DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 6/12/2022 has been entered.
Accordingly, claims 1-2, 8-12, 18-21, 23, and 25-29 are pending in this application. Claims 1 and 11 are currently amended. Claims 22 and 24 have been canceled. Claims 25-29 are new.

Response to Arguments
Applicant’s arguments with respect to amended pending claims filed on 6/12/2022 have been fully considered. In view of the claim amendment filed, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made. 
Further, regarding the new limitations recited in claims 1, 11, and 25-29, it is submitted that they are properly addressed by the new ground of rejection.
Furthermore, it is also submitted that all limitations in pending claims, including those not specifically argued, are properly addressed. The reason is set forth in the rejections. See claim analysis below for detail.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 8-9, 11-12, 18-19, 25-29 are rejected under 35 U.S.C. 103 as being unpatentable over Prakash et al. (US 20210117571 A1, hereinafter Prakash) in view of Narayanaswamy et al. (US 20200074106 A1, hereinafter Narayanaswamy).

Regarding Claim 1, Prakash discloses a data classification system ([Abstract]: Various embodiments are provided for providing real-time context-based detection and classification of data in a computing environment are provided), comprising:
 a proxy, configured to intercept transactions that are conducted over a network between clients and a data store (Fig. 2; Fig. 4; [0056]: In one aspect, the present invention may receive, interrupt, and/or intercept and act upon data prior to reaching a computing storage system/device; [0076]: The machine learning component 490 may… assist the knowledge manager 480 to identify, detect, analyze, and/or intercept classified/private data), 
wherein the transactions include queries and responses ([0089]: An application service application programming interface (“API”) may also receive the request, as in block 640, and then query an application database (“DB”) storage system, as in block 660; [0090]: The machine learning operation system (e.g., AI library/system), at block 670, may then return the processed, classified data response back to the user 610), and 
wherein the queries or responses carry data (Fig. 6; A machine learning operation system (e.g., IBM® Watson® library) may process the data received from block 670); and
a processor, configured to construct, based on the intercepted transactions, a classification map comprising a classification of at least some of the data that is stored in the data store into predefined classes (Fig. 1, processing units 16; Fig. 5A; [0056]: In one aspect, the data is analyzed and contextual information is collected learned, identified, processed, assembled, and/or built; [0057]: Once enough context data is accumulated/built, the contextual information may be analyzed to determine the correct classification criteria to be applied (e.g., classifying the data as PII, SPI, classified, unclassified, etc., based on the identified/learned context)), 
wherein the classification map lists locations of data in the data store along with a corresponding classification of the sensitivity of the data (Fig. 5A; [0081]: The contextual information may include, but not limited to, information relating to location 524 (e.g., data is from country “A”), information relating to data ownership 526 (e.g., a location/company owning the application data), and/or user characteristics 528, which may all be collected and assembled into information relating to data classification 522 (e.g., PII, SPI, confidential, governmental “top secret”, classified, unclassified, etc.) [Non-functional descriptive material]), 
wherein the processor comprises: a knowledge store including the classification map (Fig. 5A; [0081]: data classification 522); and
a classifier which classifies the data as to whether it is sensitive and updates the classification map based on the results of the classification (Fig. 4; [0068]: For example, the data classification component 460 may, in association with the machine learning component 490 may application the contextual classification criteria to identify and protect such sensitive, personal, or private information data; [0066]: the context-based classification criteria component 450 may continuously search, receive, learn, alter, adjust, update, and/or modify the contextual classification criteria).
However, Prakash does not explicitly teach “wherein the classifier is configured to check for intercepted transactions whether their data already appears in the classification map, and to refrain from classifying data of transactions for which the data is already in the classification map.”
On the other hand, in the same field of endeavor, Narayanaswamy teaches
wherein the classifier is configured to check for intercepted transactions whether their data already appears in the classification map, and to refrain from classifying data of transactions for which the data is already in the classification map ([0123]: If the sensitive classification of the document is embedded in the document header, an endpoint policy enforcer at the user endpoint can simply check the sensitive classification in the document header to enforce a data loss prevention (DLP) policy… Moreover, as the sensitive classification travels with the document, the network security system (NSS) 161 does not need to store the sensitive classification in a database for future reference. The NSS 161 can identify the sensitivity classification simply by checking the document header).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the system of Prakash with the teachings of Narayanaswamy to include “wherein the classifier is configured to check for intercepted transactions whether their data already appears in the classification map, and to refrain from classifying data of transactions for which the data is already in the classification map.”
The motivation for doing so would be to check the sensitive classification in the document header to enforce a data loss prevention (DLP) policy, as recognized by Narayanaswamy ([0123]: of Narayanaswamy: Moreover, as the sensitive classification travels with the document, the network security system (NSS) 161 does not need to store the sensitive classification in a database for future reference. The NSS 161 can identify the sensitivity classification simply by checking the document header).

