explicitly teach: The method according to claim 1, further comprising: associating the data object with a location tag, the location tag identifying the first network domain; and providing, based on the identifier, a cryptographic domain signature that binds the location tag to the data object.
Saros from the analogous technical field teaches:   The method according to claim 1, further comprising: associating the data object with a location tag, the location tag identifying the first network domain; (Saros in Para. [0011] discloses “The plurality of parameters may be associated with at least two of the following: a physical location of the tag being read, a deployment status of the tag, a time of day of the tag reading, a date of the tag reading”) and providing, based on the identifier, a cryptographic domain signature that binds the location tag to the data object (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, Trepetin and Korsunsky, in view of the teaching of Saros which discloses association of location tags with the identification domain which is included in cryptographic signature in order to higher security of the data management in the system (Saros, [0011, 0041]).

Regarding claim 32 Mraz, as modified by Ford, Nakahara, Trepetin, and Korsunsky, fails to explicitly teach: The method according to claim 1, further comprising[[:]] providing a cryptographic integrity signature to the data object.

Saros from the analogous technical field teaches: The method according to claim 1, further comprising: providing a cryptographic integrity signature to the data object (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, Nakahara, Trepetin and Korsunsky, in view of the teaching of Saros which discloses association of location tags with the identification domain which is included in cryptographic signature in order to higher security of the data management in the system (Saros, [0041]).

Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Mraz et al. (US 2014/0337410 A1) (hereafter Mraz), in view of Ford et al. (US 2017/0041296 A1) (hereafter Ford), in view of Nakahara et al. (US 2008/0281942) (hereafter Nakahara), and in view of Trepetin et al. (US 10936744) (hereafter Trepetin).

