DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on December 19, 2025 has been entered.
In response to Applicant’s claims filed on December 19, 2025, claims 1-9, 11-21 are now pending for examination in the application.
Response to Arguments
This office action is in response to amendment filed 12/19/2025. In this action claim(s) 1-9, 11-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Claim(s) 1-9, 11-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kishi et al. (US Pub. No. 20220150065) in view of Goswami et al. (US Pub. No. 20220179979). The Goswami et al. reference has been added to address the amendment of providing, by the processor of the device, the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing, of the protected data during execution of the application.
Applicant’s arguments:
In regards to claim 1 on Pages 10, applicant argues “Applicant respectfully submits that there is no indication that it is a "mental process" to "obtain, using a natural language processing (NLP) algorithm, an ontology from a data usage restriction document, the ontology comprising a plurality of concepts and their relationships and being indicative of a category of protected data in the data usage restriction document." In addition, there is no indication that an operation to "provide the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing of the protected data during execution of the application" can be processed mentally.,” as recited in claim 1.
Examiner’s Reply:
The claims have been evaluated as a whole and when considered in their entirety they still amount to creating mappings and manifest to ensure data regulation and compliance. The additional data gathering and transmitting do not add meaningful limitations beyond the abstract idea.
Applicant’s arguments:
In regards to claim 1 on Pages 12, applicant argues “Applicant respectfully submits that amended claim 1 recites elements that provide technical improvements to application data handling, and thus integrate the alleged abstract ideas into a practical application. For example, amended claim 1 recites the features of "provid[ing] the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing of the protected data during execution of the application,” as recited in claim 1.
Examiner’s Reply:
Regulating data is not a technological improvement. The claims merely determines ways to ensure data compliances across regions and other environments. This generating of mapping and manifest data is a computer-implemented abstract mental process.
Applicant’s arguments:
In regards to claim 1 on Pages 13, applicant argues “Applicant respectfully submits that amended claim 1, with the combination of elements recited therein, including at least "obtain[ing], using a natural language processing (NLP) algorithm, an ontology from a data usage restriction document, the ontology comprising a plurality of concepts and their relationships and being indicative of a category of protected data in the data usage restriction document." In addition, there is no indication that it is "well-understood, routine, conventional activity in the field" to provide the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing of the protected data during execution of the application,” as recited in claim 1.
Examiner’s Reply:
Regulating data is well-understood, routine, and conventional. The additional elements merely allow a user to regulate data across various industries and regions.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-9 and 11-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The judicial exception is not integrated into a practical application. The claims do not include additional elements that are sufficient to amount to significantly more than judicial exception. The eligibility analysis in support of these findings is provided below, on Claim Rejections - 35 USC 101 accordance with the "2019 Revised Patent Subject Matter Eligibility Guidance" (published on 1/7/2019 in Fed, Register, Vol. 84, No. 4 at pgs. 50-57, hereinafter referred to as the "2019 PEG").
Step 1. in accordance with Step 1 of the eligibility inquiry (as explained in MPEP 2106), it is first noted the method (claims 1-10), apparatus (claims 11-19), and computer-readable medium (claim 20) is/are directed to one of the eligible categories of subject matter and therefore satisfies Step 1.
Step 2A. In accordance with Step 2A, prong one of the 2019 PEG, it is noted that the independent claims recite an abstract idea falling within the Mental Processes & Mathematical Concepts enumerated groupings of abstract ideas set forth in the 2019 PEG. Examiner is of the position that independent claims 1, 11, and 20 are directed towards the Mental Process Grouping of Abstract Ideas.
Independent claims 1, 11, and 20 recites the following limitations directed towards a Mental Processes:
creating, by the processor of the device and based at least in part on the ontology and the metadata, a mapping between the type of data handled by the application and the category of protected data in the data usage restriction document (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to creating a mapping); and
generating, by the processor of the device and based at least in part on the mapping, a data compliance manifest that is machine-readable (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to generate a manifest).
