DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to application 17/162,662 that the Applicant filed on January 29, 2021 and presented 20 claims.  Original claims 1-20 remain pending in the application. 
Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: 1134 and 1138 in Fig. 11.  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context.
Numbered superscript – a first phrase to be moved upwards to the primary reference analysis.
Lettered superscript – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A.	Claims 1-7, 10-13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Sawhney et al. (US 9,106,687, “Sawhney”) in view of Barile et al. (US 8,799,287, “Barile”).
Regarding Claim 1
Sawhney discloses
A computer-implemented method (abstract, Fig. 5) performed by a computer system (Fig. 1, Col. 4:51-5:3, “FIG. 1 is a block diagram depicting a network architecture 100 [as a computer system] in which client systems 106, as well as storage servers 140A, 140B (any of which can be implemented using computer system 800), are coupled to a network 102.”) having a memory and at least one hardware processor (Fig. 8, Col. 12:33-13:12, “The exemplary computer system 800 includes a processing device [or processor] 802, a main memory 804 (e.g., read-only memory (ROM), flash memory, dynamic random access memory (DRAM) such as synchronous DRAM (SDRAM) or DRAM (RDRAM), etc.), a static memory 806 (e.g., flash memory, static random access memory (SRAM), etc.), and a secondary memory 816 (e.g., a data storage device in the form of a drive unit, which may include fixed or removable computer-readable storage medium), which communicate with each other via a bus 808.”), the computer-implemented method comprising: 
1 …; 
determining that access to the file is open (Col. 7:54-65, “The profile component 315 generates, maintains and updates profile data based on the queried directories, access logs and/or control settings. A baseline profile can include a set of behavioral attributes and a set of contextual attributes. Behavioral attributes can include a user's read counts [that involve an access to a file that indicates the file is open], write counts and delete counts.”) using an access classification model (Col. 7:40-53, “The access histories and future access patterns [based upon using an access classification model] can be stored in memory as a file, graphical report or any suitable data structure. In one embodiment, a log record includes a file/folder name identifier, an operation (e.g., create, delete, read, write, modify, rename), a security identifier (e.g., user accessing a file), a timestamp (e.g., time/date), IP address/location from where the access was made and/or the like. In one embodiment, output from the analytics engine analyses can be transmitted to the recommender component 318 and the anomaly detection component 314;” and Col. 10:33-51, “The recommender component 318 can also recommend restricting overly loose entitlements [that is based upon a access classification model]. For example, the recommender component 318 may send a command or instruction to the permissions component 312 indicating a restriction or the granting of permissions to a given content item for a user or a group of users through the permissions component 312.”); and 
based on {the determination that the data of the file includes sensitive information (Barile Cols. 3:1-7, 5:23-38)} and the determination that the access to the file is open (Cols. 7:40-65, 10:33-51), 
causing a notification to be displayed on a computing device of a user (Col. 10:22-32, “Anomaly detection component 314 [that assists in making the determinations as part of a data loss prevention system] detects deviations between the baseline profile and most recent accesses,” and “The anomaly detection component can also [cause an] alert [as a notification to] the administrator [as a user] through the recommender component 318 [that comprises computing device display].”), 
the notification comprising an indication that the file includes sensitive information and that access to the file is open (Col. 7:20-39, “The analytics engine 308 can further include a set of suggested access control lists (ACL) [as a notification]. The access control lists can be ranked based on an organization's security policy and/or security sensitivity of a data [that includes sensitive information] for a specific group within an organization unit [for whom some files are open and can be access by the group]. ACL's within the set of suggested ACLs can be characterized by the analytics as tight, more restrictive permissions to content items in the repository [where files are closed], and loose, more lenient permissions to content items in the repository [where files are open and can be accessed;” and Col. 10:33-51, “The recommender component 318 can also recommend restricting overly loose entitlements,” i.e., a notification is made to the user that an open file that can be accessed by a group that shouldn’t have access to the sensitive data).  
