DETAILED ACTION
A.	This action is in response to the following communications: Amendment filed: 08/04/2022. This action is made Final.
B.	Claims 1-20 remain pending. 


Claim Rejections - 35 USC § 103
1.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
2.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claim 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Greco, Michael A. et al. (US Pub. 2020/0335064 A1), herein referred to as “Greco” in view of Muddu, Sudhakar et al. (US pub. 2017/0063897 A1), herein referred to as “Muddu” in further view of Beringer, Joerg et al. (US Pub. 2019/0294720 A1), herein referred to as “Beringer”.
 
As for claims 1, 11 and 20, Greco teaches. A system and corresponding method of claim 11 and medium of claim 20 for tracing data, the system comprising: a user interface; and a tracing engine executable on at least one processor, the tracing engine configured to (par. 164 example of system architecture wherein a server 110 communicates with 120 databases that will be used to keep track of files and how those files are transmitted between locations):

receive, via the user interface, a selection of a target file or an event involving the target file (fig. 16 is high level overview of the user interface, par. 75 wherein 1610a-c are timelines that represent spatial recorded time to display information chronologically, 1622a-c and 1624a-b are icons of any shape, size visualization that represent files);

generate, responsive to receiving the selection, a trace of first data in the target file to a plurality of file instances in a network each having at least one version of the first data, each of the plurality of file instances related to at least the target file or another of the plurality of file instances via at least one file operation or data operation (par.103 discusses fig. 20a-d with having tracked files cross multiple timelines to show shared files between these timelines, wherein user can share file to other data sources/platforms and it would be reflected via these timelines, par. 104-106 explain this in further detail), the trace having a plurality of branches each corresponding to at least one of the plurality of file instances generated via the at least one file operation or data operation (par. 104-106 fig.20b multiple timeline displayed within user interface that denote files and file events and when these files branch to a different timeline as indicated with vertical graphic or arrow per se); and

render, via the user interface, the generated trace (fig.16 and 20c shows user interface rendered to screen with file tracing across timelines).

Greco does not specifically clarify that the trace is performed on the target file or the another of the plurality of file instances; however in the same field of endeavor Muddu teaches generate, responsive to receiving the selection, a trace of first data in the target
file to a plurality of file instances in a network each having at least one version of the first data, each of the plurality of file instances related to at least the target file or another of the plurality of file instances via at least one file operation or data operation performed on the target file or the another of the plurality of file instances, the trace having a plurality of branches each corresponding to at least one of the plurality of file instances generated via the at least one file operation or data operation performed on the target file or the another of the plurality of file instances; and render, via the user interface, the generated trace having the plurality of branches (Example One: figure 40D user interface that displays “Threat Relations” flow 4040, which depicts the relationship between users, devices, and applications that are associated with the threat. Utilizing a timeline the user is able to trace/track an application/file from a particular user on a particular device connected to a particular network and trace/track the activity of said applications/users; par. 467-468. Example Two: fig. 46D-E is branch graphic from one isolated client user which shows the tracing/tracking of user actions and what files they are interacting with, par.494-495; fig. 58 shows more detailed view of the actions that are being tracked/traced in the branch graph displayed to a user monitoring the client).
It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Muddu into Greco this is true because Muddu suggest in paragraph 337 “Among other reasons, the big-data based, highly modularized characteristics of the security platform architecture introduced here present many opportunities for different components to benefit from intelligence sharing. For example, in certain implementations, as mentioned above, the security platform can include at least two event processing engines—one event processing engine operating in a real-time mode to process unbounded, streaming data that enters the security platform, and the other event processing engine operating in a batch mode to process batches of historical event data. In another example, a security platform deployed in an environment (e.g., an organization or an enterprise) may communicate with another security platform deployed in a different environment. All these event processing engines, because of their different operating modes, different data input, and/or different deployed environment, can potentially benefit from the knowledge gained by each another.”