Step 2A. In accordance with Step 2A, prong two of the 2019 PEG, the judicial exception is not integrated into a practical application because of the recitation in claim(s) 1, 11, and 20:
a processor (i.e., as a generic processor/component performing a generic computer function) coupled to the one or more network interfaces and configured to execute one or more processes;
a memory (i.e., as a generic processor/component performing a generic computer function) configured to store a process that is executable by the processor, the process when executed configured to:
obtaining, by a processor of a device and using a natural language processing (NLP) algorithm, an ontology from a data usage restriction document, the ontology comprising a plurality of concepts and their relationships and being indicative of a category of protected data in the data usage restriction document (recites insignificant extra solution activity that amounts to data gathering);
obtaining, by the processor of the device, metadata indicative of a type of data handled by an application, the metadata comprising annotations or tags identifying protected or custom data types (recites insignificant extra solution activity that amounts to gathering metadata);
providing, by the processor of the device, the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing, of the protected data during execution of the application (recites insignificant extra solution activity that amounts to providing manifest data).
Step 2B. Similar to the analysis under 2A Prong Two, the claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception. Because the additional elements of the independent claims amount to insignificant extra solution activity and/or mere instructions, the additional elements do not add significantly more to the judicial exception such that the independent claims as a whole would be patent eligible.
Therefore, independent claims 1, 11, and 20 are rejected under 35 U.S.C. 101.
With respect to claim(s) 2 and 12:
Step 2A, prong one of the 2019 PEG:
wherein the data compliance manifest includes a data compliance constraint that is based on the ontology (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to generate a manifest).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 3 and 13:
Step 2A, prong one of the 2019 PEG:
wherein the workload engine configures a workload of the application that uses the type of data at infrastructure that satisfies the data compliance constraint (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to configure a workload).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 4 and 14:
Step 2A, prong one of the 2019 PEG:
Examiner is of the position the dependent claim is directed toward additional elements.
Step 2A Prong Two Analysis:
wherein the ontology comprises a plurality of concepts and their relations extracted from the data usage restriction document (recites insignificant extra solution activity that amounts to data gathering).
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 5 and 15:
Step 2A, prong one of the 2019 PEG:
Examiner is of the position the dependent claim is directed toward additional elements.
Step 2A Prong Two Analysis:
wherein the ontology is based in part on data supplied by a user via a user interface form (recites insignificant extra solution activity that amounts to data gathering).
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 6 and 16:
Step 2A, prong one of the 2019 PEG:
wherein the data compliance manifest constrains the use of the type of data by the application by indicating one or more geolocations in which the type of data can be stored or retained by the application (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to generate a manifest).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 7 and 17:
Step 2A, prong one of the 2019 PEG:
wherein creating the mapping comprises: matching the category of protected data from the ontology to the type of data (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to match a category).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 8 and 18:
Step 2A, prong one of the 2019 PEG:
wherein the data compliance manifest constrains the use of the type of data by the application by indicating how the type of data can be utilized (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to generate a manifest).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 9 and 19:
Step 2A, prong one of the 2019 PEG:
updating the mapping and the data compliance manifest, based on a change in the data usage restriction document (The limitation recites a mental process of observation and/or evaluation capable of being performed by the human mind by using computer as a tool to update a manifest).
Step 2A Prong Two Analysis:
This judicial exception is not integrated into a practical application because there are no
additional elements to provide practical application.
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
With respect to claim(s) 21:
Step 2A, prong one of the 2019 PEG:
Examiner is of the position the dependent claim is directed toward additional elements.
Step 2A Prong Two Analysis:
wherein receiving the data compliance manifest causes the workload engine to deploy the application in an additional device and to constrain the processing of the protected data during deployment of the application (recites insignificant extra solution activity that amounts to deploying data).
Step 2B Analysis:
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. The claim is not patent eligible.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-9, 11-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kishi et al. (US Pub. No. 20220150065) in view of Goswami et al. (US Pub. No. 20220179979).
With respect to claim 1, Kishi et al. teaches a method comprising:
obtaining, by a processor of a device and using a natural language processing (NLP) algorithm, an ontology from a data usage restriction document, the ontology comprising a plurality of concepts and their relationships and being indicative of a category of protected data in the data usage restriction document (Paragraph 36 discloses deep data inspection module 134 may use natural language processing (NLP) utilizing ontology based natural language classification techniques to extract the facet values for sensitive information instances in the object);
obtaining, by the processor of the device, metadata indicative of a type of data handled by an application, the metadata comprising annotations or tags identifying protected or custom data types (Paragraph 36 discloses classify sensitive information in the data objects 104 as facets based on processing of the metadata and content of the data objects 104);
creating, by the processor of the device and based at least in part on the ontology and the metadata, a mapping between the type of data handled by the application and the category of protected data in the data usage restriction document (Paragraph 35 discloses Facet values identifying a type of sensitive information included in the data object 104 provide a true or false value. Facet values indicating a number of occurrences of a sensitive information instance in the document may be a value that indicates the number of occurrences of the sensitive information). Kishi et al. does not disclose generating, by the device and based on the mapping between the type of data handled by the application and the category of protected data indicated by the ontology, a data compliance manifest used by a workload engine to constrain use of the type of data during execution of the application or used to constrain use of the type of data during deployment of the application.