Sawhney doesn’t disclose
	1 determining that data of a file includes sensitive information based on an analysis of the data using a data classification model;
Barile, however, discloses
	1 determining that data of a file includes sensitive information (Col. 3:1-7, “Embodiments of the present invention provide a DLP [data loss prevention] system that determines whether a document [as a file] contains [and thereby includes] sensitive information by calculating a probability that the document belongs to a category of documents that are to be protected.”) based on an analysis of the data using a data classification model (Fig. 1, Col. 5:23-38, “In one embodiment, the DMS 106 and the DMS agents 110 use fingerprints of documents [as data] that a sensitive document classifier 114 [or data classification model] has [via an analysis and] determined need to be protected because they contain sensitive information. In particular, during monitoring, the DMS 106 may identify new documents (e.g., emails, email attachments, documents [as a file] added to a central repository, documents copied to a client's hard drive, etc.) that have not been previously categorized and provide these documents to the PMS 104 for categorization.”);
	Regarding the combination of Sawhney and Barile, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data protection system of Sawhney to have included the sensitive data classification feature of Barile. One of ordinary skill in the art would have been motivated to incorporate the sensitive data classification feature of Barile because Barile teaches a data loss prevention system where “documents that may not be an exact match to a protection profile but still contain sensitive information are nonetheless effectively categorized and protected.”  See Barile Col. 3:1-7.
Regarding Claim 2
Sawhney in view of Barile (“Sawhney-Barile”) discloses the computer-implemented method of claim 1, and Barile further discloses
wherein the data classification model (Cols. 3:1-7, 5:23-38) comprises one or more sensitive information criteria (Col. 9:18-37, “The system administrator of an organization may set a threshold value, and any document whose chances of belonging to one or more of the predefined categories [that comprise criteria to define each category] of documents exceeds the threshold value is determined to require protection.”), 
the determination that the data of the file includes sensitive information being based on a determination that the data of the file satisfies the one or more sensitive information criteria (Col. 9:18-37, “For example, if an organization has determined that legal documents [as one of criteria] and source code documents are categories of documents that need to be protected, and has set their threshold at 80% [as another criteria], a document has been determined to have a 5% chance of being a source code document and a 90% chance of being a legal document would be protected [in accordance with the determination based on sensitive information criteria]…”).  
Regarding the combination of Sawhney and Barile, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 2. 
Regarding Claim 3
Sawhney-Barile discloses the computer-implemented method of claim 2, and Barile further discloses 
wherein the one or more sensitive information criteria (Col. 9:18-37) comprises the data of the file including a particular content or a particular format of content (Col. 9:18-37, i.e., “legal documents” comprise a data file that would possess a particular content that involves sensitive information associated with legal matters ).  
Regarding the combination of Sawhney and Barile, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 3.
Regarding Claim 4
Sawhney-Barile discloses the computer-implemented method of claim 1, and Barile further discloses 
wherein the data classification model (Cols. 3:1-7, 5:23-38) comprises a machine learning model that is trained to classify the data of the file as including sensitive information based on the data of the file (Col. 6:3-35, “Probability determining module 206 determines one or more probabilities that the document belongs to one or more predefined categories [associated with sensitive data]. In one embodiment, this is done using machine learning detection (MLD). In this embodiment, a corpus of existing documents [for training] is identified for use in categorizing [and thereby classifying] newly identified documents.”).  
Regarding the combination of Sawhney and Barile, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 4.
Regarding Claim 5
Sawhney-Barile discloses the computer-implemented method of claim 1, and Sawhney further discloses 
wherein the access classification model (Cols. 7:40-53, 10:33-51) comprises one or more open access criteria (Col. 5:39-56, “The user/group directory may also store information similar information [as criteria] about a group, namely the users, folders, files and associated permissions [that indicate an open access to a file] for the group.”), 
the determination that the access to the file is open (Cols. 7:40-65, 10:33-51) being based on a determination that a permission attribute of the file satisfies the one or more open access criteria (Col. 7:40-53, “The access histories [involving an access to an open file] and future access patterns can be stored in memory as a file, graphical report or any suitable data structure. In one embodiment, a log record includes a file/folder name identifier, an operation (e.g., create, delete, read, write, modify, rename), a security identifier (e.g., user accessing a file), a timestamp (e.g., time/date), IP address/location from where the access was made and/or the like,” i.e., the “security identifier” comprises a permission attribute in which one or more open access criteria were satisfied to enable the “user [to] access[] a file”).  