Regarding claim 23 Mraz teaches: A data controller of a first network domain for handling transfer of a data object between network domains, the data controller comprising Examiner note: functions of the data controller are met by the designed operations of the controlling system 200) (Mraz, in Para. [0017] discloses “System 200 permits a customer to load custom data filters into special placeholders as needed. This gives the customer complete control over which data filters are applied to any given data transfer.” Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.”): processing circuitry; and a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain a request for transmission of the data object to another data controller of a second network domain (Examiner note: as noted above, obtaining requests and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system in conjunction with the controlling system 200) (Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)” Mraz, in Para. [0024] discloses “Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.” Mraz, in Para. [0021] discloses “system 200 presents 24 network interfaces 220 at the data inlet designed to carry primary data flow across the CDS accreditation boundary.” Mraz, in Para. [0020] discloses “system 200 may comprise the following major components:…(5) multiple instances of File Integrity Orchestration Engine (FIOE) software, which orchestrates invocation of data filter software applications” Mraz, in Para. [0059] discloses “FIOE calls the first of a series of data filters (step 602).”);
[obtain an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;] 
determine that the data object in the first network domain is to be modified prior to transfer of the data object to the second network domain; perform the modification by splitting the data object into at least a first data object part and a second object part to be received by separate receivers in the second network domain (Examiner note: data could be modified/changed by the data filters comprised by system 200 which performs identification; in addition, modification of the data for transfer is met by splitting data into eight channels having three data streams each, which allows a multiple applications on split data parts including any predefined combinations using the programmable send and receive cards) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters” Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0025] discloses “Each channel 211 to 218 may preferably carry three data streams, for a total of 24 data streams in the presently preferred embodiment. This feature allows multiple applications to share the send card or receive card hardware as if each application were interacting with a separate card.”),
[wherein the data controller is further caused to perform at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain;] 
[enable transfer of the data object to the second network domain according to the identifier;] 
[obtain notification from the second data controller [[that]]based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented]
Mraz does not explicitly teach: obtain an identifier identifying allowable transfer of the data object between the first network domain and the second network domain;
enable transfer of the data object to the second network domain according to the identifier;
Ford from the analogous technical field teaches: obtain an identifier identifying allowable transfer of the data object between the first network domain and the second network domain (Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange”);
enable transfer of the data object to the second network domain according to the identifier (Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”);
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature as well as notifications through communication between users, i.e. user devices, in order to improve security and management of the data transfer in the system (Ford, [0081, 0152]).
Mraz as modified by Ford fails to explicitly teach: obtain notification from the second data controller [[that]]based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented
Nakahara from the analogous technical field teaches: obtain notification from the second data controller based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented; (Examiner note: sending/obtaining notification about occurred initially prevented data transfer is met by the preset actions of the postprocess C144, as depicted in Fig. 18 of Nakahara) (Nakahara, in Para. [0210] discloses “If the communication unit 106 of the terminal device 100 receives a termination notification to the effect that data was received from the server 200, then the data transfer unit 103 is notified of such. The data transfer unit 103 acquires the transfer postprocess C144 from the transfer control information C131 and determines whether it is necessary to perform the postprocess on the transferred data”);
and issue a message in response to having obtained the notification (Nakahara, in Para. [0210] further discloses “If it is necessary to perform the postprocess, then the data transfer unit 103 performs the process set in the transfer postprocess C144. For example, if the transfer postprocess C144 is set to "delete the transfer completed data," then the transfer completed data is deleted from the data storage unit 112. In addition, if, for example, the transfer postprocess C144 is set to "lock the transfer completed data," then the transfer completed data is locked in an unavailable state.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, in view of the teaching of Nakahara which discloses operations of data transfer unit and the postprocess unit related to the data transfer analysis and appropriate notification generation in order to improve the data transfer management and control in the system (Nakahara, [0210]).
Mraz as modified by Ford and Nakahara fails to explicitly teach: wherein the data controller is further caused to perform at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain
Trepetin from the analogous technical field teaches: wherein the data controller is further caused to perform at least one of anonymizing, pseudonymizing of the data object, prior to the transfer of the data object to the second network domain (Trepetin, in col.1, ll.29-32 discloses “the invention provides a method and system of anonymizing a database such that it may be queried efficiently while still retaining the ability to not decrypt requested data.” Trepetin, in col.40, ll.33-36 discloses “This family provides cloud and data centers computing with a new way of database operations, data hosting, transmission and computational analysis using ciphered data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford and Nakahara, in view of the teaching of Trepetin which discloses anonymizing data/database and controlling data transfer/transmission in order to higher security of the data management in the system (Trepetin, col.1, ll.29-32, col.40, ll.33-36).

Claims 11 – 13, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Mraz et al. (US 2014/0337410 A1) (hereafter Mraz), in view of Ford et al. (US 2017/0041296 A1) (hereafter Ford), in view of Nakahara et al. (US 2008/0281942) (hereafter Nakahara), and in view of Saros et al. (US 2012/0044059) (hereafter Saros).

