DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 11/02/2022. Claims 1-5, 9, and 11-18 are amended. Claims 1-20 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/741,316. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission has been entered. 
Examiner notes
Applicant is encouraged to review the relevant references mentioned at the conclusion section of this office action.

In Claims 14-20 “computer readable media storing” has been cited in Paragraph 84 of specification as Examples of computer storage media include, but not limited to, phase-change memory (PRAM), static random-access memory (SRAM), dynamic random-access memory (DRAM), other types of random-access memory (RAM)… the computer readable media does not include transitory media, such as modulated data signals and carrier waves.


Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).  

Applicant's arguments filed 05/19/2022 have been fully considered but they are not persuasive:
Applicants respectfully submits on pages 11-13 of remarks filed on 11/02/2022 that Kauffman, Matsumura, and Taylor, taken either alone or in combination, fail to teach or fairly suggest these newly added features of amended claim 1. 

Examiner respectfully disagrees with applicant argument for claim 1 filed on 05/19/2022 on pages 9-11 of remarks. 

Kauffman discloses obtaining subject fingerprint information of a current access subject for a carrier object of which data sources of operations performed thereon are traced, the current access subject being a subject currently performing an operation on the carrier object, the subject fingerprint information of the current access subject being used for indicating a flow path of the carrier object [ Col. 16, lines 12-28, At block 625, time-based access statistics are calculated for the sensitive files in the folder. In one embodiment, the time-based statistic (subject fingerprint information) calculated for each sensitive file (carrier object) is the number of unique users per month who access the file over the past year (current access subject) (this indicates the flow path of the sensitive file of who has picked up the file and accesses it in a period of a time). In another embodiment, the time-based statistic calculated for each sensitive file is the number of accesses of the file per month over the past year. If such time-based statistics are already maintained for the files by the data permissions and access system 104, then in block 625 such statistics can be directly retrieved from--for example--the number of accesses store 108. In block 630, a usage trend representation is generated and displayed in the GUI. The usage trend representation can visually illustrate the calculated time-based access statistics for the sensitive files in the folder to a user. In one embodiment, the usage trend representation is a graph. The graph can be generated by graph module 272 of the user interface 270], and [ Abstract, see FIG. 5 and corresponding text for more detail].

Furthermore, Marsumura also discloses the flow path of a file as: [¶129, the information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time], and [¶134, For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12].


Matsumura discloses embedding the subject fingerprint information of the current access subject into the carrier object as a new digital watermark in the carrier object at a position that is adjacent to a position of another digital watermark corresponding to subject fingerprint information of a previous access object that has accessed the carrier object immediately before the current access subject, wherein the carrier object comprises a plurality of digital watermarks located at adjacent positions [ ¶129], the information receiving part 12 receives a file access log kept on a different computer 3. The file access log( with digital watermarks)  is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time( generating new digital watermark ever time the file is accessed], and [¶134,  For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12].

Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that combing the teaching of Kauffman and Matsumura provides the file access log (with digital watermarks) which includes information concerning the sensitive file( carrier object) access ; who has accessed the file and saved it ( generating or updating  digital watermark) , the time of the access (who accessed the file first, second, etc. indicating the adjacent positioning of digital watermarks with respect to each other )  which also indicates the  flow path of the sensitive file by showing who has picked up the file and accessed the sensitive file in a time period ( showing the sequence of the users who has access the file and saved it). Examiner maintains his rejection.

Kauffman and Matsumura do not explicitly disclose; however, Taylor discloses digital watermarking [ Abstract, A digital file is associated with a security attribute related to watermarking criteria]


Applicants respectfully submits on pages 13-14 of remarks filed on 11/02/2022 that Kauffman, Matsumura, and Taylor, taken either alone or in combination, fail to teach or fairly suggest "obtaining a carrier object comprising a plurality of watermarks, the plurality of watermarks being located at adjacent positions in the carrier object and corresponding to respective fingerprint information of access subjects," as amended claim 11 recites.

Examiner respectfully disagrees with applicant argument for claim 11 filed on 11/02/2022 on pages 13-14 of remarks.

Examiner Note: Examiner refer Applicant to claim 1 argument above for the similar argument.

