DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Non-Final Office Action in response to communications received on February 9, 2023. Claims 1-14 are pending and addressed below.
Specification
For the record, Examiner acknowledges that the Specification submitted on February 9, 2023 has been accepted.
Drawings
For the record, Examiner acknowledges that the Drawings submitted on February 9, 2023 have been accepted.
Claim Objections
Claims 2-6 are objected to because of the following informalities:
Claim 2 recites the phrase “a specific roles”. It is suggested the phrase be amended to “[[a]] specific roles” for clarity and consistency. Also, claim 2 recites the phrase “PII”. It is suggested the phrase be amended to “Personally Identifiable Information (PII)” for clarity and consistency.
Claim 3 recites the phrase “the set of data; further comprises:”. It is suggested the phrase be amended to “the set of data[[;]] further comprises:” for clarity and consistency. Claims 4-6 are objected to for similar reasons to claim 3.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1 is/are rejected under 35 U.S.C. 103 as being unpatentable over Brand (U.S. Pub. No. 2015/0331905) in view of Gupta et al. (U.S. Pub. No. 2021/0294797 and hereinafter referred to as Gupta) in view of Chui et al. (U.S. Pub. No. 2015/0370824 and hereinafter referred to as Chui) in view of Gordon et al. (U.S. Pub. No. 2017/0163677 and hereinafter referred to as Gordon).
As to claim 1, Brand discloses a computerized method for minimizing a data governance in order to improve data security, comprising:
providing and imposing a set of access rules to a set of data (paragraphs [0011], [0028] and [0057], Brand teaches access rules for accessing remotely stored data);
implementing a dark data governance operation on the set of data (paragraph [0024], Brand teaches mitigating dark data.). Brand does not specifically disclose wherein the set of data is stored in a data warehouse; measuring a level of over provisioning of the set of data; measuring a level of data abuse susceptibility of the set of data; and identifying a set of infrequently used roles in the set of data as claimed. However, Gupta does disclose
wherein the set of data is stored in a data warehouse (paragraph [0027], Gupta teaches a data warehouse); and
measuring a level of over provisioning of the set of data (paragraphs [0069] and [0109], Gupta teaches determining an amount of data returned in a response and performing actions based on the amount.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Brand with the teachings of Gupta for measuring a level of over provisioning of the set of data because this would improve security and save resources.
The combination of teachings between Brand and Gupta does not specifically disclose measuring a level of data abuse susceptibility of the set of data; and identifying a set of infrequently used roles in the set of data as claimed. However, Chui does disclose
identifying a set of infrequently used roles in the set of data (paragraph [0064], Chui teaches determining unused roles and changing or removing them.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified invention of Brand with the teachings of Chui for identifying a set of infrequently used roles because this would improve security.
The combination of teachings between Brand, Gupta and Chui does not specifically disclose measuring a level of data abuse susceptibility of the set of data as claimed. However, Gordon does disclose
measuring a level of data abuse susceptibility of the set of data (paragraph [0005], Gordon teaches determining a data security score for a data file.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified invention of Brand with the teachings of Gordon for measuring a level of data abuse susceptibility because this would improve security.
Allowable Subject Matter
Claims 2-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 2 recites, inter alia, “wherein the set of access rules stipulate that only a specific roles can access a clear text data as long as the data does not have PII and is not exposed publicly”. While the prior art is known to generally disclose access to clear text and PII, the prior art was not found to disclose the particular combination of limitations claimed. Therefore, claim 2 is considered to recite allowable subject matter over the prior art. Dependent claims 3-14 are considered to recite allowable subject matter over the prior art based on their dependency.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THADDEUS J PLECHA whose telephone number is (571)270-7506. The examiner can normally be reached M-F 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached at 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THADDEUS J PLECHA/Examiner, Art Unit 2438