Regarding claim 11 Mraz teaches: A method for handling transfer of a data object between network domains, the method being performed by a second data controller, of a second network domain, the method comprising: obtaining at least a first data object part of the data object and a second object part of the data object from a first data controller of a first network domain (Examiner note: as noted above, obtaining requests and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system) (Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)”),
[wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtaining an identifier identifying allowable handling of the data object in the second network domain; and verifying the cryptographic integrity signature;] 
wherein handling the data object comprises: combining the at least the first data object part of the data object with the second object part of the data object into the data object and decrypting the data object (Examiner note: as noted above, data could be modified/changed by the data filters comprised by system 200 which performs identification; in addition, modification of the data for transfer is met by splitting data into eight channels having three data streams each, which allows a multiple applications on split data parts including any predefined combinations using the programmable send and receive cards) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters” Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0025] discloses “Each channel 211 to 218 may preferably carry three data streams, for a total of 24 data streams in the presently preferred embodiment. This feature allows multiple applications to share the send card or receive card hardware as if each application were interacting with a separate card.”);
[discarding the data object when according to the allowable handling of the data object, the transfer of the data object to the second network domain is prevented; and transmitting a notification to the first data controller of the first network domain based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented.]
Mraz does not explicitly teach:  wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtaining an identifier identifying allowable handling of the data object in the second network domain; and verifying the cryptographic integrity signature
Ford from the analogous technical field teaches: wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtaining an identifier identifying allowable handling of the data object in the second network domain; [and verifying the cryptographic integrity signature] (Ford, in Para, [0139] discloses “the electronic signature facility 208 may provide a unique signature code ID for a signature page, such that the signature code ID is unique in the system, thus providing a unique identifier for the signature page.” Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange)” Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”),
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature as well as notifications through communication between users, i.e. user devices, in order to improve security and management of the data transfer in the system (Ford, [0081, 0152]).
Mraz as modified by Ford fails to explicitly teach: discarding the data object when according to the allowable handling of the data object, the transfer of the data object to the second network domain is prevented; 
and transmitting a notification to the first data controller of the first network domain based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented.
Nakahara from the analogous technical field teaches: discarding the data object when according to the allowable handling of the data object, the transfer of the data object to the second network domain is prevented and transmitting a notification to the first data controller of the first network domain based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented (Examiner note: sending/obtaining notification about occurred initially prevented data transfer as well as data deletion of the prevented transfer  is met by the preset actions of the postprocess C144, as depicted in Fig. 18 of Nakahara) (Nakahara, in Para. [0210] discloses “If the communication unit 106 of the terminal device 100 receives a termination notification to the effect that data was received from the server 200, then the data transfer unit 103 is notified of such. The data transfer unit 103 acquires the transfer postprocess C144 from the transfer control information C131 and determines whether it is necessary to perform the postprocess on the transferred data. If it is necessary to perform the postprocess, then the data transfer unit 103 performs the process set in the transfer postprocess C144. For example, if the transfer postprocess C144 is set to "delete the transfer completed data," then the transfer completed data is deleted from the data storage unit 112. In addition, if, for example, the transfer postprocess C144 is set to "lock the transfer completed data," then the transfer completed data is locked in an unavailable state.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, in view of the teaching of Nakahara which discloses operations of data transfer unit and the postprocess unit related to the data transfer analysis and appropriate notification generation in order to improve the data transfer management and control in the system (Nakahara, [0210]).
Mraz as modified by Ford and Nakahara fails to explicitly teach: and verifying the cryptographic integrity signature 
Saros from the analogous technical field teaches: and verifying the cryptographic integrity signature (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford and Nakahara, in view of the teaching of Saros which discloses verification of a cryptographic signature in order to higher security of the data management in the system (Saros, [0041]).

Regarding claim 12 Mraz, as modified by Ford, Nakahara, and Saros, teaches: The method according to claim 11, further comprising[[:]] providing a request to the first data controller for transmission of the data object to the second network domain (Examiner note: as noted above, obtaining requests and data transfer control between domains are met by administration of the CDS (i.e. the Cross-Domain Solution) system) (Mraz, in Para. [0029] discloses “Security controls include: (1) one-way data transfer security policy (enforced in hardware-not configurable); (2) restricted logical access to CDS network interfaces (ports restricted by internal IP tables-not configurable)” Mraz, in Para. [0024] discloses “Administration of CDS host platforms is performed strictly in accordance with security policies defined by CDS security control requirements and any further requirements associated with the networks to which they belong.”).

Regarding claim 13 Mraz, as modified by Ford, Nakahara, and Saros, teaches: The method according to claim 11, wherein said allowable handling comprises at least one of: preventing transfer of the data object to the second network domain, allowing transfer of the data object to the second network domain, preventing modification of the data object in the second network domain transfer, and allowing modification of the data object in the second network domain (Examiner note: as noted above, allowing or preventing data transfer are met by operations of the data filters; data could be modified/changed by the data filters) (Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0055] discloses “Data filters may be deployed before or after transfer through the one-way data link (on the left- or right-side network).”).

Regarding claim 15 Mraz, as modified by Ford, Nakahara, and Saros, teaches: The method according to claim 11, further comprising handling the data object in the second network domain according to the identifier (Examiner note: handling the data according to identifier is met by an appropriate configuration of the system 200) (Mraz, in Para. [0028] discloses “the system must be able to accurately identify the file/data types and deny all unless expressly permitted. System 200 verifies non-executability using the UNIX file command and ASCII format using the owllsAscii filter function.”).

