DETAILED ACTION
This action is response to communication:  response to amendments/argumetns filed on 10/14/2022.
Claims 1-21 are currently pending in this application.  
No new IDS has been filed for this application.


Response to Arguments	
Applicants have amended the claims to include that a secure container controls access to the data using an enforcement engine that is stored within.  However, such claims would have been obvious over the Thankappan and Little combination.  As seen in THankappan in Figure 1, mobile device includes a secure container which provides access to content to the user. As further elaborated in col. 5 lines 30-50, Thankappan teaches that the secure container is the engine/device that controls specific access to the user, which includes providing controlled access such as reviewing, sharing, printing, sharing, etc.  Thus, it would have been obvious to one of ordinary skill in the art that that Thankappan’s secure container includes an enforcement engine that is stored within the container.  See amended rejection below. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3, 6, 8-10, 13, 15-17, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Thankappan et al. US Patent No. 9904791 (Thankappan), in view of Little et al. US Patent Application Publication 2020/0302074 (Little)

As per claim 1, Thankappan teaches a computer-implemented method for controlling access to a secure container comprising: instantiating, at an endpoint device of a user, a secure container that is based on an image file, wherein the secure container includes encrypted data corresponding to the user (col. 5 lines 1-20 with secure container on mobile device; see col. 2 lines 15-25 with container for accessing files; see also col. 5 lines 30-50); authenticating an access request to the secure container by verifying credentials of the user (col. 5 line 50-55 with authenticating user; see further col. 7 line 45-55 with authenticating with password or pin or identifier); and in response to verifying the credentials of the user, granting access to the data;  and controlling access to the data, using an enforcement engine that is stored in the secure container, and enabling access to a portion of the data (col. 5 line 55-60 with user granted access to data after authentication; see also col. 5 lines 30-50 wherein the secure container/engine is responsible for controlling access to the data).  
	Although Thankappan teaches granting access to the secure container and controlling access to the data, Thankappan does not explicitly teach doing this by decrypting the data, wherein additional portions of the data are decrypted and made accessible based on user behavior.  However, decrypting data based on user behavior is well known in the art.  For example, see Little (paragarph 33, 36, and throughout wherein decryption key is provided and data made accessible based on user behavior).
	At the time the invention was filed, it would have been obvious to one ordinary skill in the art to combine the teachings of Thankappan with Little.  One of ordinary skill in the art would have been motivated to perform such an addition to provide a more effective file access control mechanism (paragraph 6).
	As per claim 2, the Thankappan combination teaches analyzing the user behavior to determine that an access violation has occurred; and in response to determining that the access violation has occurred, suspending access to the data by the user (paragraph 33, 36, and throughout with denying access to data based on user behavior; see also paragraph 54 and 55 with behavior being suspect).
	As per claim 3, the Thankappan combination teaches wherein the user behavior is analyzed to identify one or more events, and wherein the access violation is determined by: calculating a total risk score based on one or more risk sub-scores corresponding to the identified one or more events; and determining that the total risk score satisfies a predetermined threshold value (Little abstract, paragraph 33, 50, 65, and throughout with risk scores comprising multiple factors and thresholds).
	
	As per claim 6, the Thankappan combination eaches wherein authenticating the access request is further based on one or more from a croup of: a computing environment of the endpoing device, a current location of the endpoint device, and a previous access location of the secure container (Little paragraph 61 with location of user, historical data, etc)
Claim 8 is rejected using the same basis of arguments used to reject claim 1 above.
Claim 9 is rejected using the same basis of arguments used to reject claim 2 above. 
Claim 10 is rejected using the same basis of arguments used to reject claim 3 above. 
Claim 13 is rejected using the same basis of arguments used to reject claim 6 above.
Claim 15 is rejected using the same basis of arguments used to reject claim 1 above.
Claim 16 is rejected using the same basis of arguments used to reject claim 2 above.
Claim 17 is rejected using the same basis of arguments used to reject claim 3 above.
Claim 20 is rejected using the same basis of arguments used to reject claim 6 above.

Claim(s) 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over the Thankappan combination as applied above, and further in view of Kessel et al. US Patent Application Publication 2020/0236123 (Kessel).

As per claim 4, the Thankappan combination does not explicitly teach wherein the user behavior includes a rate of access to the data.  However, this would have been obvious.  Little, in paragraph 33, 48, and 61, teaches user behavior factors including general file access, time of access, time when user typically accesses, historical user behavior, etc.  This data contributes to the rate of data access and would have been obvious to determine behavior based on the rate.  However, for a further teaching on determining user behavior based on rate of access, see Kessel (paragraph 14, 15, 40, and throughout with determining anomalous user behavior based on access rate).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachigns of the Thankappan combination with Kessel.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by analyzing a user’s behavior along with other factors (paragraph 5). 
Claim 11 is rejected using the same basis of arguments used to reject claim 4 above.
Claim 18 is rejected using the same basis of arguments used to reject claim 5 above.


Claim(s) 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over the Thankappan combination as applied above, and further in view of Barnes et al. US Patent Application Publication 2013/0298256 (Barnes).

As per claim 5, although the Thankappan combination teaches determining user behavior, the combination does not explicitly teaching wherein the user behavior includes the user querying the data using one or more unauthorized query terms.  However, determining user behavior based on search terms is well known in the art.  FOr example, see Barnes (paragraph 40 and 56 with determining user behavior based on search terms). 
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thankappan with Barnes.  One of ordinary skill in the art would have been motivated to perform such an addition to provide a method to identify a user’s intent (paragraph 40).
Claim 12 is rejected using the same basis of arguments used to reject claim 5 above.
Claim 19 is rejected using the same basis of arguments used to reject claim 5 above.

Claim(s) 7, 14, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over the Thankappan combination as applied above, and further in view of Bhatia et al. US Patent No. 8,424,098 (Bhatia).

As per claim 7, the THankappan combination does not explicitly teach presenting mock data in response to determining that an access violation has occurred or in response to the access request including a distress indicator.  However, providing mock data in response to violatios or distress is notoriously well known in the art.  For example, see Bhatia (col. 5 line 60 to col. 4  line 60 to col. 5 line 20 with providing fake data to unauthorized user).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of the Thankappan combination with Bhatia.  One of ordinary skill in the art would have been motivated to perform such an addition to provide a robust technique to aid in protecting confidential and sensitive data (col. 1 line 44-51). 
Claim 14 is rejected using the same basis of arguments used to reject claim 7 above.
Claim 21 is rejected using the same basis of arguments used to reject claim 14 above.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495