Regarding Claim 2, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the processor is configured to construct the classification map without directly accessing the data store (See Prakash, Fig. 5A; [0014]: Accordingly, a need exists to detect and classify data based on contextual information in real-time upon immediately receiving the data (e.g., classifying the data in real-time); [0081]: Starting in block 510, a user may enter data into a computing system. The data 512 may then be used to build contextual information from the data, as in block 520).

Regarding Claim 8, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the processor is configured to output a report that reports the classification map (See Prakash, Fig. 6; [0090]: The machine learning operation system (e.g., AI library/system), at block 670, may then return the processed, classified data response back to the user 610 via the bot/plugin API calls, as in block 650, and back through the application server API, as in block 640, which then forwards the reply back to the application via the user interface for communicating the response to the user 610, as in block 620).

Regarding Claim 9, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the processor is configured to enforce a policy on subsequent transactions based on the classification map (See Narayanaswamy, [0123]: If the sensitive classification of the document is embedded in the document header, an endpoint policy enforcer at the user endpoint can simply check the sensitive classification in the document header to enforce a data loss prevention (DLP) policy… Moreover, as the sensitive classification travels with the document, the network security system (NSS) 161 does not need to store the sensitive classification in a database for future reference. The NSS 161 can identify the sensitivity classification simply by checking the document header).

Regarding Claim 11, Prakash discloses a data classification method, comprising: 
intercepting transactions that are conducted over a network between clients and a data store (Fig. 2; Fig. 4; [0056]: In one aspect, the present invention may receive, interrupt, and/or intercept and act upon data prior to reaching a computing storage system/device; [0076]: The machine learning component 490 may… assist the knowledge manager 480 to identify, detect, analyze, and/or intercept classified/private data), 
wherein the transactions include queries and responses ([0089]: An application service application programming interface (“API”) may also receive the request, as in block 640, and then query an application database (“DB”) storage system, as in block 660; [0090]: The machine learning operation system (e.g., AI library/system), at block 670, may then return the processed, classified data response back to the user 610), and 
wherein the queries or responses carry data (Fig. 6; A machine learning operation system (e.g., IBM® Watson® library) may process the data received from block 670); 
constructing, based on the intercepted transactions, a classification map comprising a classification of at least some of the data that is stored in the data store into predefined classes (Fig. 1, processing units 16; Fig. 5A; [0056]: In one aspect, the data is analyzed and contextual information is collected learned, identified, processed, assembled, and/or built; [0057]: Once enough context data is accumulated/built, the contextual information may be analyzed to determine the correct classification criteria to be applied (e.g., classifying the data as PII, SPI, classified, unclassified, etc., based on the identified/learned context)),
wherein the classification map lists locations of data in the data store along with a corresponding classification of the sensitivity of the data (Fig. 5A; [0081]: The contextual information may include, but not limited to, information relating to location 524 (e.g., data is from country “A”), information relating to data ownership 526 (e.g., a location/company owning the application data), and/or user characteristics 528, which may all be collected and assembled into information relating to data classification 522 (e.g., PII, SPI, confidential, governmental “top secret”, classified, unclassified, etc.) [Non-functional descriptive material]), 
However, Prakash does not explicitly teach “wherein constructing the classification map comprises: checking for intercepted transactions whether their data already appears in the classification map, and classifying the data that does not already appear in the classification map as to whether it is sensitive, while refraining from classifying data of transactions for which the data is already in the classification map.”
On the other hand, in the same field of endeavor, Narayanaswamy teaches
wherein constructing the classification map comprises: checking for intercepted transactions whether their data already appears in the classification map, and classifying the data that does not already appear in the classification map as to whether it is sensitive, while refraining from classifying data of transactions for which the data is already in the classification map ([0123]: If the sensitive classification of the document is embedded in the document header, an endpoint policy enforcer at the user endpoint can simply check the sensitive classification in the document header to enforce a data loss prevention (DLP) policy… Moreover, as the sensitive classification travels with the document, the network security system (NSS) 161 does not need to store the sensitive classification in a database for future reference. The NSS 161 can identify the sensitivity classification simply by checking the document header)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the method of Prakash with the teachings of Narayanaswamy to include “wherein constructing the classification map comprises: checking for intercepted transactions whether their data already appears in the classification map, and classifying the data that does not already appear in the classification map as to whether it is sensitive, while refraining from classifying data of transactions for which the data is already in the classification map.”
The motivation for doing so would be to check the sensitive classification in the document header to enforce a data loss prevention (DLP) policy, as recognized by Narayanaswamy ([0123]: of Narayanaswamy: Moreover, as the sensitive classification travels with the document, the network security system (NSS) 161 does not need to store the sensitive classification in a database for future reference. The NSS 161 can identify the sensitivity classification simply by checking the document header).