Examiner respectfully disagrees with applicant argument for claim 14 filed on 11/02/2022 on pages 14-15 of remarks.

Examiner Note: Examiner refer Applicant to claim 1 argument above for the similar argument.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US8677448) issued to Kauffman and in view of US Patent No. (US2014/0373167) issued to Matsumura and further in view of US Patent No. (US2015/0058623) issued to Taylor.
Regarding claims 1, 14, Kauffman discloses a method implemented by one or more computing devices, the method comprising: obtaining subject fingerprint information of a current access subject for a carrier object, the subject fingerprint information of the current access subject being used for indicating a flow path of the carrier object [ Col. 16, lines 12-28, At block 625, time-based access statistics are calculated for the sensitive files in the folder. In one embodiment, the time-based statistic (subject fingerprint information) calculated for each sensitive file (carrier object) is the number of unique users per month who access the file over the past year (current access subject) (this indicates the flow path of the sensitive file of who has picked up the file and accesses it in a period of a time). In another embodiment, the time-based statistic calculated for each sensitive file is the number of accesses of the file per month over the past year. If such time-based statistics are already maintained for the files by the data permissions and access system 104, then in block 625 such statistics can be directly retrieved from--for example--the number of accesses store 108. In block 630, a usage trend representation is generated and displayed in the GUI. The usage trend representation can visually illustrate the calculated time-based access statistics for the sensitive files in the folder to a user. In one embodiment, the usage trend representation is a graph. The graph can be generated by graph module 272 of the user interface 270], and [ Abstract, see FIG. 5 and corresponding text for more detail].
Furthermore, Marsumura also discloses the flow path of a file as: [¶129, the information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time], and [¶134, For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12].
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that the flow path of the sensitive file by showing who has picked up the file and accessed the sensitive file in a time period. Examiner maintains his rejection.
Kauffman does not explicitly disclose, however, Matsumura discloses embedding the subject fingerprint information of the current access subject into the carrier object as a new digital watermark in the carrier object at a position that is adjacent to a position of another digital watermark corresponding to subject fingerprint information of a previous access object that has accessed the carrier object immediately before the current access subject, wherein the carrier object comprises a plurality of digital watermarks located at adjacent positions [ ¶129], the information receiving part 12 receives a file access log kept on a different computer 3. The file access log( with digital watermarks)  is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time( generating new digital watermark ever time the file is accessed], and [¶134,  For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12].
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that combing the teaching of Kauffman and Matsumura provides the file access log (with digital watermarks) which includes information concerning the sensitive file( carrier object) access ; who has accessed the file and saved it ( generating or updating  digital watermark) , the time of the access (who accessed the file first, second, etc. indicating the adjacent positioning of digital watermarks with respect to each other )  which also indicates the  flow path of the sensitive file by showing who has picked up the file and accessed the sensitive file in a time period ( showing the sequence of the users who has access the file and saved it). Examiner maintains his rejection.
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman with the teaching of Matsumura in order to A leaked information tracing technique enabling a recipient of leaked information to be identified [ Matsumura, Abstract].
Kauffman and Matsumura do not explicitly disclose; however, Taylor discloses digital watermarking [ Abstract, A digital file is associated with a security attribute related to watermarking criteria]
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman and Matsumura with the teaching of Taylor in order to implementing a technique for incorporating and/or controlling forensic watermarking at a content receiving system [ Taylor, ¶1, Abstract].
Regarding claims 2, and 15, determining that subject fingerprint information of a previous access subject for the carrier object is embedded in a first position in the carrier object in a digital watermarking manner; and embedding the subject fingerprint information of the current access subject into an adjacent position after the first position in the carrier object as the digital watermark.  