However, Goswami et al. discloses generating, by the processor of the device and based at least in part on the mapping, a data compliance manifest that is machine-readable (Paragraph 61 discloses the parameters defining the execution environment may be specified in a manifest for cloud deployment); and
providing, by the processor of the device, the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing, of the protected data during execution of the application (Paragraph 28 discloses the PDG logic 200 may select a target user privacy data compliance policy from a plurality of user privacy data compliance policies based on a geographical region associated with the dark data source (208). The global countries or regions may enforce different policies to protect user privacy data).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Kishi et al. with Goswami et al. This would have facilitated data compliance within different applications in a multi-cloud environment. See Goswami et al. Paragraph(s) 4-9.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 2, Goswami et al. discloses the method as in claim 1, wherein the data compliance manifest includes a data compliance constraint that is based on the ontology (Paragraph(s) 61 discloses the parameters defining the execution environment may be specified in a manifest for cloud deployment. The manifest may be used by an operator to requisition cloud based hardware resources, and then deploy the software components and Paragraph 54 discloses an exemplary privacy data compliance dashboard 300. The compliance dashboard 300 may, for example, include an organization's compliance to data privacy regulations including dark data source scanning for user privacy data, individual right request processing, and consent processing). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 2.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 2. With respect to claim 3, Goswami et al. discloses the method as in claim 2, wherein the workload engine configures a workload of the application that uses the type of data at infrastructure that satisfies the data compliance constraint (Paragraph 54 discloses an exemplary privacy data compliance dashboard 300. The compliance dashboard 300 may, for example, include an organization's compliance to data privacy regulations including dark data source scanning for user privacy data, individual right request processing, and consent processing). The motivation to combine statement previously provided in the rejection of independent claim 2 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 3.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 4, Goswami et al. discloses the method as in claim 1, wherein the ontology comprises a plurality of concepts and their relations extracted from the data usage restriction document (Paragraph(s) 42-48 discloses Under a user privacy data compliance policy such as GDPR, individuals whose personal information is collected and/or used in Europe or collected from individuals located in Europe have the following rights over their personal information which is collected, stored and used: right to be forgotten right to rectification of their personal information right to data portability right to restriction of processing their personal information right to object to processing their personal information right to appropriate decision making). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 4.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 5, Kishi et al. discloses the method as in claim 1, wherein the ontology is based in part on data supplied by a user via a user interface form (Paragraph 36 discloses deep data inspection module 134 may use natural language processing (NLP) utilizing ontology based natural language classification techniques to extract the facet values for sensitive information instances in the object).
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 6, Goswami et al. discloses the method as in claim 1, wherein the data compliance manifest constrains the use of the type of data by the application by indicating one or more geolocations in which the type of data can be stored or retained by the application (Paragraph 7 discloses select a target user privacy data compliance policy from a plurality of user privacy data compliance policies based on a geographical region associated with the dark data source and detect non-compliance in protecting the user privacy data in the dark data source based on the target user privacy data compliance policy. The instructions may be further configured to cause the processor to, in response to the non-compliance, process the user privacy data to eliminate the non-compliance). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 6.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 7, Goswami et al. discloses the method as in claim 1, wherein creating the mapping comprises: matching the category of protected data from the ontology to the type of data (Paragraph 60 discloses different security levels map to different ranges of cumulative facet values. In this way, one of numerous different possible cumulative facet values will map to one of a fewer number of security levels). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 7.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 8, Goswami et al. discloses the method as in claim 1, wherein the data compliance manifest constrains the use of the type of data by the application by indicating how the type of data can be utilized (Paragraph 61 discloses the parameters defining the execution environment may be specified in a manifest for cloud deployment. The manifest may be used by an operator to requisition cloud based hardware resources, and then deploy the software components). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 8.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 9, Goswami et al. discloses the method as in claim 1, further comprising: updating the mapping and the data compliance manifest, based on a change in the data usage restriction document (Paragraph 49 discloses the individual right request is related to the right to rectification which involves correction of privacy data of the user. The PDG logic 200 may execute a corresponding update operation on the datasets including the privacy data and then query the datasets to validate that the privacy data has been corrected). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 9.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 10, Goswami et al. discloses the method as in claim 1, wherein the data usage restriction document comprises a law, regulation, or industry rule (Paragraph 20 discloses facilitate an organization to effectively protect the user privacy data stored in the data ecosystem of the organization to comply with individual governmental data privacy protection regulations). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 10.
