DATA TAGS GENERATIONS IN NETWORK ENVIRONMENTS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This written action is responding to the amendment dated on 03/18/2025. Claims 1, 8, and 15 have been amended. Claims 1-20 are submitted for examination. Claims 1-20 are pending. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Response to Arguments Applicant’s amendment filed on March 18, 2025 has claims 1, 8, and 15 have been amended, and all other claims are previously presented. Amended claims 1, 8 and 15 are independent ones. Applicant’s remark, filed on March 18, 2025 at pages 6-7, indicates, “Claim 1 was rejected under 35 U.S.C. § 103 as allegedly being obvious over Baldwin in view of Chickerur and Christodoulou. Applicant respectfully disagrees but has amended Claim 1 as discussed with the Examiner during the interview. … Applicant respectfully submits that Chickerur at the cited portions describes that the method of Chickerur determines that information is a particular type of PII based on the format of the information. Chickerur then describes that a data classification tag is selected from among a set of candidate classification tags based on the classification of the PII. However, Applicant respectfully submits that this portion of Chickerur does not describe "generate, at the computing device, a tag based on the processing result, wherein the tag indicates a format of the data item," as recited in Applicant's amended Claim 1, at least because the "data classification tag" of Chickerur indicates a classification of PII and does not indicate a format. Applicant respectfully submits that, as discussed during the interview, no portion of Chickerur teaches or suggests the above-noted recitations of Applicant's amended Claim 1. Further, Applicant respectfully submits that Baldwin and Christodoulou, alone or in combination with Chickerur, do not cure the deficiencies in the teachings of Chickerur. As such, Applicant respectfully submits that Claim 1 is not obvious over Baldwin in view of Chickerur and Christodoulou and requests the rejection under 35 U.S.C. 103 be withdrawn.” Applicant’s argument has been considered and is found persuasive. Therefore, the previous art rejection is withdrawn. However, Applicant’s amendment necessitates a new ground of rejection, and therefore, new grounds of rejection have been applied to the pending claims. Accordingly, a new ground of rejection based on a new applied prior-art by Perkins et al. (US 7,702,694) hereinafter Perkins, has been applied to the amendment. Perkins clearly shows, at the abstract, a method where received data is classified according to a defined format and stored in a database. The method further indicates that a tag is created based on the format of the data that has been stored in order to be transmitted. Thus, Examiner submits that the Perkins teaches the amended limitation claimed at independent Claim 1, “generate, at the computing device, a tag …, wherein the tag indicates a format of the data item.” Please refer to detailed rejection below. Finally, Examiner respectfully submits that previous applied references by Baldwin, Chickerur and Christodoulou discloses the additional claim limitations in independent claim 1 and would render the amended features obvious. Applicant further recites similar remarks as listed above for independent claims 8 and 15. See the aforementioned response on item 8, which addresses how the combination of prior-art references by Baldwin, Chickerur, Perkins and Christodoulou would render the claimed limitations obvious. Applicant further recites similar remarks as listed above for dependent claims. Please refer to the aforementioned response, which addresses how the new combination of prior-art references by Baldwin, Chickerur, Perkins and Christodoulou, would render the claimed limitations obvious. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Baldwin et al. (WO2020251587A1) hereinafter Baldwin in view of Chickerur et al. (US 2020/0233977) hereinafter Chickerur and further in view of Perkins et al. (US 7,702,694) hereinafter Perkins and Christodoulou et al. (US 2003/0069898) hereinafter Christodoulou. As per Claim 1, Baldwin teaches a non-transitory machine-readable storage medium encoded with instructions executable by a processor of a computing device, the machine-readable storage medium comprising instructions (Baldwin, Parag. [0057-0058]; “For example, the instructions may be provided on a non-transitory computer readable storage medium encoded with instructions, executable by a processor. With reference to figure 1 for example, processor 121 can be associated with a memory 152. The memory 152 can comprise computer readable instructions 154 which are executable by the processor 121.”) to: receive, at the computing device, data associated with an event from an originating apparatus (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event” … Parag. [0018]; “In a runtime phase, according to an example, event data 109, such as that representing security event messages for example, are created by devices such as the source apparatus 103 of figure 1. The event data 109 is sent to the transformation module 105” … [0024] “… wherein the event data can be in the form of an event or event message.”), wherein the data comprises a key and a data item associated with the key (Baldwin, Parag. [0033]; “According to an example, and as described above, an event message can be subdivided or parsed into a set of fields or tuples each of which is described in terms of a fieldname (data identifier) and value (data item). In the examples below, a data item is re-represented with some token. This token can be in the form of a random string/GUID. It can be in the form of a known class (e.g.