Claim 26 is rejected under 35 U.S.C. 103 as being unpatentable over Mraz et al. (US 2014/0337410 A1) (hereafter Mraz), in view of Ford et al. (US 2017/0041296 A1) (hereafter Ford), in view of Saros et al. (US 2012/0044059) (hereafter Saros), and in view of Nakahara et al. (US 2008/0281942) (hereafter Nakahara).

Regarding claim 26 Mraz teaches: A data controller of a second network domain for handling transfer of a data object between network domains, the data controller comprising (Examiner note: as noted above, functions of the data controller are met by the designed operations of the controlling system 200) (Mraz, in Para. [0017] discloses “System 200 permits a customer to load custom data filters into special placeholders as needed. This gives the customer complete control over which data filters are applied to any given data transfer.” Mraz, in Para. [0019] discloses “The first server 205, located in the source (first) network domain, operates as a cross-domain sending gateway accessible by data source platforms in the first network domain. The second server 210, located in the destination (second) network domain, operates as a cross-domain receiving gateway that pushes data to destination platforms in the second network domain.”): 
 [processing circuitry; and a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain at least a first data object part of the data object and a second object part of the data object from a first data controller of a first network domain, wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtain an identifier identifying allowable handling of the data object in the second network domain;] (Ford )
[and verifying the cryptographic integrity signature,] (Soros)
wherein in handling the data object, the processing circuitry further causes the data controller to: combine the at least [[a]]the first data object part of the data object with [[a]]the second object part of the data object into the data object and decrypt the data object (Examiner note: as noted above, data could be modified/changed by the data filters comprised by system 200 which performs identification; in addition, modification of the data for transfer is met by splitting data into eight channels having three data streams each, which allows a multiple applications on split data parts including any predefined combinations using the programmable send and receive cards) (Mraz, in Para. [0028] discloses “System 200 is preferably equipped with data filters” Mraz, in Para. [0005] discloses “Such filters constitute a software process which performs particular and predetermined processing of the data being transmitted, and may include both generic (e.g., antivirus) and custom (e.g., customer defined) portions.” Mraz, in Para. [0025] discloses “Each channel 211 to 218 may preferably carry three data streams, for a total of 24 data streams in the presently preferred embodiment. This feature allows multiple applications to share the send card or receive card hardware as if each application were interacting with a separate card.”);
[discard the data object when according to the allowable handling of the data object, the transfer of the data object to the second network domain is prevented; and transmit a notification to the first data controller of the first network domain based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented] (Nakahara)
Mraz does not explicitly teach: processing circuitry; and a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain at least a first data object part of the data object and a second object part of the data object from a first data controller of a first network domain, wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtain an identifier identifying allowable handling of the data object in the second network domain; 
Ford from the analogous technical field teaches: processing circuitry; and a computer program product storing instructions that, when executed by the processing circuitry, causes the data controller to: obtain at least a first data object part of the data object and a second object part of the data object from a first data controller of a first network domain, wherein the data object is provided with a cryptographic integrity signature of the first data controller; obtain an identifier identifying allowable handling of the data object in the second network domain; (Ford, in Para, [0139] discloses “the electronic signature facility 208 may provide a unique signature code ID for a signature page, such that the signature code ID is unique in the system, thus providing a unique identifier for the signature page.” Ford, in Para, [0152] discloses “by recognizing the domain or the identity of the sender, the domain or identity of the recipient, the subject, an identifier related to the exchange (such as automatically embedded in content or communications relating to the exchange)” Ford, in Para, [0081] discloses “a range of interfaces 162 (which may include various bindings 164 and messaging 163 capabilities) each may be adapted to enable exchange of messages, data, metadata and the like with a particular service”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, in view of the teaching of Ford which discloses domain identification and application of electronic signature as well as notifications through communication between users, i.e. user devices, in order to improve security and management of the data transfer in the system (Ford, [0081, 0152]).
Mraz as modified by Ford fails to explicitly teach: and verifying the cryptographic integrity signature 
Saros from the analogous technical field teaches: and verifying the cryptographic integrity signature (Saros in Para. [0041] discloses “a signature or certificate can be included, allowing the integrity of the tag to be verified. The signature can for example comply with signature definitions as specified by the NFC Forum. The tag data can also include usage data, such as the number of times the tag has been read and data regarding one or more of the last readings, and/or statistics about readings, such as time of day of readings, etc. Data about the users having read the tag can also be included in the tag data.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford in view of the teaching of Saros which discloses verification of a cryptographic signature in order to higher security of the data management in the system (Saros, [0041]).
Mraz as modified by Ford and Soros fails to explicitly teach: discard the data object when according to the allowable handling of the data object, the transfer of the data object to the second network domain is prevented; and transmit a notification to the first data controller of the first network domain based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented
Nakahara from the analogous technical field teaches: discard the data object when according to the allowable handling of the data object, the transfer of the data object to the second network domain is prevented; and transmit a notification to the first data controller of the first network domain based on occurrence of transfer of the data object for which transfer of the data object to the second network domain is prevented (Examiner note: sending/obtaining notification about occurred initially prevented data transfer as well as data deletion of the prevented transfer  is met by the preset actions of the postprocess C144, as depicted in Fig. 18 of Nakahara) (Nakahara, in Para. [0210] discloses “If the communication unit 106 of the terminal device 100 receives a termination notification to the effect that data was received from the server 200, then the data transfer unit 103 is notified of such. The data transfer unit 103 acquires the transfer postprocess C144 from the transfer control information C131 and determines whether it is necessary to perform the postprocess on the transferred data. If it is necessary to perform the postprocess, then the data transfer unit 103 performs the process set in the transfer postprocess C144. For example, if the transfer postprocess C144 is set to "delete the transfer completed data," then the transfer completed data is deleted from the data storage unit 112. In addition, if, for example, the transfer postprocess C144 is set to "lock the transfer completed data," then the transfer completed data is locked in an unavailable state.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford, and Soros, in view of the teaching of Nakahara which discloses operations of data transfer unit and the postprocess unit related to the data transfer analysis and appropriate notification generation in order to improve the data transfer management and control in the system (Nakahara, [0210]).

