DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	Applicant’s response filed on August 30, 2022 have been considered.  Claims 1-2, 4, 6-9, 11-12, 14, and 16-19 have been amended. Claims 3, 10, 13, and 20 have been canceled.  New claims 21-24 have been added. Claims 1-2, 4-9, 11-12, 14-19, and 21-24 are pending. 

Claim Rejections - 35 USC § 103

3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 2-5, 7-10, 12-15, and 17-20  are rejected under 35 U.S.C. 103 as being unpatentable over Parthasarathy (U.S. 2020/0311304 A1), in view of Niu et al. (U.S. 2020/0301917 A1), hereinafter “Niu”.
Referring to claim 1:
	Parthasarathy teaches:
           A method for dynamically masking sensitive data that is associated with data to which access is being provided for a commercial purpose, the method being implemented by at least one processor, the method comprising (see Parthasarathy, fig. 1, 101 ‘integrated platform’):
           generating a permitted-access list based on at least one set of predetermined rules (see Parthasarathy, [0105] ‘the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., generating a permitted-access list based on predetermined rules ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’; [0117] ‘determines the sensitive data by executing one or more match [i.e., comparing ] operations’), 
                   wherein the at least one set of predetermined rules includes at least one rule that assigns a classification to each data element type from among a plurality of data element types, and wherein the classification includes at least one from among a confidential classification, a highly confidential classification, and a personal classification (see Parthasarathy, [0069] ‘The unique data classifications comprise, for example, a national identifier (SSN) [i.e., confidential information], a credit card number[i.e., highly confidential information ], bank account information, first name [i.e., personal information ],, last name other names, address, phone, electronic mail (email) addresses, internet protocol (IP) addresses, date of birth, …, etc.’; fig. 13A, ‘Data Classification Type [i.e., assigning a classification to each data element type, e.g., assigning data classification type ‘Private information [i.e., confidential information ]’ to a data element type ‘Notional Identifier (SSN)’ ]’ field associated with a drop-down list for selecting various data classification types, such as confidential information, highly confidential information, personal information, etc.’; [0079] ‘In the determination of the sensitive data, the sensitive data discovery engine 102 classifies the data as sensitive data, or potentially sensitive data, or not sensitive data [i.e., assigning a classification to each data element, such confidential information, highly confidential information, or personal information, etc. ] based on the executed match operations in the configured scanning pathway.’); 
           receiving, from a user by the at least one processor, a request for data that includes the plurality of data element types (see Parthasarathy, fig. 1, 114a (user); [0034] ‘users accessing the identified sensitive data’; [0036] ‘the data monitoring module continuously monitors an access of the identified sensitive data by users and the programs using the generated templates.’); 
           retrieving, from a memory, the requested data (see Parthasarathy, fig. 5, 502 ‘database’, 503 ‘application’; [0034] ‘the data anonymization engine dynamically masks the determined sensitive data at one or more of a database layer, an application layer via a database, an application layer via an application programming interface, and an application layer via a proxy.’); 
           analyzing, by the at least one processor, the retrieved data to determine whether each data element type from among the plurality of data element types is permitted to be disclosed to the user (see Parthasarathy, [0034] ‘the data anonymization engine dynamically masks the determined sensitive data based on conditional criteria [i.e., analyzing ]. The conditional criteria comprise, conditions and users accessing the identified sensitive data, the locations of the users, programs accessing the identified sensitive data, etc.’; [0105] ‘ the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., determining whether the plurality of data element types permitted to be disclosed to the user ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’); 
            modifying, by the at least one processor, the retrieved data based on a result of the analyzing (see Parthasarathy, [0034] ‘the data anonymization engine dynamically masks the determined sensitive data based on conditional criteria [i.e., based on analyzing]. The conditional criteria comprise, conditions and users accessing the identified sensitive data, the locations of the users, programs accessing the identified sensitive data, etc.’); and 
            transmitting, to the user by the at least one processor, the modified data (see Parthasarathy, [0036] ‘the data monitoring module continuously monitors an access of the identified sensitive data by users and the programs using the generated templates.’).