Taylor does not explicitly disclose; however, Kauffman discloses these limitations as: [ Col. 16, lines 12-28, At block 625, time-based access statistics are calculated for the sensitive files in the folder. In one embodiment, the time-based statistic (subject fingerprint information) calculated for each sensitive file (carrier object) is the number of unique users per month who access the file over the past year (current access subject) (this indicates the flow path of the sensitive file of who has picked up the file and accesses it in a period of a time). In another embodiment, the time-based statistic calculated for each sensitive file is the number of accesses of the file per month over the past year. If such time-based statistics are already maintained for the files by the data permissions and access system 104, then in block 625 such statistics can be directly retrieved from--for example--the number of accesses store 108. In block 630, a usage trend representation is generated and displayed in the GUI. The usage trend representation can visually illustrate the calculated time-based access statistics for the sensitive files in the folder to a user. In one embodiment, the usage trend representation is a graph. The graph can be generated by graph module 272 of the user interface 270], and [ Abstract, see FIG. 5 and corresponding text for more detail].
Furthermore, Matsumura discloses these limitations as: [¶129, the information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time], and [¶134, For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman with the teaching of Matsumura in order to A leaked information tracing technique enabling a recipient of leaked information to be identified [ Matsumura, Abstract].
Regarding claims 3, and 16, Kauffman discloses determining whether the carrier object is data that needs to be managed securely; and embedding the subject fingerprint information of the current access subject into the carrier object as the new digital watermark if affirmative [Col 16, lines 12-13, At block 625, time-based access statistics are calculated for the sensitive files in the folder].
Regarding claims 4, and 17, Kauffman discloses obtaining access permission information of the current access subject according to the subject fingerprint information of the current access subject;  25determining whether the permission information of the current access subject and the operation of the current access subject on the carrier object match a preset operation permission of the current access subject on the carrier object of a current security level[see FIG,3, see the corresponding text for more detail. Obtain configuration parameters (320), Col.11, lines 25-32, in some embodiments, the configuration parameters can determine which data is used in the calculation of the risk score. For example, the configuration parameters may be set such that only a severity level and a permission ACL of a data object are used to calculate the risk score. In another example, the configuration parameters may be set such that a severity level, an access information, and a permission ACL are used to calculate the risk score for a data object].
 if the permission information of the current access subject and the operation of the current access subject on the carrier object match the preset operation permission of the current access subject on the carrier object of the current security level[ Col.4, lines 43-47, Data permission and access system 104 can access permission ACLs store 110 to obtain the permission ACL for the file, and can provide the obtained permission ACL to risk calculation system 120, which then determines how many users are allowed access to the file].
Kauffman and Taylor do not explicitly disclose, however, Matsumura discloses and embedding the subject fingerprint information of the current access subject into the carrier object as the new digital watermark [¶129, the information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman and Taylor with the teaching of Matsumura in order to A leaked information tracing technique enabling a recipient of leaked information to be identified [ Matsumura, Abstract].
Regarding claims 5, and 18, Kauffman discloses obtaining security management information for the carrier object, the security management information being used for sensing data security risks in the carrier object; and embedding the security management information into the carrier object as a first digital watermark [Col. 16, lines12-22, at block 625, time-based access statistics are calculated for the sensitive files in the folder. In one embodiment, the time-based statistic calculated for each sensitive file is the number of unique users per month who access the file over the past year. In another embodiment, the time-based statistic calculated for each sensitive file is the number of accesses of the file per month over the past year. If such time-based statistics are already maintained for the files by the data permissions and access system 104, then in block 625 such statistics can be directly retrieved from--for example--the number of accesses store 108], and [see FIG,3, see the text for more detail.  calculate risk score for the data object].
And further more Matsumura discloses [ [0129] The information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time].
Kauffman and Matsumura do not explicitly disclose; however, Taylor discloses digital watermarking [ Abstract, A digital file is associated with a security attribute related to watermarking criteria]
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman and Matsumura with the teaching of Taylor in order to implementing a technique for incorporating and/or controlling forensic watermarking at a content receiving system [ Taylor, ¶1, Abstract].
Regarding claims 6, Kauffman discloses, wherein security level information of the carrier object is obtained from the security management information that is embedded in the carrier object [see FIG,3, see the text for more detail. Obtain security level for the data object, calculate risk score for the data object].