“admin”, "California”) to provide context.”), and wherein the data item is accessible for processing in a network environment (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event, in which the method comprises, within a trusted environment, parsing the data item to generate a set of tuples relating to the event and/or associated with the source apparatus, each tuple comprising a data item, and a data identifier related to the data item, applying a rule to a first tuple to pseudonymise a first data item to provide a transformed data item, and/or generate a contextual supplement to the first data item, generating a mapping between the transformed data item and the first data item, whereby to provide a link between the transformed data item and the first data item to enable subsequent resolution of the first data item using the transformed data item, and forwarding the transformed data item and the data identifier related to the first data item to an analytics engine situated logically outside of the trusted environment.” … Parag. [0015]; “A source apparatus 103 can be a node or endpoint in a network. For example, a source apparatus 103 can be an loT device, printer, PC and so on.” Examiner submits that the transformation process applied to the data is interpreted as data accessible to be processed.); [apply, at the computing device, an evaluation function to the data item, wherein applying the evaluation function generates a processing result characterizing an aspect of the data item]; [generate, at the computing device, a tag based on the processing result, wherein the tag indicates a format of the data item]; [associate, at the computing device, the tag with the data, wherein the tag is transmitted with the data outside the network environment where the data item is not accessible for processing outside the network environment]; and [provide, at the computing device, the tag for transmission]. Baldwin does not expressly teach: apply, at the computing device, an evaluation function to the data item, wherein applying the evaluation function generates a processing result characterizing an aspect of the data item; generate, at the computing device, a tag based on the processing result, wherein the tag indicates a format of the data item; associate, at the computing device, the tag with the data, wherein the tag is transmitted with the data outside the network environment where the data item is not accessible for processing outside the network environment; and provide, at the computing device, the tag for transmission. However, Chickerur teaches: apply, at the computing device, an evaluation function to the data item, wherein applying the evaluation function generates a processing result characterizing an aspect of the data item (Chickerur, Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).); …, a tag based on the processing result, (Chickerur, Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).) … Baldwin and Chickerur are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a secure data communication between trusted and non-trusted networks. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chickerur system into Baldwin system with a motivation to provide a method to determine/evaluate the type of data item to be anonymized (Chickerur, Parag. [0019-0020]). The combination of Baldwin and Chickerur does not expressly teach: generate, at the computing device, a tag …, wherein the tag indicates a format of the data item; associate, at the computing device, the tag with the data, wherein the tag is transmitted with the data outside the network environment where the data item is not accessible for processing outside the network environment; and provide, at the computing device, the tag for transmission. However, Perkins teaches: generate, at the computing device, a tag …, wherein the tag indicates a format of the data item (Perkins, Abstract; “a specific format is defined for storing the received data in a plurality of data records in the centralized database. A plurality of datasets are created including a definition and a translation for each data item, the plurality of datasets establishing the data that is transferred into or out of the centralized database. The plurality of datasets are stored in the centralized database. A plurality of value tags are created defining a plurality of data formats”) Baldwin, Chickerur and Perkins are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a secure data communication between trusted and non-trusted networks. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Perkins system into Baldwin-Chickerur system with a motivation to provide a method to generate a tag that indicates a data format/type (Perkins, Abstract) The combination of Baldwin, Chickerur and Perkins does not teach: associate, at the computing device, the tag with the data, wherein the tag is transmitted with the data outside the network environment where the data item is not accessible for processing outside the network environment; and provide, at the computing device, the tag for transmission. However, Christodoulou teaches: associate, at the computing device, the tag with the data, wherein the tag is transmitted with the data outside the network environment where the data item is not accessible for processing outside the network environment (Christodoulou, Parag. [0010]; “the data item acquisition unit including a data tag generator for generating a data tag associated with each data item, and the data