Regarding Claim 6
Sawhney-Barile discloses the computer-implemented method of claim 5, and Sawhney further discloses 
wherein the one or more open access criteria (Col. 5:39-56) comprises the file being open to domain users, the file being open to authenticated users (Col. 5:39-56, “For example, the user/group directory can store a user's name, password, e-mail address, phone number, and so on, for a user and group accounts,” i.e., a username and password are used for authenticated users; and Col. 7:40-53, “The access histories [involving an access to an open file] and future access patterns can be stored in memory as a file, graphical report or any suitable data structure. In one embodiment, a log record includes a file/folder name identifier, an operation (e.g., create, delete, read, write, modify, rename), a security identifier (e.g., user accessing a file),…,” i.e., a “user accessing a file” because it is an open file occurs after employing the username and password for authentication of the user, thereby the file [is] open to authenticated users), or the file being open to all users.  
Regarding Claim 7
Sawhney-Barile discloses the computer-implemented method of claim 1, and Sawhney further discloses 
wherein the access classification model comprises a machine learning model that is trained to classify the access to the file as being open based on metadata of the file (Col. 9:7-22, “Advantageously, the analytics engine 308 may use a hybrid approach. For example, analytics engine may implement trained and untrained classifiers with supervised and unsupervised machine learning algorithms;” and Col. 7:40-53, “The access histories [involving an access to an open file] and future access patterns can be stored in memory as a file, graphical report or any suitable data structure [that comprises metadata about the file being accessed]. In one embodiment, a log record includes [as metadata] a file/folder name identifier, an operation (e.g., create, delete, read, write, modify, rename), a security identifier (e.g., user accessing a file), a timestamp (e.g., time/date), IP address/location from where the access was made and/or the like.”).  
Regarding Claim 10
Sawhney-Barile discloses the computer-implemented method of claim 1, and Sawhney further discloses 
further comprising determining that anomalous user activity has been directed towards the file (Col. 9:38-50, “Clustering plots can provide affinity groups for specific folders, as well as affinity folders for a specific user identifier, group identifier or organization unit. The clustering can be used to detect an anomaly between a new access [of a file as anomalous user activity] and a baseline profile wherein the baseline profile is established using clustering for accesses observed during a training period.”) based on an analysis of metadata of the file (Col. 9:23-37, “The clustering component 316 performs clustering [as an analysis] based on the [file] access log 322 [that comprises metadata of the file], where the clustering refers generally to collecting a set of objects into groups called clusters.”), 
wherein the notification (Col. 10:22-32) further comprises another indication of the anomalous user activity directed towards the file (Col. 10:22-32, “Anomaly detection component 314 detects deviations between the baseline profile and most recent accesses,” and “The anomaly detection component can also alert the administrator through the recommender component 318.”) based on the determination that the anomalous user activity has been directed towards the file (Col. 9:38-50, “The clustering can be used to detect an anomaly between a new access [that is directed towards the file] and a baseline profile…”).  
Regarding Claim 11
Sawhney-Barile discloses the computer-implemented method of claim 1, and Sawhney further discloses 
wherein the metadata of the file (Col. 7:40-53) comprises a frequency at which the file has been read or modified (Col. 7:54-65, “A baseline profile can include a set of behavioral attributes and a set of contextual attributes. Behavioral attributes can include a user's read counts, write [or modify] counts and delete counts.;” and Col. 7:66-8:21, “The profile component 315 can also query and/or receive access [as read or modify] actions for a set of users in a given group. The access actions can be clustered with a combination of contextual and behavioral attributes described above. In one embodiment, the access actions are clustered based on most frequently [and thereby a frequency of] accessed folders for users and/or groups (defined as an affinity folder for the user or group) and/or based on a group or user that most frequently accesses a folder (defined as an affinity group or affinity user for the folder),” i.e., based upon the clustering model, an access of a user or group will be recognized as anomalous), and 
the determination that anomalous user activity has been directed towards the file (Col. 9:38-50) is based on a determination that the frequency satisfies a minimum frequency threshold value (Col. 10:22-32, “In one embodiment, the anomaly detection component 314 sends requests for calculating the distance [that relates frequency of access counts] between two groups, two folders or any other object to the distance component 310. In response to the requests, the distance component 310 [that relates to frequency of access counts, which is low for anomalous behavior with respect to the previously calculated baseline profile] may return an integer value, a floating point value, a graph value and/or the like [as a threshold value]. The anomaly detection component can also alert the administrator through the recommender component 318 [when the minimum threshold value/“distance” has been satisfied to trigger the “alert.”).