Regarding claims 7, and 19, Kauffman discloses, wherein the carrier object is unstructured data, and obtaining the security management information for the carrier object comprises: obtaining a sample of the unstructured data; and obtaining security management information of the unstructured data from the sample of the unstructured data [see FIG,3, see the text for more detail. Obtain configuration parameter (320), see Col.11, lines 13-49, At block 320, processing logic obtains configuration parameters. In some embodiments, a user can configure the configuration parameters. In some embodiments, the configuration parameters can include coefficients for the risk score calculation. For example, if a risk score calculation uses a severity level and access information to calculate the risk score, a user may set a coefficient for the severity level value to 1, and the coefficient for the access information to 0.5. In this example, the risk score calculation would be adjusted such that the full value of the severity level and only half of the value of the access information was used to calculate the risk score. In some embodiments, the configuration parameters can determine which data is used in the calculation of the risk score….].
Regarding claims 8, and 20, Kauffman discloses issuing a warning, and returning the subject fingerprint information of the current access subject and the security management information to a data center for preventing data leakages if the permission information of the current access subject and the operation of the 26current access subject on the carrier object do not match the preset operation permission of the current access subject on the carrier object of the current security level [ see FIG. 3 and corresponding text for more details. Col.13 lines 10-30, at block 380, a risk report is created using the risk score for a data object. In some embodiments, the risk report can include the risk score for the data object(s) obtained at block 310. In some embodiments, the risk report can normalize the risk scores for the data objects included in the risk report. For example, the highest risk score included in the risk report can be set to a value of 100, and the other risk scores are normalized to a scale of 1-100 based on a comparison with the highest risk score. In some embodiments, if the data object is a folder, the risk report can include the risk score for the folder without including the risk score for files within the folder. In some embodiments, if the data object is a folder, the risk report can include the risk score for the folder and additional data, such as the number of incidents associated with files in the folder or the DLP policies which have the highest number of incidents or violations in the folder. In some embodiments, the risk report can include the owner of the data object which caused an incident. In some embodiments, the risk report is displayed in a GUI viewable by a user].
Regarding claim 9, Kauffman discloses, wherein the security management information comprises identification information and security level information of the carrier object [ see FIG. 3 and corresponding text for more details. Identify data object on which to perform risk score calculation (330), obtain security level for a data object (330)].
Regarding claims 10, and 13, Kauffman discloses, wherein the subject fingerprint information of the current access subject comprises at least one of identification information of the current access subject, access behavior attribute information of the current access subject, access time information of the current access subject, or address information of the current access subject[Col. 15 lines 12-22, at block 625, time-based access statistics are calculated for the sensitive files in the folder. In one embodiment, the time-based statistic calculated for each sensitive file is the number of unique users per month who access the file over the past year. In another embodiment, the time-based statistic calculated for each sensitive file is the number of accesses of the file per month over the past year. If such time-based statistics are already maintained for the files by the data permissions and access system 104, then in block 625 such statistics can be directly retrieved from--for example--the number of accesses store 108.
And furthermore, Matsumura discloses [¶129, the information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman and Taylor with the teaching of Matsumura in order to A leaked information tracing technique enabling a recipient of leaked information to be identified [ Matsumura, Abstract].
Regarding claim 11, Kauffman discloses an apparatus comprising: one or more processors; and memory storing executable instructions that, when executed by the one or more processors, cause the one or more processors to perform acts comprising: obtaining a carrier object comprising a plurality of watermarks, the plurality of watermarks being located at adjacent positions in the carrier object and corresponding to respective fingerprint information of access subjects [ Col. 16, lines 12-28, At block 625, time-based access statistics are calculated for the sensitive files in the folder. In one embodiment, the time-based statistic (subject fingerprint information) calculated for each sensitive file (carrier object) is the number of unique users per month who access the file over the past year (current access subject) (this indicates the flow path of the sensitive file of who has picked up the file and accesses it in a period of a time). In another embodiment, the time-based statistic calculated for each sensitive file is the number of accesses of the file per month over the past year. If such time-based statistics are already maintained for the files by the data permissions and access system 104, then in block 625 such statistics can be directly retrieved from--for example--the number of accesses store 108. In block 630, a usage trend representation is generated and displayed in the GUI. The usage trend representation can visually illustrate the calculated time-based access statistics for the sensitive files in the folder to a user. In one embodiment, the usage trend representation is a graph. The graph can be generated by graph module 272 of the user interface 270], and [ Abstract, see FIG. 5 and corresponding text for more detail].