Greco as modified by Muddu does not teach specifically “branches each corresponding to a generation of a new file instance of the target file
resulting from a file operation or data operation performed on one or more of the target file or  the another of the plurality of file instances; however in the same field of endeavor Beringer teaches within paragraph 55 a journey instance can render how a user(s) interacts with target file across multiple computers and creates new instances to create a model in par. 507.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Beringer into Greco as modified by Muddu as suggested by Beringer in paragraph 6 “However, UI tools that allow analysts to quickly search and analyze large set of raw machine data to visually identify data subsets of interest, particularly via straightforward and easy-to-understand sets of tools and search functionality do not exist.”.

As for claims 2 and 12, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the at least one file operation or data operation comprises at least one of: a file open, file write, file move, file copy, network upload, file rename, file content edit, file permission update, copy and paste, email, copy to storage, or print operation (fig. 16, 1622a is an icon visualization par. 80 termed “origami” which represents a single data object wherein par.75 states that data objects are “without limitation, one or more text messages, emails, images, videos, documents, files, etc.”).

Greco does not specifically clarify that the trace is performed on the target file or the another of the plurality of file instances; however in the same field of endeavor Muddu teaches wherein the at least one file operation or data operation performed on the target file or the another of the plurality of file instances (par.467 and/or 494; note claim 1 above for same analysis).

It would have been obvious to one of ordinary skill in the art before the effective filing date to combine Muddu into Greco this is true because Muddu suggest in paragraph 337 the benefits of tracing file activity.

As for claims 3 and 13, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the trace comprises a backward trace of the first data to a source of the first data in the network (fig. 20A-D and par. 109 shows animation of movement of files being traced/tracked across different channels; this encompasses backwards and forwards movements across channels).

As for claims 4 and 14, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the trace comprises a forward trace of the first data to at least one destination file instance (fig. 20A-D and par. 109 shows animation of movement of files being traced/tracked across different channels; this encompasses backwards and forwards movements across channels).

As for claims 5 and 15, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the first data comprises classified or sensitive data (fig. 16, 1622a is an icon visualization par. 80 termed “origami” which represents a single data object wherein par.75 states that data objects are “without limitation, one or more text messages, emails, images, videos, documents, files, etc.”; wherein classified and sensitive data would be encompassed as these types of data would be inherent; alternatively time sensitive data can be represented of the data objects in par. 154).

As for claims 6 and 16, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the tracing engine is further configuring to provide, for two adjacent file instances of the plurality of file instances along a portion of the trace, a corresponding file operation or data operation relating the two adjacent file instances (par.109 sending file instances to two or more timelines during movement of file).

As for claims 7 and 17, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the tracing engine is further configured to render the generated trace by displaying a graph of the generated trace (fig.20c is a graph of timelines depicted in user interface).

As for claims 8 and 18, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the tracing engine is further configured to render a first portion of the trace linking two adjacent file instances of the plurality of file instances, by a directional arrow corresponding to a type of file operation or data operation relating the two adjacent file instances (fig.20c uses animated arrows to denote movement of files).

As for claims 9 and 19, Greco teaches. The system of claim 1 and corresponding method of claim 11, wherein the generated trace represents a timeline of events corresponding to the at least one file operation or data operation (fig.20d shows user view channel that of events taken place).

As for claim 10, Greco teaches. The system of claim 1, wherein the tracing engine is further configured to generate statistics of types of file operations or data operations associated with the generated trace (par. 143 is prefect statistics used for efficiency while par. 199 is the statistics/status of data elements and conveying that information to the user) Examiner recommends further clarification on “statistics”).


(Note :) 	It is noted that any citation to specific, pages, columns, lines, or figures in the prior art references and any interpretation of the references should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006,1009, 158 USPQ 275, 277 (CCPA 1968)).

Response to Arguments

Applicant’s arguments with respect to claim(s) 08/04/2022 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Inquires
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS AUGUSTINE whose telephone number is (571)270-1056 and fax is 571-270-2056.  The examiner can normally be reached on M-F 8am-5pmpm Eastern.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Stephen Hong can be reached on 571-272-4124.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



    PNG
    media_image1.png
    213
    564
    media_image1.png
    Greyscale

/NICHOLAS AUGUSTINE/Primary Examiner, Art Unit 2178                                                                                                                                                                                                        November 17, 2022