Regarding Claim 12
Sawhney-Barile discloses the computer-implemented method of claim 1, and Sawhney further discloses 
wherein the causing the notification to be displayed (Col. 10:22-32) further comprises causing a remediation recommendation to be displayed on the computing device of the user (Col. 10:22-51, “The recommender component 318 can also recommend [via a display of the computing device of the user/”administrator”] restricting [and thereby remediating] overly loose entitlements.”), 
the remediation recommendation being configured to prompt the user to trigger an automated performance of a data management action directed towards the file via one or more selectable user interface elements (Col. 10:22-51, “For example, the recommender component 318 may [prompt the user and thereby trigger and] send a [automated] command or instruction [as a data management action] to the permissions component 312 indicating a restriction or the granting of permissions [that are directed towards the file] to a given content item for a user or a group of users through the permissions component 312,” with the Examiner noting that the prompting and use of interface elements are not specifically taught by Sawhney, but such elements are obvious instruments to enable the administrator to interact and implement with the system.  See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”).  

Regarding Claim 13
Sawhney-Barile discloses the computer-implemented method of claim 12, and Sawhney further discloses 
wherein the data management action (Col. 10:22-51) comprises changing a permission attribute of the file to reduce a level of access to the file (Col. 10:22-51, “For example, the recommender component 318 may send a command or instruction to the permissions component 312 indicating a restriction [and thereby reducing a level of access] or the granting [and thereby changing] of permissions [as permission attributes] to a given content item [or file] for a user or a group of users through the permissions component 312.”).   
Regarding Independent Claim 20
With respect to independent claim 20, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claim 20. Therefore, claim 20 is rejected, for similar reasons, under the grounds set forth for claim 1.
B.	Claims 8 is rejected under 35 U.S.C. 103 as being unpatentable over Sawhney in view of Barile, and further in view of Sarin et al. (US 2020/0082081, “Sarin”).
Regarding Claim 8
Sawhney-Barile discloses the computer-implemented method of claim 7, and Sawhney further discloses 
wherein the metadata of the file (Col. 7:40-53) comprises a plurality of security identifiers having permission to access the file (Col. 7:40-53, i.e., “security identifier” of a “user accessing a file;” and Col. 11:47-64, “FIG. 6 is one embodiment of a flow diagram for profiling user and group accesses to a content repository. Block 602 includes processing logic for analyzing records from the access log, user-group directory and/or file server,” i.e., multiple accesses of many users within a group creates a plurality of security identifiers for each user having permission to access the file), and 
the machine learning model (Col. 6:3-35) is configured to classify the access to the file being open based on (Col. 9:7-22), for each one of the plurality of security identifiers (Col. 7:40-53),…1 
Sawhney-Barile doesn’t disclose
1 …a total number of files to which the security identifier has permission to access.
Sarin, however, discloses
 1 …a total number of files to which the {security identifier (Sawhney Col. 7:40-53) has permission to access} (¶ [0038], “For example, if an endpoint device (e.g., computing device 202) is identified as storing a high [and total] number of sensitive files [that can be accessed as disclosed by Sawhney], additional security actions (e.g., threat protection policies) may be applied…”).
Regarding the combination of Sawhney-Barile and Sarin, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data protection system to have included the counting feature of Sarin. One of ordinary skill in the art would have been motivated to incorporate the counting feature of Sarin because Sarin teaches that counting “a high number of sensitive files” allows for “additional security actions (e.g., threat protection policies) [to] be applied to prevent actions taken by potentially suspicious processes.”  See Sarin ¶ [0038].