And furthermore, Matsumura discloses [ ¶129], the information receiving part 12 receives a file access log kept on a different computer 3. The file access log( with digital watermarks)  is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time( generating new digital watermark ever time the file is accessed], and [¶134,  For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12].
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that combing the teaching of Kauffman and Matsumura provides the file access log (with digital watermarks) which includes information concerning the sensitive file( carrier object) access ; who has accessed the file and saved it ( generating or updating  digital watermark) , the time of the access (who accessed the file first, second, etc. indicating the adjacent positioning of digital watermarks with respect to each other )  which also indicates the  flow path of the sensitive file by showing who has picked up the file and accessed the sensitive file in a time period ( showing the sequence of the users who has access the file and saved it). Examiner maintains his rejection
extracting the respective subject fingerprint information of access subjects for the carrier object from the carrier object, the respective subject fingerprint information of the access subjects being used for indicating a flow path of the carrier object [ Col. 16, lines 12-28, At block 625, time-based access statistics are calculated for the sensitive files in the folder. In one embodiment, the time-based statistic (subject fingerprint information) calculated for each sensitive file (carrier object) is the number of unique users per month who access the file over the past year (current access subject) (this indicates the flow path of the sensitive file of who has picked up the file and accesses it in a period of a time). In another embodiment, the time-based statistic calculated for each sensitive file is the number of accesses of the file per month over the past year. If such time-based statistics are already maintained for the files by the data permissions and access system 104, then in block 625 such statistics can be directly retrieved from--for example--the number of accesses store 108. In block 630, a usage trend representation is generated and displayed in the GUI. The usage trend representation can visually illustrate the calculated time-based access statistics for the sensitive files in the folder to a user. In one embodiment, the usage trend representation is a graph. The graph can be generated by graph module 272 of the user interface 270], and [ Abstract, see FIG. 5 and corresponding text for more detail].
Furthermore, Marsumura also discloses the flow path of the carries object as: [¶129, the information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time], and [¶134, For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12].
Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that the flow path of the sensitive file by showing who has picked up the file and accessed the sensitive file in a time period. Examiner maintains his rejection.
Kauffman  does not explicitly disclose, however, Matsumura disclose and determining a data leaker of the carrier object based on the respective subject fingerprint information of the access subjects[¶21,  If access to files can be logged on a leak recipient computer by an access monitoring software or a tracer that has the function of logging access to files, access log information relating to a content may be sent from the leak recipient computer to the trace center and may be compared with previous information from the tracer so that even if the leaked content has been edited and modified, the edited and modified content can be identified as the leaked information], and [¶134,  For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved the content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 12], and [¶¶188, Abstract, A leaked information tracing technique].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman with the teaching of Matsumura in order to A leaked information tracing technique enabling a recipient of leaked information to be identified [ Matsumura, Abstract].
Kauffman and Matsumura do not explicitly disclose; however, Taylor discloses watermarks (digital watermarking) [ Abstract, A digital file is associated with a security attribute related to watermarking criteria]
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman and Matsumura with the teaching of Taylor in order to implementing a technique for incorporating and/or controlling forensic watermarking at a content receiving system [ Taylor, ¶1, Abstract].
Regarding claim 12, Kauffman and Taylor do not explicitly disclose, however Matsumura discloses, wherein determining the data leaker of the carrier object based on the subject fingerprint information of the access subjects comprises: obtaining flow path records of the carrier object according to the subject fingerprint information of the access subjects [¶129, the information receiving part 12 receives a file access log kept on a different computer 3. The file access log is information concerning file access, such as the name of a file accessed, a person who accessed, access date and time and, if a file accessed has been edited and saved, the name of the saved file, the person who saved the file, and save date and time]; and