item acquisition unit being arranged to transmit at least the data tag to the data store.” … Parag. [0017]; “The failure may be a ‘hard’ failure, in which case no metadata is generated and the data acquisition unit may transmit the data item to the data store, the data tag (metadata) generation then occurring at the data store. Alternatively, appropriate configuration information held by the data tag generator at the data store may be transmitted to the data acquisition unit to allow successful data tag generation to occur at the data acquisition unit. The failure may alternatively be a ‘soft’ failure, in which case the metadata generated prior to the failure occurring may be transmitted to the data store, or equally simplified metadata may be generated instead and transmitted to the data store.” … Parag. [0019]; “According to a second aspect of the present invention there is provided a method of processing data, the method comprising generating a data tag associated with a data item, said data tag generation occurring at a data acquisition unit, and transmitting at least said data tag to a data store.”); and provide, at the computing device, the tag for transmission (Christodoulou, Parag. [0024]; “According to a third aspect of the present invention there is provided a data item acquisition device comprising a data tag generator and being arranged to transmit a generated data tag associated with an acquired data item to a data store.”). Baldwin, Chickerur, Perkins and Christodoulou are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a secure data communication between trusted and non-trusted networks. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Christodoulou system into Baldwin-Chickerur-Perkins system with a motivation to provide a method to generate a tag and associate the tag with the data item (Christodoulou, Parag. [0010]). As per Claim 2, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 1. Christodoulou teaches further comprising instructions to provide, at the computing device, the data for transmission (Christodoulou, Parag. [0011]; “The data item acquisition unit may also transmit the data item itself to the at least one data store.”). As per Claim 3, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 1. Christodoulou teaches further comprising instructions to transmit the tag to a device of a second network environment (Christodoulou, Parag. [0024]; “According to a third aspect of the present invention there is provided a data item acquisition device comprising a data tag generator and being arranged to transmit a generated data tag associated with an acquired data item to a data store.” … Parag. [0035]; “FIG. 1 shows a data acquisition device or unit 2 connected to a data Store 4. The data acquisition unit 2 is connected to one or more data input devices. Examples of data input devices that are shown are a discrete data storage unit 6, for example a hard disk, a digital camera 8, and a document scanner 10. Other input devices such as video or sound recorders could also be provided. Located in the data acquisition unit 2 is a data tag generator 12 also known as a metadata generator. The metadata generator is arranged to process data items input from one or more of the data input devices to generate data tags or metadata for each data item. A data store 4 is connected to the data acquisition unit 2. The data store unit includes one or more data storage devices 14, such as known hard disk drives. Connected to the data storage devices 14 is a data query and/or indexing unit that is arranged to perform conventional data searching procedures. The data storage devices 14 are arranged to store either a plurality of data tags, a plurality of individual data items, or both data items and their associated data tags. The data acquisition unit 2 and data store 4 are connected by any suitable data transmission channel, for example by fibre optic cable, or by wireless connections.”). As per Claim 4, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 1. Baldwin teaches further comprising instructions to transmit the data and the tag to a message rewriter, wherein the message rewriter obfuscates the data, and wherein the tag is associated with the obfuscated data (Baldwin, Parag. [0018]; “The event data 109 is sent to the transformation module 105 (i.e., rewriter) which applies one or more rules to transform or modify the data (i.e. by way of one or more of anonymization, pseudonymisation and contextualization rules in order to anonymise, pseudonymise and contextualise the data) before forwarding the messages to the analytics engine 111.” … Parag. [0024]; “The transformation module 105 comprises a processor 121. In an example, processor 121 can transform or modify event data from source apparatus 103, wherein the event data can be in the form of an event or event message. In an example, the processor 121 can sort event data into fields, e.g. by parsing. A field can comprise a tuple relating to the event and/or associated with the source apparatus, and which comprises a data item, and a data identifier related to the data item. The processor 121 can update, transform or modify the data item (or a portion thereof) according to a set of rules in order to, for example, mask or pseudonymise private data, convert data fields into additional contextual information, or augment the data item with additional contextual information.”). As per Claim 5, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 1. Chickerur teaches further comprising instructions to receive, at the computing device, an evaluation function (Chickerur, Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).). As per Claim 6, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 1. Baldwin teaches further comprising instructions to organize, at the computing device, the key and the data item into a key-value pair (Baldwin, Parag. [0033]; “According to an example, and as described above, an event message can be subdivided or parsed (i.e., organized) into a set of fields or tuples each of which is described in terms of a fieldname (data identifier) and value (data item). In the examples below, a data item is re-represented with some token. This token can be in the form of a random string/GUID. It can be in the form of a known class (e.g.