C.	Claims 9 is rejected under 35 U.S.C. 103 as being unpatentable over Sawhney in view of Barile, and further in view of Tamersoy et al. (US 9,185,119, “Tamersoy”).
Regarding Claim 9
Sawhney-Barile discloses the computer-implemented method of claim 7, and Sawhney further discloses 
wherein the metadata of the file (Col. 7:40-53) comprises a plurality of security identifiers having permission to access the file (Col. 7:40-53, i.e., “security identifier” of a “user accessing a file;” and Col. 11:47-64, “FIG. 6 is one embodiment of a flow diagram for profiling user and group accesses to a content repository. Block 602 includes processing logic for analyzing records from the access log, user-group directory and/or file server,” i.e., multiple accesses of many users within a group creates a plurality of security identifiers for each user having permission to access the file), and 
the machine learning model (Col. 6:3-35) is configured to classify the access to the file being open based on (Col. 9:7-22), for each one of the plurality of security identifiers (Col. 7:40-53),…1
Sawhney-Barile doesn’t disclose
1 …a total number of separate independent machines on which the security identifier is used.  
Tamersoy, however, discloses
1 …a total number of separate independent machines on which the {security identifier (Sawhney Col. 7:40-53) is used} (Col. 8:35-48, “In some examples, evaluation module 108 may calculate the Jaccard similarity by dividing the [total] number of client devices [as separate independent machines] on which the known file [via the access and associated security identifier as disclosed by Sawhney Col. 7:40-53] co-occurs with the unknown file by the number of client devices on which either the known file or the unknown file occurs.”).  
Regarding the combination of Sawhney-Barile and Tamersoy, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data protection system of Sawhney-Barile to have included the machine counting feature of Tamersoy. One of ordinary skill in the art would have been motivated to incorporate the machine counting feature of Tamersoy because Tamersoy teaches a clustering system for detecting malware based upon “unknown files that frequently co-occur with malware files are more likely to include malware than files that frequently co-occur with files known to be safe,” see Tamersoy Col. 4:4-28, and the counting feature enables the detection of malware that aims to obtain sensitive information.
D.	Claims 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Sawhney in view of Barile, and further in view of Cidon et al. (US 2014/0013112 “Cidon”). 
Regarding Claim 14
Sawhney-Barile discloses the computer-implemented method of claim 1, and Sawhney further discloses 
1 …, 
wherein the notification (Col. 10:22-32) further comprises…2.  
Sawhney-Barile doesn’t disclose
	1 further comprising determining that an amount of user activity directed towards the file is below a minimum activity threshold value based on an analysis of metadata associated with the file,
	2 … another indication that the file is stale based on the determination that the amount of user activity directed towards the file is below the minimum activity threshold value.
Cidon, however, discloses
	1 further comprising determining that an amount of {user activity directed towards the file (Sawhney Col. Col. 7:54-65, i.e., “access logs” for user activity directed towards the file)} is below a minimum activity threshold value (¶ [0086], “The ability to free space on the cloud storage so that more relevant material can be placed there. Files which are removed will be stored back on other means of storage. This is done by removing data that is inactive [and fall below a minimum activity threshold that indicates that they are “inactive”] not only for a particular user but also by observing group and collaborative activities.”) {based on an analysis of metadata associated with the file (Sawhney Col. Col. 7:54-65, i.e., the “access logs” will not have any accesses to inactive files)},
	2 … another indication that the file is stale based on the determination that the amount of user activity directed towards the file is below the minimum activity threshold value (¶ [0086], “The file removal procedure will include a user-prompting phase [that comprises another indication] where the user will authorize the removal [of a stale file because the “access logs” of Sawhney Col. 7:54-65 indicate an amount of user activity that falls below the minimum activity threshold value to indicate a stale file] and may select the backup storage location.”).