 and setting an access subject corresponding to a last path record in the flow path records of the carrier object as the data leaker of the carrier object [¶187, A leaked information tracing system], and [¶188, the report accepting part 122 receives a file access log kept on a different computer 3. The file access log is information about file access such as the name of a file accessed, the person who accessed the file, access time and, if the accessed file was edited and stored, the name of the file stored, the person who stored the file, and store time], and [¶193] For example, assume that a tracer-containing content X was edited and saved as a content Y on the different computer 3. In that case, the access monitoring software generates a file access log including information such as the name of a person who accessed the tracer-containing content X, the date and time at which the tracer-containing content X was accessed, and the name of a person who saved content Y, and the date and time at which the content Y was saved, and sends the file access log to the information receiving part 122].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kauffman and Taylor with the teaching of Matsumura in order to A leaked information tracing technique enabling a recipient of leaked information to be identified [ Matsumura, Abstract].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Barr (US8,856,640) [ Method for Electronically Signing Electronically Stored Document, Involves Applying Electronic Signature to Electronically Stored Document to Produce Initial Signed Version of Document, And Modifying Initial Signed Version].
Harmon (US2018/0241569) [STORING, MIGRATING, AND CONTROLLING ACCESS TO ELECTRONIC DOCUMENTS DURING ELECTRONIC DOCUMENT SIGNING PROCESSES].
Malliah (US2020/0019715) [SYSTEM AND METHOD FOR MULTI-PARTY ELECTRONIC SIGNING OF ELECTRONIC DOCUMENTS].
Dang (US2019/0050587) [GENERATING ELECTRONIC AGREEMENTS WITH MULTIPLE CONTRIBUTORS].
Follis (US20150312227) [ PRIVACY PRESERVING ELECTRONIC DOCUMENT SIGNATURE SERVICE].
CN106569929A [ A Real-time Data Access Method and System Applied to Monitoring System].
CN1525683A [ Method for Marking Data].
 Alain (US20080034205) [Methods and Systems for Providing Access Control to Electronic Data].
WO2005038589A2 [ELECTRONIC DOCUMENT MANAGEMENT SYSTEM].
WO2013029048A1[ MOBILE SOLUTION FOR SIGNING AND RETAINING THIRD-PARTY DOCUMENTS].
Stockton (US2009/0089094) [ ¶22, In the illustrated embodiment, an audit log is generated whenever a user accesses protected health information within the patient database 14. The audit log is a record of a user's access to a patient's protected health information. In particular, the audit log records information that can enable the system 10 to determine what protected health information was accessed, who accessed it, and the process by which they accessed the information. The audit log may include such information as the patient's name and identification number, the type of protected health information accessed, the user's name and identification number, the time and date of the access, the destination computer, and any query information used to search for a patient's protected health information. The audit logs are stored in an audit log repository 24].
Hartley (US2013/0262862) [¶62, In addition to facilitating the setting of policies, preferences, and account settings, the controls/audit module 645 may also track and log data related to user account files. The types of data that may be monitored and logged is manifold, but examples include (but are not limited to): item identifiers (such as file name, folder names, hash values, etc.); who and when a third party was granted access to a shared folder; a date when an item was added to the mirror folder; dates when an item was edited or updated; a date when an item was deleted; dates when an item was synchronized; dates when an item was accessed (or attempted to be accessed) by a third party; an identifier of a third party that accessed an item; snapshots of items for recover; version of items; and the like. A user or admin may log into the system to obtain such data for review and analysis. In embodiments, the admin/user may set policies related to audit notices. For example, a user or administrator may set policies to be notified for any parameter related to file storage, file access, account access, file synchronization, file sharing, collaboration, and the like].
Hurley (US2018/0234234) [¶69, If the file extension is available, access control list data, such as the owner, creator, list of users who can edit, and the list of users who can access the file, may be provided to the fingerprinting process. Collectively, such data points are referred to herein as the Level 1 metadata].
JIN (US2013/0018921 [¶2, Organizations collect and generate large amounts of data that can be used by many different parties for various purposes. Hospitals may generate medical records that could potentially be used by insurance companies and other entities. Part or all of the data may be sensitive and may require that the information be shared only as necessary], and [[0017] As shown in FIG. 2, an exemplary method 200 for determining whether a user has over-accessed patient records may include a step 210 of retrieving a list of a user's accesses to data by a plurality of users for a certain purpose during a specified period of time. For example, a purpose for a user access may be for reviewing patient records in order to diagnose a patient's symptoms. A step 220 may include deriving access patterns based on the user's accesses to data. For example, deriving an access pattern from activities of all users may include reviewing a stored database list of accesses by all users of a patient's medical records for a certain purpose. As an example, deriving an access pattern may include deriving a distribution of roles of users who accessed specific resources in a category of a certain medical record in a certain time period. A step 230 may include storing the derived access patterns in a second database].