          Parthasarathy suggests the permitted-access list (see Parthasarathy, [0105] ‘the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., a permitted-access list comprising the plurality of data element types ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’).  However, Parthasarathy does not disclose the term list.
	Nui discloses the list (see Nui, [0051] ‘list’).
	 	It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Nui into the system of Parthasarathy to use the list.  Parthasarathy teaches "a method for integrating and managing security of sensitive data across a lifecycle of the sensitive data by discovering, anonymizing, monitoring, and retiring the sensitive data across multiple similar and variant data sources and applications.” (see Parthasarathy, [0002]). Therefore, Nui’s teaching could enhance the system of Parthasarathy, because Nui “provide a data protection method and device and a storage medium to solve at least the problem of difficult operation for data protection in the big-data environment in the related art.” (see Nui, [0003]).  
Referring to claim 11:
	Parthasarathy teaches:
           A computing apparatus for dynamically masking sensitive data that is associated with data to which access is being provided for a commercial purpose, the computing apparatus comprising (see Parthasarathy, fig. 1, 101 ‘integrated platform’): 
           a processor; a memory; and a communication interface coupled to each of the processor and the memory (see Parthasarathy, fig. 1, 101 ‘integrated platform’),
wherein the processor is configured to:
           generate a permitted-access list based on at least one set of predetermined rules (see Parthasarathy, [0105] ‘the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., generating a permitted-access list based on predetermined rules ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’; [0117] ‘determines the sensitive data by executing one or more match [i.e., comparing ] operations’), 
           wherein the at least one set of predetermined rules includes at least one rule that assigns a classification to each data element type from among a plurality of data element types, and wherein the classification includes at least one from among a confidential classification, a highly confidential classification, and a personal classification (see Parthasarathy, [0069] ‘The unique data classifications comprise, for example, a national identifier (SSN) [i.e., confidential information], a credit card number[i.e., highly confidential information ], bank account information, first name [i.e., personal information ],, last name other names, address, phone, electronic mail (email) addresses, internet protocol (IP) addresses, date of birth, …, etc.’; fig. 13A, ‘Data Classification Type [i.e., assigning a classification to each data element type, e.g., assigning data classification type ‘Private information [i.e., confidential information ]’ to a data element type ‘Notional Identifier (SSN)’ ]’ field associated with a drop-down list for selecting various data classification types, such as confidential information, highly confidential information, personal information, etc.’; [0079] ‘In the determination of the sensitive data, the sensitive data discovery engine 102 classifies the data as sensitive data, or potentially sensitive data, or not sensitive data [i.e., assigning a classification to each data element, such confidential information, highly confidential information, or personal information, etc. ] based on the executed match operations in the configured scanning pathway.’); 
           receive, from a user via the communication interface, a request for data that includes the plurality of data element types (see Parthasarathy, fig. 1, 114a (user); [0034] ‘users accessing the identified sensitive data’; [0036] ‘the data monitoring module continuously monitors an access of the identified sensitive data by users and the programs using the generated templates.’); 
           retrieve, from the memory, the requested data (see Parthasarathy, fig. 5, 502 ‘database’, 503 ‘application’; [0034] ‘the data anonymization engine dynamically masks the determined sensitive data at one or more of a database layer, an application layer via a database, an application layer via an application programming interface, and an application layer via a proxy.’); 
           analyze the retrieved data to determine whether each data element type from among the plurality of data element types is permitted to be disclosed to the user (see Parthasarathy, [0034] ‘the data anonymization engine dynamically masks the determined sensitive data based on conditional criteria [i.e., analyzing ]. The conditional criteria comprise, conditions and users accessing the identified sensitive data, the locations of the users, programs accessing the identified sensitive data, etc.’; [0105] ‘ the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., determining whether the plurality of data element types permitted to be disclosed to the user ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’); 
           modify the retrieved data based on a result of the analyzing (see Parthasarathy, [0034] ‘the data anonymization engine dynamically masks the determined sensitive data based on conditional criteria [i.e., based on analyzing]. The conditional criteria comprise, conditions and users accessing the identified sensitive data, the locations of the users, programs accessing the identified sensitive data, etc.’); and
           transmit, to the user via the communication interface, the modified data (see Parthasarathy, [0036] ‘the data monitoring module continuously monitors an access of the identified sensitive data by users and the programs using the generated templates.’).