	Regarding the combination of Sawhney-Barile and Cidon, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the data protection system of Sawhney-Barile to have included the inactivity feature of Cidon. One of ordinary skill in the art would have been motivated to incorporate the inactivity feature of Cidon because Cidon teaches that removing inactive files is a “storage freeing procedure.”  See Cidon ¶ [0086].
Regarding Claim 15
Sawhney in view of Barile, and further in view of Cidon (“Sawhney-Barile-Cidon”) discloses the computer-implemented method of claim 14, and Sawhney further discloses
wherein the causing the notification to be displayed (Col. 10:22-32) further comprises…1, 
the remediation recommendation being configured to prompt the user to trigger an automated performance of a data management action directed towards the file via one or more selectable user interface elements (Col. 10:22-51, “For example, the recommender component 318 may [prompt the user and thereby trigger and] send a [automated] command or instruction [as a data management action] to the permissions component 312 indicating a restriction or the granting of permissions [that are directed towards the file] to a given content item for a user or a group of users through the permissions component 312,” with the Examiner noting that the prompting and use of interface elements are not specifically taught by Sawhney, but such elements are obvious instruments to enable the administrator to interact and implement with the system.  See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.”). 
Cidon further discloses
1 …causing a remediation recommendation (¶ [0286], “The ability to free space [as a remediation recommendation] on the cloud storage so that more relevant material can be placed there.”) to be displayed on the computing device of the user (¶ [0237], “…is displayed to a user of user device 70”) based on the determination that the amount of user activity directed towards the file is below the minimum activity threshold value (¶ [0086], “The ability to free space on the cloud storage so that more relevant material can be placed there. Files which are removed will be stored back on other means of storage. This is done by removing data that is inactive [and fall below a minimum activity threshold that indicates that the files are “inactive” and fall below a minimum activity threshold value based upon the “access logs” of Sawhney Col. 7:54-65] not only for a particular user but also by observing group and collaborative activities.”),
Regarding the combination of Sawhney-Barile and Cidon, the rationale to combine is the same as provided for claim 14 due to the overlapping subject matter of claims 14 and 15.
Regarding Claim 16
Sawhney-Barile-Cidon”) discloses the computer-implemented method of claim 15, and Sawhney further discloses 
wherein the data management action (Col. 10:22-51) comprises…1. 
Cidon further discloses
1 …changing a permission attribute of the file to reduce a level of access to the file or removing the file (¶ [0086], “This is done by removing data [as the file] that is inactive not only for a particular user but also by observing group and collaborative activities.”) {from a file system (Sawhney Col. 4:51-5:3, “The architecture 100 includes a server 104 comprising an analytics engine 108, a content repository 114, a directory server 116 and a file server 118 [that includes a file system]. The server 104 may also be in communication with a file directory 120 [of the file system], an access log 122 and a user/group directory 124.”)}.  
Regarding the combination of Sawhney-Barile and Cidon, the rationale to combine is the same as provided for claim 14 due to the overlapping subject matter of claims 14 and 16.
Regarding Independent Claim 17
With respect to independent claim 17, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claim 17. Therefore, claim 17 is rejected, for similar reasons, under the grounds set forth for claim 1.  
Claim 17, however, additionally recites, “at least one hardware processor of a managed private cloud architecture serving an organization.”  The “private cloud architecture serving an organization is taught by Cidon ¶¶ [0083]-[0084], “According to various embodiments of the invention, methods, computer readable media and systems are provided for extending existing/third-party cloud storage [and thereby architecture] services,” and “The methods, computer readable media and systems may support all the services [provided to users as individuals or organizations] of the cloud-based virtual file system”  
Regarding Dependent Claim 18 
With respect to dependent claim 18, a corresponding reasoning as given earlier for dependent claim 15 applies, mutatis mutandis, to the subject matter of claim 18. Therefore, claim 18 is rejected, for similar reasons, under the grounds set forth for claim 15.
Regarding Dependent Claim 19
With respect to dependent claim 19, a corresponding reasoning as given earlier for dependent claim 13 applies, mutatis mutandis, to the subject matter of claim 19. Therefore, claim 19 is rejected, for similar reasons, under the grounds set forth for claim 13.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491