Regarding Claim 12, the combined teachings of Prakash and Narayanaswamy disclose the method according to claim 11, wherein constructing the classification map is performed without directly accessing the data store (See Prakash, Fig. 5A; [0014]: Accordingly, a need exists to detect and classify data based on contextual information in real-time upon immediately receiving the data (e.g., classifying the data in real-time); [0081]: Starting in block 510, a user may enter data into a computing system. The data 512 may then be used to build contextual information from the data, as in block 520).

Regarding Claim 18, the combined teachings of Prakash and Narayanaswamy disclose the method according to claim 11, further comprising outputting a report that reports the classification map (See Prakash, Fig. 6; [0090]: The machine learning operation system (e.g., AI library/system), at block 670, may then return the processed, classified data response back to the user 610 via the bot/plugin API calls, as in block 650, and back through the application server API, as in block 640, which then forwards the reply back to the application via the user interface for communicating the response to the user 610, as in block 620).

Regarding Claim 19, the combined teachings of Prakash and Narayanaswamy disclose the method according to claim 11, further comprising enforcing a policy on subsequent transactions based on the classification map (See Prakash, [0014]: Data classification is what determines the subsequent actions that may be performed with the data such as, for example, securely storing or even sharing the data; [0033]: [0070]: In an additional aspect, the data classification component 460 may apply data security policies, rules, regulations, or a combination thereof relating to user criteria, data types and formats, data ownership, or a combination thereof for classifying data according to contextual classification criteria applied to contextual information). 

Regarding Claim 25, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the processor further includes an analyzer which parses the intercepted transactions and models the parsed intercepted transactions to recognize which data is accessed by the intercepted transactions (See Narayanaswamy, Fig. 1; [0046]: The inline proxy 171 parses the user's network traffic that selects the document for download and intercepts from the parsed traffic a critical metadata in an API parameter string used to download the document) and 
determine a type of filtering that the intercepted transactions perform (See Narayanaswamy, [0046]: The inline proxy 171 interprets the critical metadata to analyze sensitivity of the document to assign a sensitive classification to the document. Data exfiltration prevention measures can be triggered upon detection of attempted exfiltration of the document based on the sensitivity classification).