Parthasarathy suggests the permitted-access list (see Parthasarathy, [0105] ‘the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., a permitted-access list comprising the plurality of data element types ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’).  However, Parthasarathy does not disclose the term list.
	Nui discloses the list (see Nui, [0051] ‘list’).
	 	It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Nui into the system of Parthasarathy to use the list.  Parthasarathy teaches "a method for integrating and managing security of sensitive data across a lifecycle of the sensitive data by discovering, anonymizing, monitoring, and retiring the sensitive data across multiple similar and variant data sources and applications.” (see Parthasarathy, [0002]). Therefore, Nui’s teaching could enhance the system of Parthasarathy, because Nui “provide a data protection method and device and a storage medium to solve at least the problem of difficult operation for data protection in the big-data environment in the related art.” (see Nui, [0003]).  
Referring to claims 2, 12:
	Parthasarathy and Nui further disclose:
           wherein the analyzing of the retrieved data comprises comparing each data element type to a permitted-access list (see Parthasarathy, [0105] ‘the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., a permitted-access list comprising the plurality of data element types ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’; [0117] ‘determines the sensitive data by executing one or more match [i.e., comparing ] operations’), and 
            wherein, when a particular data element type is not included in the permitted- access list, the modifying of the retrieved data comprises redacting data corresponding to the particular data element type from the retrieved data (see Parthasarathy, [0022] ‘template comprising the sensitive data discovery intelligence, … data security operations such as data masking [i.e., redacting data ],…’; [0089] ‘The dynamic data masking module performs data masking based on predefined rules and policies, thereby … an unauthorized user is prevented from viewing the original sensitive data.’), and 
            when the particular data element type is included in the permitted-access list, the modifying of the retrieved data comprises retaining data corresponding to the particular data element type in the retrieved data (see Parthasarathy, [0022] ‘template comprising the sensitive data discovery intelligence, … data security operations such as data masking [i.e., redacting data ],…’; [0089] ‘The dynamic data masking module performs data masking based on predefined rules and policies, thereby ensuring that an authorized user has access to the original sensitive data’; [0146] ‘retained’).
Referring to claims 4, 14:
	Parthasarathy and Nui further disclose:
	wherein the at least one set of predetermined rules includes a body of laws and regulations that are associated with a first jurisdiction (see Parthasarathy, [0146] ‘the sensitive data discovery engine 102 assists in enforcing new regulations, for example, the California Consumer Privacy Act, passed after the GDPR.’).
Referring to claims 5, 15:
	Parthasarathy and Nui further disclose:
	wherein the body of laws and regulations includes at least one from among a European Union (EU) General Data Protection Regulation (GDPR) and a set of banking rules that are applicable in Switzerland (see Parthasarathy, [0146] ‘the sensitive data discovery engine 102 assists in enforcement of the general data protection regulation (GDPR) in the following articles: … ‘).
Referring to claims 7, 17:
	Parthasarathy and Nui further disclose:
	wherein the at least one set of predetermined rules includes at least one rule that is associated with a public health concern (see Parthasarathy. [0146] ‘The integrated platform 101 is industry agnostic and is deployable in multiple industries, for example, the financial service industry, the healthcare industry, the retail industry, etc.’).
Referring to claims 8, 18:
	Parthasarathy and Nui further disclose:
           wherein the at least one set of predetermined rules includes at least one rule that varies based on an identity of the user from which the request is received (see Parthasarathy, [0105] ‘the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., a permitted-access list comprising the plurality of data element types ], from where connections are allowed to be made to the sensitive data, and when the sensitive data is accessible.’).