“admin”, "California”) (i.e., key-value pair) to provide context.”). As per Claim 7, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 1. Perkins teaches wherein the processing result indicates the data item is in a defined format, and wherein the tag comprises the processing result (Perkins, Abstract; “a specific format is defined for storing the received data in a plurality of data records in the centralized database. A plurality of datasets are created including a definition and a translation for each data item, the plurality of datasets establishing the data that is transferred into or out of the centralized database. The plurality of datasets are stored in the centralized database. A plurality of value tags are created defining a plurality of data formats”). As per Claim 8, Baldwin teaches a non-transitory machine-readable storage medium encoded with instructions executable by a processor, the machine-readable storage medium comprising instructions (Baldwin, Parag. [0057-0058]; “For example, the instructions may be provided on a non-transitory computer readable storage medium encoded with instructions, executable by a processor. With reference to figure 1 for example, processor 121 can be associated with a memory 152. The memory 152 can comprise computer readable instructions 154 which are executable by the processor 121.”) to: receive, at a computing device having a processor and a memory executing in a network environment, data associated with an event from an originating apparatus (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event” … Parag. [0018]; “In a runtime phase, according to an example, event data 109, such as that representing security event messages for example, are created by devices such as the source apparatus 103 of figure 1. The event data 109 is sent to the transformation module 105.”), wherein the data is accessible for processing in a network environment (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event, in which the method comprises, within a trusted environment, parsing the data item to generate a set of tuples relating to the event and/or associated with the source apparatus, each tuple comprising a data item, and a data identifier related to the data item, applying a rule to a first tuple to pseudonymise a first data item to provide a transformed data item, and/or generate a contextual supplement to the first data item, generating a mapping between the transformed data item and the first data item, whereby to provide a link between the transformed data item and the first data item to enable subsequent resolution of the first data item using the transformed data item, and forwarding the transformed data item and the data identifier related to the first data item to an analytics engine situated logically outside of the trusted environment.” … Parag. [0015]; “A source apparatus 103 can be a node or endpoint in a network. For example, a source apparatus 103 can be an loT device, printer, PC and so on.” Examiner submits that the transformation process applied to the data is interpreted as data accessible to be processed.); parse, at the computing device, the data associated with the event to generate a tuple, wherein the tuple comprises a key and a data item paired with the key (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event, in which the method comprises, within a trusted environment, parsing the data item to generate a set of tuples relating to the event and/or associated with the source apparatus, each tuple comprising a data item, and a data identifier related to the data item, applying a rule to a first tuple to pseudonymise a first data item to provide a transformed data item, and/or generate a contextual supplement to the first data item, generating a mapping between the transformed data item and the first data item, whereby to provide a link between the transformed data item and the first data item to enable subsequent resolution of the first data item using the transformed data item, and forwarding the transformed data item and the data identifier related to the first data item to an analytics engine situated logically outside of the trusted environment.” … Parag. [0015]; “A source apparatus 103 can be a node or endpoint in a network. For example, a source apparatus 103 can be an loT device, printer, PC and so on.” Examiner submits that the transformation process applied to the data is interpreted as data accessible to be processed.); [apply, at the computing device, an evaluation function to the data item to generate a data tag, wherein the tag indicates a format of the data item; associate, at the computing device, the data tag with the tuple to create a return data item; wherein the data item in the return data item is not accessible for processing outside the network environment; and transmit, at the computing device, the return data item for transmission outside the network environment]. Baldwin does not expressly teach: apply, at the computing device, an evaluation function to the data item to generate a data tag, wherein the tag indicates a format of the data item; associate, at the computing device, the data tag with the tuple to create a return data item; wherein the data item in the return data item is not accessible for processing outside the network environment; and transmit, at the computing device, the return data item for transmission outside the network environment. However, Chickerur teaches: apply, at the computing device, an evaluation function to the data item (Chickerur, Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).) [to generate a data tag]; Baldwin and Chickerur are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a secure data communication between trusted and non-trusted networks. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chickerur system into Baldwin system with a motivation to provide a method to determine/evaluate the type of data item to be anonymized (Chickerur, Parag. [0019-0020]). The combination of Baldwin and Chickerur does not expressly teach: generate a data tag, wherein the tag indicates a format of the data item; associate, at the computing device, the data tag with the tuple to create a return data item; wherein the data item in the return data item is not accessible for processing outside the network environment; and transmit, at the computing device, the return data item for transmission outside the network environment. However, Perkins teaches: generate a data tag, wherein the tag indicates a format of the data item (Perkins, Abstract; “a specific format is defined for storing the received data in a plurality of data records in the centralized database. A plurality of datasets are created including a definition and a translation for each data item, the plurality of datasets establishing the data that is transferred into or out of the centralized database. The plurality of datasets are stored in the centralized database. A plurality of value tags are created defining a plurality of data formats”) Baldwin, Chickerur and Perkins are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a secure data communication between trusted and non-trusted networks. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Perkins system into Baldwin-Chickerur system with a motivation to provide a method to generate a tag that indicates a data format/type (Perkins, Abstract) The combination of Baldwin, Chickerur and Perkins does not teach: associate, at the computing device, the data tag with the tuple to create a return data item; wherein the data item in the return data item is not accessible for processing outside the network environment; and transmit, at the computing device, the return data item for transmission outside the network environment. However, Christodoulou teaches: associate, at the computing device, the data tag with the tuple to create a return data item (Christodoulou, Parag. [0010]; “the data item acquisition unit including a data tag generator for generating a data tag associated with each data item, and the data item acquisition unit being arranged to transmit at least the data tag to the data store.” … Parag. [0017]; “The failure may be a ‘hard’ failure, in which case no metadata is generated and the data acquisition unit may transmit the data item to the data store, the data tag (metadata) generation then occurring at the data store. Alternatively, appropriate configuration information held by the data tag generator at the data store may be transmitted to the data acquisition unit to allow successful data tag generation to occur at the data acquisition unit. The failure may alternatively be a ‘soft’ failure, in which case the metadata generated prior to the failure occurring may be transmitted to the data store, or equally simplified metadata may be generated instead and transmitted to the data store.” … Parag. [0019]; “According to a second aspect of the present invention there is provided a method of processing data, the method comprising generating a data tag associated with a data item, said data tag generation occurring at a data acquisition unit, and transmitting at least said data tag to a data store.”); wherein the data item in the return data item is not accessible for processing outside the network environment (Christodoulou, Parag. [0010]; “the data item acquisition unit including a data tag generator for generating a data tag associated with each data item, and the data item acquisition unit being arranged to transmit at least the data tag to the data store.” … Parag. [0017]; “The failure may be a ‘hard’ failure, in which case no metadata is generated and the data acquisition unit may transmit the data item to the data store, the data tag (metadata) generation then occurring at the data store. Alternatively, appropriate configuration information held by the data tag generator at the data store may be transmitted to the data acquisition unit to allow successful data tag generation to occur at the data acquisition unit. The failure may alternatively be a ‘soft’ failure, in which case the metadata generated prior to the failure occurring may be transmitted to the data store, or equally simplified metadata may be generated instead and transmitted to the data store.” … Parag. [0019]; “According to a second aspect of the present invention there is provided a method of processing data, the method comprising generating a data tag associated with a data item, said data tag generation occurring at a data acquisition unit, and transmitting at least said data tag to a data store.”); and transmit, at the computing device, the return data item for transmission outside the network environment (Christodoulou, Parag. [0011]; “The data item acquisition unit may also transmit the data item itself to the at least one data store.” …Parag. [0024]; “According to a third aspect of the present invention there is provided a data item acquisition device comprising a data tag generator and being arranged to transmit a generated data tag associated with an acquired data item to a data store.”). Baldwin, Chickerur, Perkins and Christodoulou are from similar field of technology. Prior to the instant application’s effective filling date, there was a need to provide a secure data communication between trusted and non-trusted networks. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Christodoulou system into Baldwin-Chickerur-Perkins system with a motivation to provide a method to generate a tag and associate the tag with the data item (Christodoulou, Parag. [0010]). As per Claim 9, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 8. Chickerur teaches further comprising instructions to select the evaluation function based on the key (Chickerur, Parag. [0013]; “Accordingly, the present disclosure is directed to a computing system that is configured to, upon receiving an indication that a particular data entry includes PII, apply one or more data classification tags to reflect the type of PII included in the data entry, and apply a data management tag appropriate to the data entry. Based on the data management tag, the computing system then applies a data management operation, such as a retention operation, an anonymization operation, or a deletion operation, to ensure that the data entry is handled in a way that is consistent with organizational policy and applicable regulations.” … Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).). As per Claim 10, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 8. Baldwin teaches wherein the tuple comprises a key and a plurality of data items (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event, in which the method comprises, within a trusted environment, parsing the data item to generate a set of tuples relating to the event and/or associated with the source apparatus, each tuple comprising a data item, and a data identifier related to the data item.”). As per Claim 11, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 10. Chickerur teaches further comprising instructions to apply the evaluation function to the plurality of data items (Chickerur, Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).) In addition Perkins teaches to generate the data tag (Perkins, Abstract; “a specific format is defined for storing the received data in a plurality of data records in the centralized database. A plurality of datasets are created including a definition and a translation for each data item, the plurality of datasets establishing the data that is transferred into or out of the centralized database. The plurality of datasets are stored in the centralized database. A plurality of value tags are created defining a plurality of data formats”). As per Claim 12, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 8. Baldwin teaches wherein the tuple comprises a key and a plurality of data items (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event, in which the method comprises, within a trusted environment, parsing the data item to generate a set of tuples relating to the event and/or associated with the source apparatus, each tuple comprising a data item, and a data identifier related to the data item.”); and further comprising instructions to apply a second evaluation function, which is different from the evaluation function, to a second data item which is different from the data item to generate the data tag (Chickerur, Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.”… Parag. [0054]; “In an example, a computing system comprises: a dataset including a plurality of data entries, at least some of the data entries including personally identifiable information (PII); and a personal data oversight machine configured to: receive an indication that a particular data entry includes PII; based on contents of the data entry, classify the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags of a set of candidate data classification tags to the data entry.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).). As per Claim 13, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 8. Chickerur teaches further comprising instructions to receive, at the computing device, an evaluation function (Chickerur, Parag. [0019]; “For instance, common types of PII that may be stored in a dataset often have distinctive formats (e.g., phone numbers, email addresses, credit card numbers), and the personal data oversight machine may be configured to automatically identify data entries having such formats as including PII, and/or flag such entries for manual review.” … Parag. [0020]; “based on contents of the data entry, classifying the data entry as including one or more of a plurality of types of PII by applying one or more data classification tags. … Such a set may include, as nonlimiting examples, a real-name tag, an email address tag, a phone number tag, a financial information tag, a geographic location tag, an IP address tag, and a social security number tag.” Examiner submits that the evaluation function has been interpreted as the data identification process that leads to classifying the data item according to the type/format (i.e., characterizing aspect).). As per Claim 14, the combination of