With respect to claim 11, Kishi et al. teaches an apparatus, comprising:
one or more network interfaces (Paragraph 56 discloses A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network);
a processor coupled to the one or more network interfaces and configured to execute one or more processes (Paragraph 59 discloses a processor); and
a memory (Paragraph 55 discloses a memory) configured to store a process that is executable by the processor, the process when executed configured to:
obtaining, by a processor of a device and using a natural language processing (NLP) algorithm, an ontology from a data usage restriction document, the ontology comprising a plurality of concepts and their relationships and being indicative of a category of protected data in the data usage restriction document (Paragraph 36 discloses deep data inspection module 134 may use natural language processing (NLP) utilizing ontology based natural language classification techniques to extract the facet values for sensitive information instances in the object);
obtaining, by the processor of the device, metadata indicative of a type of data handled by an application, the metadata comprising annotations or tags identifying protected or custom data types (Paragraph 36 discloses classify sensitive information in the data objects 104 as facets based on processing of the metadata and content of the data objects 104);
creating, by the processor of the device and based at least in part on the ontology and the metadata, a mapping between the type of data handled by the application and the category of protected data in the data usage restriction document (Paragraph 35 discloses Facet values identifying a type of sensitive information included in the data object 104 provide a true or false value. Facet values indicating a number of occurrences of a sensitive information instance in the document may be a value that indicates the number of occurrences of the sensitive information). Kishi et al. does not disclose generating, by the device and based on the mapping between the type of data handled by the application and the category of protected data indicated by the ontology, a data compliance manifest used by a workload engine to constrain use of the type of data during execution of the application or used to constrain use of the type of data during deployment of the application.
However, Goswami et al. discloses generating, by the processor of the device and based at least in part on the mapping, a data compliance manifest that is machine-readable (Paragraph 61 discloses the parameters defining the execution environment may be specified in a manifest for cloud deployment); and
providing, by the processor of the device, the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing, of the protected data during execution of the application (Paragraph 28 discloses the PDG logic 200 may select a target user privacy data compliance policy from a plurality of user privacy data compliance policies based on a geographical region associated with the dark data source (208). The global countries or regions may enforce different policies to protect user privacy data).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Kishi et al. with Goswami et al. This would have facilitated data compliance within different applications in a multi-cloud environment. See Goswami et al. Paragraph(s) 4-9.
With respect to claim 12, it is rejected on grounds corresponding to above rejected claim 2, because claim 12 is substantially equivalent to claim 2.
With respect to claim 13, it is rejected on grounds corresponding to above rejected claim 3, because claim 13 is substantially equivalent to claim 3.
With respect to claim 14, it is rejected on grounds corresponding to above rejected claim 4, because claim 14 is substantially equivalent to claim 4.
With respect to claim 15, it is rejected on grounds corresponding to above rejected claim 5, because claim 15 is substantially equivalent to claim 5.
With respect to claim 16, it is rejected on grounds corresponding to above rejected claim 6, because claim 16 is substantially equivalent to claim 6.
With respect to claim 17, it is rejected on grounds corresponding to above rejected claim 7, because claim 17 is substantially equivalent to claim 7.
With respect to claim 18, it is rejected on grounds corresponding to above rejected claim 8, because claim 18 is substantially equivalent to claim 8.
With respect to claim 19, it is rejected on grounds corresponding to above rejected claim 9, because claim 19 is substantially equivalent to claim 9.