Referring to claims 9, 19:
	Parthasarathy and Nui further disclose:
                      wherein the at least one set of predetermined rules includes at least one rule that varies based on at least one condition from among whether or not the user is working from home and whether or not an entity that relates to the requested data has indicated an approval for the requested data to be processed on a cloud server (see Parthasarathy, [0105] ‘ the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., determining whether the plurality of data element types permitted to be discloses to the user ], from where connections are allowed [i.e., whether or not the user is working from home ] to be made to the sensitive data, and when the sensitive data is accessible.’).
Referring to claims 21-22:
	Parthasarathy and Nui further disclose:
	wherein the retrieving the requested data comprises: executing a network call to an application via an application programming interface (API) (see Parthasarathy, [0034] ‘the data anonymization engine dynamically masks the determined sensitive data at one or more of a database layer, an application layer via a database, an application layer via an application programming interface [i.e., API ], and an application layer via a proxy.’).
Referring to claims 23-24:
	Parthasarathy and Nui further disclose:
           wherein the redacting data corresponding to the particular data element type from the retrieved data, comprises: replacing a value of the particular data element type with an arbitrary value while maintaining a structure of the particular data element type (see Parthasarathy, [0035] ‘replaces the identified sensitive data with tokens’; [0088] ‘the sensitive data is replaced with realistic but non-meaningful data’; [[0108] ‘replacing the sensitive data randomly’).

5.	Claims 6, and 16  are rejected under 35 U.S.C. 103 as being unpatentable over Parthasarathy (U.S. 2020/0311304 A1), in view of Niu et al. (U.S. 2020/0301917 A1), further in view of Sun et al. (U.S. 10,044,691 B1), hereinafter “Sun”.
Referring to claims 6, 16:
	Parthasarathy and Nui disclose the limitations as described in claims 1-2 above.  However, they do not disclose receiving rule updates, and modifying the permitted-access list.
	Sun discloses:
	receiving, from an authorized entity, update information that relates to a modification of the at least one set of predetermined rules (see Sun, col. 8, line 59 ‘periodically receive an update to the sensitivity policy’); and 
           modifying the generated permitted-access list based on the received update information (see Sun, col. 8, line 61 ‘modify what qualifies as sensitive data’).
                      It would have been obvious to one of the ordinary skill in the art, before the effective filing date of the claimed invention, to apply the teaching of Sun into the system of Parthasarathy to receive rule updates, and modify permitted-access list.  Parthasarathy teaches "a method for integrating and managing security of sensitive data across a lifecycle of the sensitive data by discovering, anonymizing, monitoring, and retiring the sensitive data across multiple similar and variant data sources and applications.” (see Parthasarathy, [0002]). Therefore, Sun’s teaching could enhance the system of Parthasarathy, because Sun discloses “thus allowing the client device 104 or the server device 106 (or the person or enterprise that controls each device) to dictate what qualifies as sensitive data.” (see Sun, col. 8, line 62)

Response to Arguments
6.	Applicant's arguments filed on August 30, 2022 have been fully considered but they are not persuasive. 
-claims 1, 11
(a)	Applicant submits:
“Therefore, Applicant respectfully submits that Parthasarathy does not actually disclose the limitation: “wherein the classification includes at least one from among a confidential classification, a highly confidential classification, and a personal classification... .”” (see page 12, 1st par.)
Examiner maintains:
Parthasarathy discloses: [0069] ‘The unique data classifications comprise, for example, a national identifier (SSN) [i.e., confidential information], a credit card number[i.e., highly confidential information ], bank account information, first name [i.e., personal information ],, last name other names, address, phone, electronic mail (email) addresses, internet protocol (IP) addresses, date of birth, …, etc.’; fig. 13A, ‘Data Classification Type [i.e., assigning a classification to each data element type, e.g., assigning data classification type ‘Private information [i.e., confidential information ]’ to a data element type ‘Notional Identifier (SSN)’ ]’ field associated with a drop-down list for selecting various data classification types, such as confidential information, highly confidential information, personal information, etc.’; [0079] ‘In the determination of the sensitive data, the sensitive data discovery engine 102 classifies the data as sensitive data, or potentially sensitive data, or not sensitive data [i.e., assigning a classification to each data element, such confidential information, highly confidential information, or personal information, etc. ] based on the executed match operations in the configured scanning pathway.’