Regarding Claim 26, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the classifier performs string analysis on the queries to identify strings indicative of sensitive data (See Prakash, [0057]: Once enough context data is accumulated/built, the contextual information may be analyzed to determine the correct classification criteria to be applied (e.g., classifying the data as PII, SPI, classified, unclassified, etc., based on the identified/learned context); [0076]: The machine learning component 490 may… assist the knowledge manager 480 to identify, detect, analyze, and/or intercept classified/private data (e.g., personal or sensitive information), and/or data patterns to assist with learning the contextual information and/or classification. See also Prakash, [0016]).

Regarding Claim 27, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the classifier performs string analysis on the data to identify strings indicative of sensitive data (See Prakash, [0076]: The machine learning component 490 may… assist the knowledge manager 480 to identify, detect, analyze, and/or intercept classified/private data (e.g., personal or sensitive information), and/or data patterns to assist with learning the contextual information and/or classification. See also Prakash, [0016]).

Regarding Claim 28, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the classifier performs string analysis on the labels of the data to identify strings indicative of sensitive data (See Prakash, [0016]: That is, a machine learning operation may perform one or more machine learning operations (e.g., natural language processing and/or artificial intelligence “AI” operations) to learn both the contextual information and application classification criteria required to be applied to data for appropriate classification (e.g., private, personal, sensitive, and/or proprietary). See also Prakash, [0076]).

Regarding Claim 29, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1, wherein the classifier applies a statistical machine learning model to the queries and responses (See Prakash, [0078]: As one of ordinary skill in the art will appreciate, the data management service 410 may implement mathematical modeling, probability and statistical analysis or modeling, machine reasoning, probabilistic logic, text data compression, or other data processing technologies to carry out the various mechanisms of the illustrated embodiments). 

Claims 10, 20-21, and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Prakash et al. (US 20210117571 A1, hereinafter Prakash) in view of Narayanaswamy et al. (US 20200074106 A1, hereinafter Narayanaswamy) and in further view of Raleigh et al. (US 20120215911 A1, hereinafter Raleigh).

Regarding Claim 10, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1.
However, the combined teachings of Prakash and Narayanaswamy do not explicitly teach “wherein the proxy is configured to suspend a given transaction until the processor has completed classifying the data pertaining to the given transaction.”
On the other hand, in the same field of endeavor, Raleigh teaches wherein the proxy is configured to suspend a given transaction until the processor has completed classifying the data pertaining to the given transaction ([0294]: As yet another example, intercepting messaging transmissions can be parsed inline and allowed to transmit (e.g., allowed), and the transmission or a portion of the transmission can be copied to memory for classifying the traffic flow... In some embodiments, implementing traffic control for network capacity controlled services is provided by killing or suspending the network service activity; [0194]: In some embodiments, the Access Network AAA server 1621 also provides the ability to suspend service for a device and resume service for a device based on communications received from the service controller 122; Fig. 3; [0200]: As shown, architecture 300 also includes a suspend resume interface 320).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the system of Prakash and Narayanaswamy with the teachings of Raleigh to include “wherein the proxy is configured to suspend a given transaction until the processor has completed classifying the data pertaining to the given transaction.”
The motivation to combine would be to suspend and resume service based on instructions from the service controller, as recognized by Raleigh ([0194] of Raleigh: In some embodiments, the Access Network AAA server 1621 also provides the ability to suspend service for a device and resume service for a device based on communications received from the service controller 122).

Regarding Claim 20, the combined teachings of Prakash and Narayanaswamy disclose the method according to claim 11.
However, the combined teachings of Prakash and Narayanaswamy do not explicitly teach “suspending a given transaction until classification of the data pertaining to the given transaction is completed.”
On the other hand, in the same field of endeavor, Raleigh teaches suspending a given transaction until classification of the data pertaining to the given transaction is completed. ([0294]: As yet another example, intercepting messaging transmissions can be parsed inline and allowed to transmit (e.g., allowed), and the transmission or a portion of the transmission can be copied to memory for classifying the traffic flow... In some embodiments, implementing traffic control for network capacity controlled services is provided by killing or suspending the network service activity; [0194]: In some embodiments, the Access Network AAA server 1621 also provides the ability to suspend service for a device and resume service for a device based on communications received from the service controller 122; Fig. 3; [0200]: As shown, architecture 300 also includes a suspend resume interface 320).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the method of Prakash and Narayanaswamy with the teachings of Raleigh to include “suspending a given transaction until classification of the data pertaining to the given transaction is completed.”
The motivation to combine would be to suspend and resume service based on instructions from the service controller, as recognized by Raleigh ([0194] of Raleigh: In some embodiments, the Access Network AAA server 1621 also provides the ability to suspend service for a device and resume service for a device based on communications received from the service controller 122).