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Mraz et al. (US 2014/0337410 A1) (hereafter Mraz), in view of Ford et al. (US 2017/0041296 A1) (hereafter Ford), and in view of Saros et al. (US 2012/0044059) (hereafter Saros), and in view of Hakala et al. (US 2017/0004168 A1) (hereafter Hakala).

Regarding claim 21 Mraz, as modified by Ford and Saros, fails to explicitly teach: The method according to claim 11, wherein the cryptographic integrity signature is based on a keyless signature infrastructure[[,]] KSIJ.
Hakala from the analogous technical field teaches: The method according to claim 11, wherein the cryptographic integrity signature is based on a keyless signature infrastructure[[,]] KSIJ (Hakala, in Para. [0003] discloses “Keyless Signature Infrastructure (KSI) is a more recent hash-tree based data signing technology providing data integrity, time stamping and signer identification services. The KSI based signature technology provides an alternative solution to PKI in data integrity protection with reliable integrity proof without assuming continued secrecy of the keys.” Hakala, in Para. [0064] discloses “The KSI gateway 13 may also verify the integrity of the reference by taking a hash of the received reference and comparing it to the stored hash of the reference”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Mraz, as modified by Ford and by Saros, in view of the teaching of Hakala which discloses a signature technology based on the Keyless Signature Infrastructure (KSI) method in order to provide more flexibility into the cryptographic signature process in the network (Hakala, [0003, 0064]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on the enclosed PTO-892 form, Maximov (20170078101). 
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313) 446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Vladimir I. Gavrilenko/Examiner, Art Unit 2431   

/TRANG T DOAN/Primary Examiner, Art Unit 2431