Therefore, the reference discloses or suggests the limitation “wherein the classification includes at least one from among a confidential classification, a highly confidential classification, and a personal classification... .”, as claimed.
(b)	Applicant submits:
“In yet another example, Applicant respectfully submits that Parthasarathy does not disclose: “a request for data that includes a plurality of data element types”.” (see page 12, 2nd par.)
Examiner maintains:
Parthasarathy discloses: fig. 1, 114a (user); [0034] ‘users accessing the identified sensitive data’; [0036] ‘the data monitoring module continuously monitors an access of the identified sensitive data by users and the programs using the generated templates.’
Parthasarathy further discloses the sensitive data includes “…a national identifier (SSN) [i.e., confidential information], a credit card number[i.e., highly confidential information ], bank account information …” (see Parthasarathy, [0069]).
Therefore, the reference disclose or suggest “a request for data that includes a plurality of data element types”, as claimed. 
-claims 6, 16
(c)	Applicant submits:
“Accordingly, Applicant respectfully submits that Parthasarathy does not disclose the limitation: “wherein the classification includes at least one from among a confidential classification, a highly confidential classification, and a personal classification... .”” (see page 13, last par.)
Examiner maintains:
The reference discloses or suggests the limitation “wherein the classification includes at least one from among a confidential classification, a highly confidential classification, and a personal classification... .”, as claimed. (see (a) above).
-claims 7, 17
(d)	Applicant submits:
“However, Applicant respectfully submits that a “platform” that “is deployable in .. . the healthcare industry” is not the same thing as a “rule that is associated with a public health concern”.” (see page 14, 4th par.)
Examiner maintains:
Parthasarathy discloses: [0146] ‘The integrated platform 101 is industry agnostic and is deployable in multiple industries, for example, the financial service industry, the healthcare industry, the retail industry, etc.’
The healthcare industry would apply the integrated platform 101 with rules associated with the healthcare industry.
Therefore, the reference discloses or suggests a “rule that is associated with a public health concern”.
-claims 9, 19
(e)	Applicant submits:
“Indeed, determining “from where connections are allowed” and “when [] sensitive data is accessible” is not the same thing as determining “whether or not [a] user is working from home” or “whether or not. . . data [may] be processed on a cloud server.”” (see page 15, 2nd par.)
Examiner maintains:
Parthasarathy discloses: [0105] ‘ the templates 501 provide information on who is allowed to access the sensitive data, what sensitive data is accessible [i.e., determining whether the plurality of data element types permitted to be discloses to the user ], from where connections are allowed [i.e., determining the network connection, such as determining whether or not the user is working from home, such as using a VPN connection to the company, or such as determining whether the requested data needs to be retrieved from a cloud server, etc. ] to be made to the sensitive data, and when the sensitive data is accessible.’
Therefore, the reference discloses or suggests determining “whether or not [a] user is working from home” or “whether or not. . . data [may] be processed on a cloud server.”, as claimed.
 
Conclusion

7.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
 (a)	Rodniansky; Leonid et al. (US 20210144125 A1) disclose Security information propagation in a network protection system;
(b)	Avanes; Artin et al. (US 10867063 B1) disclose Dynamic shared data object masking;
(c)	Dodor; Dmitri et al. (US 20200380146 A1) disclose Enforcing sensitive data protection in security systems;
(d)	LOZAC'H; Florent et al. (US 20200322127 A1) disclose DYNAMIC MASKING;
(e)	Sanghi; Gaurav et al. (US 20190377895 A1) disclose methods for data masking and devices thereof;
(f)	Goel; Nilesh et al. (US 20190214060 A1) disclose Systems and Methods for Dynamic Data Masking;
(g)	Cachin; Christian et al. (US 20180218166 A1) disclose data masking.

 8.      THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
           A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
                      Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
          If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
           Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492