Baldwin, Chickerur, Perkins and Christodoulou teach the non-transitory machine-readable storage medium of claim 8. Baldwin teaches further comprising instructions to: transmit, at the computing device, the return data item to a message rewriter of the computing device (Baldwin, Parag. [0018]; “The event data 109 is sent to the transformation module 105 (i.e., rewriter) which applies one or more rules to transform or modify the data (i.e. by way of one or more of anonymization, pseudonymisation and contextualization rules in order to anonymise, pseudonymise and contextualise the data) before forwarding the messages to the analytics engine 111.” … Parag. [0024]; “The transformation module 105 comprises a processor 121. In an example, processor 121 can transform or modify event data from source apparatus 103, wherein the event data can be in the form of an event or event message. In an example, the processor 121 can sort event data into fields, e.g. by parsing. A field can comprise a tuple relating to the event and/or associated with the source apparatus, and which comprises a data item, and a data identifier related to the data item. The processor 121 can update, transform or modify the data item (or a portion thereof) according to a set of rules in order to, for example, mask or pseudonymise private data, convert data fields into additional contextual information, or augment the data item with additional contextual information.”); and obfuscate, at the computing device, the tuple of the return data item (Baldwin, Parag. [0018]; “The event data 109 is sent to the transformation module 105 (i.e., rewriter) which applies one or more rules to transform or modify the data (i.e. by way of one or more of anonymization, pseudonymisation and contextualization rules in order to anonymise, pseudonymise and contextualise the data) before forwarding the messages to the analytics engine 111.” … Parag. [0024]; “The transformation module 105 comprises a processor 121. In an example, processor 121 can transform or modify event data from source apparatus 103, wherein the event data can be in the form of an event or event message. In an example, the processor 121 can sort event data into fields, e.g. by parsing. A field can comprise a tuple relating to the event and/or associated with the source apparatus, and which comprises a data item, and a data identifier related to the data item. The processor 121 can update, transform or modify the data item (or a portion thereof) according to a set of rules in order to, for example, mask or pseudonymise private data, convert data fields into additional contextual information, or augment the data item with additional contextual information.”). As per Claim 15, Baldwin teaches a non-transitory machine-readable storage medium encoded with instructions executable by a processor, the machine-readable storage medium comprising instructions (Baldwin, Parag. [0057-0058]; “For example, the instructions may be provided on a non-transitory computer readable storage medium encoded with instructions, executable by a processor. With reference to figure 1 for example, processor 121 can be associated with a memory 152. The memory 152 can comprise computer readable instructions 154 which are executable by the processor 121.”) to: receive, at a computing device having a processor and a memory executing in a network environment, a system log from an originating apparatus (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event” … Para. [0001]; “Nodes in a network, whether print devices, PCs or loT devices and so on, can produce multiple events. The events can relate to processes executing within the nodes, logon attempts and so on. Such events can be used to determine the occurrence of potential security issues within the network, or other issues that may benefit from attention. Such events can include personal or confidential data.” … Parag. [0018]; “In a runtime phase, according to an example, event data 109, such as that representing security event messages for example, are created by devices such as the source apparatus 103 of figure 1. The event data 109 is sent to the transformation module 105.” Examiner submits that the system log is interpreted as data related to an event in a device(s).), wherein the system log comprises a key and a value, and wherein the value is accessible for processing in the network environment (Baldwin, Abstract; “a method for modifying a data item from a source apparatus, the data item associated with an event, in which the method comprises, within a trusted environment, parsing the data item to generate a set of tuples relating to the event and/or associated with the source apparatus, each tuple comprising a data item, and a data identifier related to the data item, applying a rule to a first tuple to pseudonymise a first data item to provide a transformed data item, and/or generate a contextual supplement to the first data item, generating a mapping between the transformed data item and the first data item, whereby to provide a link between the transformed data item and the first data item to enable subsequent resolution of the first data item using the transformed data item, and forwarding the transformed data item and the data identifier related to the first data item to an analytics engine situated logically outside of the trusted environment.” … Parag. [0015]; “A source apparatus 103 can be a node or endpoint in a network. For example, a source apparatus 103 can be an loT device, printer, PC and so on.” Examiner submits that the transformation process applied to the data is interpreted as data accessible to b