With respect to claim 20, Kisha et al. teaches a tangible, non-transitory, computer-readable medium storing program instructions that cause a device to execute a process comprising:
obtaining, by a processor of a device and using a natural language processing (NLP) algorithm, an ontology from a data usage restriction document, the ontology comprising a plurality of concepts and their relationships and being indicative of a category of protected data in the data usage restriction document (Paragraph 36 discloses deep data inspection module 134 may use natural language processing (NLP) utilizing ontology based natural language classification techniques to extract the facet values for sensitive information instances in the object);
obtaining, by the processor of the device, metadata indicative of a type of data handled by an application, the metadata comprising annotations or tags identifying protected or custom data types (Paragraph 36 discloses classify sensitive information in the data objects 104 as facets based on processing of the metadata and content of the data objects 104);
creating, by the processor of the device and based at least in part on the ontology and the metadata, a mapping between the type of data handled by the application and the category of protected data in the data usage restriction document (Paragraph 35 discloses Facet values identifying a type of sensitive information included in the data object 104 provide a true or false value. Facet values indicating a number of occurrences of a sensitive information instance in the document may be a value that indicates the number of occurrences of the sensitive information). Kishi et al. does not disclose generating, by the device and based on the mapping between the type of data handled by the application and the category of protected data indicated by the ontology, a data compliance manifest used by a workload engine to constrain use of the type of data during execution of the application or used to constrain use of the type of data during deployment of the application.
However, Goswami et al. discloses generating, by the processor of the device and based at least in part on the mapping, a data compliance manifest that is machine-readable (Paragraph 61 discloses the parameters defining the execution environment may be specified in a manifest for cloud deployment); and
providing, by the processor of the device, the data compliance manifest to a workload engine, wherein receiving the data compliance manifest causes the workload engine to execute the application and programmatically constrain processing, of the protected data during execution of the application (Paragraph 28 discloses the PDG logic 200 may select a target user privacy data compliance policy from a plurality of user privacy data compliance policies based on a geographical region associated with the dark data source (208). The global countries or regions may enforce different policies to protect user privacy data).
Therefore, it would have been obvious before the effective filing data of invention was made to a person having ordinary skill in the art to modify Kishi et al. with Goswami et al. This would have facilitated data compliance within different applications in a multi-cloud environment. See Goswami et al. Paragraph(s) 4-9.
The Kishi et al. reference as modified by Goswami et al. teaches all the limitations of claim 1. With respect to claim 21, Goswami et al. discloses the method of claim 1, wherein receiving the data compliance manifest causes the workload engine to deploy the application in an additional device and to constrain the processing of the protected data during deployment of the application (Paragraph 61 discloses the execution environment 700 may be a specially defined computational system deployed in a cloud platform. In some cases, the parameters defining the execution environment may be specified in a manifest for cloud deployment. The manifest may be used by an operator to requisition cloud based hardware resources, and then deploy the software components, for example, the PDG stack 100, of the execution environment onto the hardware resources). The motivation to combine statement previously provided in the rejection of independent claim 1 provided above, combining the Kishi et al. reference and the Goswami et al. reference is applicable to dependent claim 21.
Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US PG-Pub. No. 20220232075 is directed DISTRIBUTED PROTOCOL ENDPOINT SERVICES FOR DATA STORAGE SYSTEMS: [0225] data compliance services may be embodied, for example, as services that may be provided to consumers (i.e., a user) the data compliance services to ensure that the user's datasets are managed in a way to adhere to various regulatory requirements. For example, one or more data compliance services may be offered to a user to ensure that the user's datasets are managed in a way so as to adhere to the General Data Protection Regulation (‘GDPR’), one or data compliance services may be offered to a user to ensure that the user's datasets are managed in a way so as to adhere to the Sarbanes-Oxley Act of 2002 (‘SOX’), or one or more data compliance services may be offered to a user to ensure that the user's datasets are managed in a way so as to adhere to some other regulatory act. In addition, the one or more data compliance services may be offered to a user to ensure that the user's datasets are managed in a way so as to adhere to some non-governmental guidance (e.g., to adhere to best practices for auditing purposes), the one or more data compliance services may be offered to a user to ensure that the user's datasets are managed in a way so as to adhere to a particular clients or organizations requirements, and so on.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS E ALLEN whose telephone number is (571)270-3562. The examiner can normally be reached Monday through Thursday 830-630.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached at (571) 270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BORIS GORNEY/Supervisory Patent Examiner, Art Unit 2154
/N.E.A/Examiner, Art Unit 2154