Culberston (US10679737) (4) In accordance with an aspect described herein a method for presenting electronic patient data accessing information is provided. The method includes receiving data related to a plurality of access events, by one or more employees, of electronic patient data, determining a set of access events in the plurality of access events constitute, by the one or more employees, possible breach of the electronic patient data, and providing an alert related to the set of access events based on determining that the set of access events constitute possible breach of the electronic patient data)(12) each healthcare provider network and/or a related entity (e.g., hospital, doctor's office, etc.) may have a different workflow, and thus the analysis of the data in this regard facilitates providing customized breach detection for a given workflow. In a specific example, a hospital may employ a nurse anesthetist in the Operating Room who records the initiation of surgery, while another hospital might employ anesthesiologists who records the initiation of anesthesia. Additionally, in another specific example, some physicians may use phone or email to follow up with patients after an appointment and thus access patient data between appointments where other physicians might only access patient data while the patient is in clinic. Moreover, in another specific example, some clinics may use nurses in an administrative role (such as office assistant) whereas other clinics might use nurses in a research capacity similar to an academic physician, etc. In any case, analyzing the data using clustering, machine-learning, network or other statistical analysis, etc. allows for breach detection for a given workflow than more rigid strictly rule-based systems. (81) FIG. 5 illustrates an example interface 500 for displaying at least a portion of data analysis performed by a healthcare provider network platform. For example, interface 500 displays some clustering of data, which can be performed by a data patterning component 136 as described herein. For example, interface 500 can display a patient summary 502 and employee information 504 related to an access of the patient's EMR as indicated by EMR access data, as described herein. Accesses of the EMR are indicated by dots 506 over a timeline, where each dot 506 corresponds to an access or other action in an EMR of a patient by the listed employee. In addition, interface 500 can depict groupings 508 of employees that are determined to typically access the same EMRs (e.g. within a threshold period of time). For example, one grouping 508 can correlate an orthopedic clinic including a registered nurse, a physician's assistant, and a medical assistant that typically access the same EMRs (e.g., including the depicted EMR for “Frank McDaniel.” In this example interface 500, various groupings of employees associated in clinics are shown as accessing the EMR. A registered nurse that is not part of the groupings, however, and/or accessed the EMR outside a threshold time within which other employees in the grouping accessed the EMR, is shown as an alert 510 of possible breach of the data (e.g., based at least on data analyzing component 128 determining that the registered nurse is not part of the groupings). In addition, interacting with the alert 510 can cause display of additional information of the EMR access at 512], and [see FIG. 6 and corresponding text for more details].
Ramanathan (US2015/0020151) [¶68, Various embodiments disclosed herein are directed to a digital content distribution system that allows a content publisher to securely distribute content to end-users and manage policies on how that content is consumed. The content distribution system is cloud-based and publishes secured content through the Internet. The system also provides analytical reports, which provide content publishers with insight into, e.g., who is accessing content files, how often, and from where. [¶167, The policy/rule engine may apply each of the rules of one or more sharing policies to the request, first user and/or digital content. Via a rule specifying a quantity of users, the policy/rule engine may determine if sharing the content with the second user is allowed by the rule. In particular, the policy/rule engine may determine a number of users with whom the content has been shared. In some implementations, the content distribution system maintains an activities/privileges log that tracks the activity and privileges associated with each content or user. In some implementations, the policy/rule engine can manage and update the sharing policies and access policies to include a list of users with whom the content is shared and a list of users that have been authorized to access the content. The content distribution system can determine a number of times the user has shared the content, a number of times the content has been shared by all of the users, and a number of users that have been authorized to access the content. If, based on the user quantity rule, the number of users with whom the content has been shared has not reached the maximum number of users.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496