CLOUD GOVERNANCE ASSESSMENT ENGINE LEVERAGING ARTIFICIAL INTELLIGENCE (AI)

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This office action is prepared in response to a Request for Continued Examination (RCE) filed on November 18, 2025. Claims 1-20 are pending. Claims 1-20 are rejected. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on November 18, 2025 has been entered. Response to Amendments The claim amendments and Applicant’s arguments filed on November 18, 2025 have been carefully considered. However, the amendments and arguments failed to place the application in condition for allowance in view of the new ground of rejection under 35 U.S.C. 103 that relies on the previously relied on reference Abhyankar et al. (US 2023/0214275) and a new reference Rungta et al. (US 2019/0278928). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Abhyankar et al. (U.S. 2023/0214275) in view of Rungta et al. (U.S. 2019/0278928). Regarding claim 1, Abhyankar disclosed an artificial intelligence (AI) cloud governance assessment computer program product stored on a non-transitory computer readable medium that comprises executable instructions that, when executed by a processor on a computer system: obtain data from an on-premises data center of an entity, wherein the data is maintained according to one or more data governance rules implemented at the on-premises data center (Abhyankar disclosed in [0024] that “Once authenticated with the configuration device 110, the graphical user interface may prompt the user to provide various types of information for configuring operations of the configuration device 110, such as credential information, application information, one or more targets, a mode parameter, control parameters, templates, configuration workbooks, mapping data, compliance data, or other pieces of information.” Said “various types of information” anticipates the “data from an on-premises data center of an entity” because it is provided by a user on the premise. The “entity system 170” disclosed in Fig. 1 anticipates the “on-premise data center of an entity” in the claim); obtain from the cloud infrastructure, a set of parameters for a cloud infrastructure having a configuration (Abhyankar disclosed in Fig. 3, step 310 and [0051, 0052] that the configuration device 110 may compile “a dataset that includes a configuration workbook, mapping data, and information identifying a set of requirements” and sent that to the user device 150 over the graphical user interface. Said “dataset” anticipates “a set of parameters for a cloud infrastructure” in the claim); train a cloud governance assessment model, using a machine learning algorithm, based on the data obtained from the on-premises data center, wherein the data reflects the data governance rules maintained at the on-premises data center (Anhyankar, [0053], “executing, by one or more processors, a first model against the configuration workbook to perform pre-training” and [0033], “ the deep learning models may include a pre-trained model and a fine-tuned model including artificial neural networks. The pre-trained model(s) may include models that were trained on a training dataset, such as a historic dataset containing a plurality of configuration workbooks covering a variety of use cases and requirements.”); assess, using the cloud governance assessment model and the set of parameters for a cloud infrastructure having the configuration, risks related to data governance in migrating the data from the on-premises data center to the cloud infrastructure (Abhyankar, [0053], “executing, by one or more processors, a second model against the configuration workbook to evaluate compliance of the configuration workbook with the set of requirements” and Abstract, “The modelling module may include various machine learning modules configured to evaluate configuration workbooks for compliance with requirements specified by a user.” Ahbyankar further disclosed in [0019, 0020] that the requirements include regulatory requirements, i.e. data governance); and output an AI-generated risk governance analysis based on the assessed risks in migrating the data (Abhyankar, Fig. 3, step 340 and [0054], “generating, by one or more processors, one or more recommendations based on evaluation of the compliance of the configuration workbook with the set of requirements.”), for use by the entity, in determining whether or not to migrate the data to the cloud infrastructure having the configuration (Abhyankar disclosed in [0036] that a user may elect to not implement changes to the configuration workbook”) wherein the AI-generated risk governance analysis comprises generating an indication as to whether the cloud infrastructure having the configuration complies with the one or more data governance rules (Abhyankar disclosed in [0035] that “the recommendations may indicate that one or more portions of the configuration workbook are not in compliance with applicable requirements” and in [0019, 0020, 0050] that the requirements the cloud-based deployment must comply to include regulatory requirements involving cybersecurity, data privacy and/or medical records tools). Abhyankar might not have explicitly that the configuration is a proposed configuration selected by the entity. However, the instant application does not disclose “a proposed configuration selected by the entity” either. For the purpose of the prosecution, Examiner would like to cite Rungta et al. to show that this claim element is already known in the prior art. Specifically regarding “proposed configuration”, Rugnta disclosed in [0040] that “the security assessment system 106 may include a configuration analyzer service 160 that is configured to apply any suitable security assessment algorithms to available data in order to determine whether the proposed configuration of the requested virtual computing resource passes each of one or more security checks that are defined in the security model 190.” One of ordinary skill in the art would have been motivated to combine Abhyankar and Rungta because both references disclosed methods for checking and validating before migration of an application from on-premise to cloud that the configuration of cloud resources complies with the security and regulatory requirements of the application (Abhyankar, Abstract; Rungta, Abstract). Therefore, before the effective filing date of the instant application, it would have been obvious for one to combine the teachings of Abhyankar and Rungta. Claim 12 lists substantially the same elements as claim 1, but in method form rather than computer program product form. Therefore, the rejection rationale for claim 1 applies equally as well to claim 12. Claim 20 lists substantially the same elements as claim 1, but in system form rather than computer program product form. Therefore, the rejection rationale for claim 1 applies equally as well to claim 20. Regarding claims 2 and 13, Abhyankar and Rungta disclosed the subject matter of claims 1 and 12, respectively. Abhyankar further disclosed wherein the one or more data governance rules include one or more rules relating to privacy, laws or regulations, or security (Abhyankar, [0014], “…machine learning modules to evaluate configuration workbooks for compliance with a set of requirements (e.g., government requirements, industry