Regarding Claim 21, the combined teachings of Prakash and Narayanaswamy disclose the method according to claim 11.
However, the combined teachings of Prakash and Narayanaswamy do not explicitly teach “wherein the intercepted transactions are allowed to proceed regardless of their classification”
On the other hand, in the same field of endeavor, Raleigh teaches wherein the intercepted transactions are allowed to proceed regardless of their classification ([0294]: As yet another example, intercepting messaging transmissions can be parsed inline and allowed to transmit (e.g., allowed), and the transmission or a portion of the transmission can be copied to memory for classifying the traffic flow).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the method of Prakash and Narayanaswamy with the teachings of Raleigh to include “wherein the intercepted transactions are allowed to proceed regardless of their classification”
The motivation to combine would be to implement traffic control for network capacity controlled services, as recognized by Raleigh ([0294] of Raleigh: In some embodiments, implementing traffic control for network capacity controlled services is provided by intercepting opens/connects/writes. In some embodiments, implementing traffic control for network capacity controlled services is provided by intercepting stack API level or application messaging layer requests (e.g., socket open/send requests)).

Regarding Claim 23, the combined teachings of Prakash and Narayanaswamy disclose the system according to claim 1.
However, the combined teachings of Prakash and Narayanaswamy do not explicitly teach “wherein the proxy is configured to allow intercepted transactions to proceed regardless of their classification”.
On the other hand, in the same field of endeavor, Raleigh teaches wherein the proxy is configured to allow intercepted transactions to proceed regardless of their classification ([0294]: As yet another example, intercepting messaging transmissions can be parsed inline and allowed to transmit (e.g., allowed), and the transmission or a portion of the transmission can be copied to memory for classifying the traffic flow).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have combined the system of Prakash and Narayanaswamy with the teachings of Raleigh to include “wherein the proxy is configured to allow intercepted transactions to proceed regardless of their classification.”
The motivation to combine would be to implement traffic control for network capacity controlled services, as recognized by Raleigh ([0294] of Raleigh: In some embodiments, implementing traffic control for network capacity controlled services is provided by intercepting opens/connects/writes. In some embodiments, implementing traffic control for network capacity controlled services is provided by intercepting stack API level or application messaging layer requests (e.g., socket open/send requests)).



Examiner Note
Examiner has cited particular columns/paragraph and line numbers in the references applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings of the art and are applied to specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested from the applicant in preparing responses, to fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the Examiner.
In the case of amending the Claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. This will assist in expediting compact prosecution. MPEP 714.02 recites: "Applicant should also specifically point out the support for any amendments made to the disclosure. See MPEP § 163.06. An amendment which does not comply with the provisions of 37 CFR 1.12l(b), (c),  (d), and (h) may be held not fully responsive. See MPEP § 714." Amendments not pointing to
specific support in the disclosure may be deemed as not complying with provisions of 37 C.F.R. 1.131(b), (c), (d), and (h) and therefore held not fully responsive. Generic statements such as "Applicants believe no new matter has been introduced" may be deemed insufficient.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIRLEY D. HICKS whose telephone number is (571)272-3304.  The examiner can normally be reached on Mon - Fri 7:30 - 4:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fred Ehichioya can be reached on (571) 272-4034.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/S.D.H./Examiner, Art Unit 2168        

/IRETE F EHICHIOYA/Supervisory Patent Examiner, Art Unit 2168