group requirements, self-imposed requirements, etc.)”). Regarding claims 3 and 14, Abhyankar and Rungta disclosed the subject matter of claims 1 and 12, respectively. Abhyankar further disclosed wherein the set of parameters of the cloud infrastructure include one or more of performance specifications, cloud architecture, security measures, costs, or a data framework (Abhyankar, [0052], “In addition to …, the dataset may include information identifying cloud-based functionality of interest (e.g., applications, modules, etc. to be configured in a cloud environment), credential information (e.g., information for accessing the cloud-based environment to obtain reference IDs, information specifying particular sheets of the configuration workbook(s) and/or the mapping data, or other types of information, as described above with reference to FIG. 1”). Regarding claim 4, Abhyankar and Rungta disclosed the computer program product of claim 1. Abhyankar further disclosed wherein the data that is obtained from the on-premises data center comprises test data obtained from the on-premises data center (Abhyankar, [0041], “During post-validation operations, dependencies, parent-child relationships, or other types of checks may be performed on the input dataset.” This means that the input dataset contains test/validation data). Regarding claims 5 and 15, Abhyankar and Rungta disclosed the subject matter of claims 1 and 12, respectively. Abhyankar further disclosed wherein the assessing of the risks comprises assessing whether the risks are at, below, or above a user-specified threshold (Abhyankar,[0005], “The modelling module may also be configured to generate recommendations for improving compliance of the configuration workbooks so that appropriate changes may be made. This process may be repeated until a satisfactory level of compliance is achieved” said satisfactory level of compliance is in essence a threshold). Regarding claims 6 and 16, Abhyankar and Rungta disclosed the subject matter of claims 1 and 12, respectively. Abhyankar might not have explicitly disclosed wherein the output of the AI-generated risk governance analysis of the risks comprises generating an automated score based on the assessed risks, wherein the score reflects how closely data governance protection offered by the configuration of the cloud infrastructure compares to the data governance criteria specified in the cloud governance assessment model. However, Abhyankar disclosed in para. [0054] that “the method 300 may validate a level of compliance of the compliant configuration workbook with respect to the requirements” and in para. [0055] that “a determination that the level of compliance of the configuration workbook satisfies a threshold level.” Said disclosure when combined would imply that the modeling module 124 that performs the validation could generate a score to indicate the level of compliance, which is an indicator of level of risks. Furthermore, Abhyankar’s threshold level anticipates the “data governance criteria” in the claim. Furthermore, Rungta explicitly disclosed in [0043] about “security assessments scoring algorithms” which directly teaches the claim limitation “generating an automated score based on the assessed risks.” The rationale for combining Abhyankar and Rungta is the same as that provided in the rejection rationale for claim 1. Regarding claims 7 and 17, Abhyankar disclosed the subject matter of claims 1 and 12, respectively. Abhyankar further disclosed wherein the executable instructions further generate a recommendation that recommends whether to migrate the data from the on-premises data center to the cloud infrastructure that has the configuration (Abhyankar, Fig. 3, step 340 and [0005, 0057] disclosed that “The modelling module may also be configured to generate recommendations for improving compliance of the configuration workbooks so that appropriate changes may be made. This process may be repeated until a satisfactory level of compliance is achieved” Said disclosure means that before the level of compliance is achieved, the migration of an application from a locally resident computing infrastructure to cloud-based system is not recommended.). Regarding claim 8, Abhyankar disclosed the computer program product of claim 1. Abhyankar further disclosed wherein the executable instructions further generate a recommendation for one or more changes to the configuration of the cloud infrastructure to reduce risk at the cloud infrastructure (Abhyankar, Fig. 3, step 340 and [0054], “generating, by one or more processors, one or more recommendations based on evaluation of the compliance of the configuration workbook with the set of requirements. … the one or more recommendations may be configured to improve a level of compliance of the configuration workbook with respect to the set of requirements”). Regarding claim 9, Abhyankar disclosed the subject matter of claim 8. Abhyankar further disclosed wherein the one or more changes include one or more changes to performance specifications, cloud architecture, security measures, costs, or a data framework of the cloud infrastructure (Abhyankar, [0035], “the recommendations may indicate that one or more portions of the configuration workbook are not in compliance with applicable requirements” Abhyankar also disclosed in [0014] that the set of requirements include government requirements, industry group requirements, self-imposed requirements, etc.). Claim 18 lists substantially the same elements as claims 8 and 9, but in system form rather than computer program product form. Therefore, the rejection rationale for claims 8 and 9 applies equally as well to claim 18. Regarding claims 10 and 19, Abhyankar disclosed the subject matter of claims 1 and 12, respectively. Abhyankar further disclosed wherein the executable instructions reassess, based on the cloud governance assessment model and a revised configuration for a cloud infrastructure, risks in migrating the data from the on-premises data center to the cloud infrastructure (Abhyankar, [0054], “If issues are detected during the second execution of the first and second models, additional recommendations may be generated to improve the level of compliance for the (compliant) configuration workbook and steps 350, 360 may be repeated until an acceptable level of compliance is achieved.”). Regarding claim 11, Abhyankar disclosed the computer program product of claim 1. Abhyankar might not have explicitly disclosed but Rungta disclosed encrypt a portion of the data obtained from the on-premises data center; transmit the encrypted portion of the data to the cloud infrastructure; and verify whether the encrypted portion of the data on the cloud infrastructure remains encrypted (Rungta, [0041], “for a data storage instance, that the instance encrypts data in transit, encrypts stored sensitive data,”). The rationale for combining Abhyankar and Rungta is the same as that provided in the rejection rationale for claim 1. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIRLEY X ZHANG whose telephone number is (571)270-5012. The examiner can normally be reached 8:30am - 5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon H Hwang can be reached at 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHIRLEY X ZHANG/Primary Examiner, Art Unit 2447