Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
2. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/08/2025 has been entered.
Response to Arguments
3. Applicant’s arguments filed on 11/19/2025, with respect to the 35 U.S.C. 103 rejection of claims 1-20 as being unpatentable over U.S. Publication No. 20220114603 hereinafter Bonat in view of U.S. Publication No. 20220075801 hereinafter Chai.
have been fully considered but is not persuasive. Prior Bonat which is commonly owned discloses the newly amended claimed language. Therefore, the rejection is maintained.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
4. Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. Publication No. 20220114603 hereinafter Bonat.
As per claim 1, Bonat discloses:
A method for data classification and governance (para 0005 "Systems,
methods, and devices for tracking and managing data shared with third parties
are disclosed. In one embodiment, in an information processing apparatus
comprising at least one computer processor, a method for tracking and managing
data shared with third parties may include: (1) receiving, from a customer, an
identification of a first-level entity with which the customer may share information;
(2) retrieving at least one data source including privacy policies, contracts, public
news, human inputs, and direct examination of websites for the first-level entity;
(3) processing the data sources including the privacy policy using NLP and other
methods; (4) based on the processed data and the privacy policy, generating a
data graph comprising a plurality of nodes and edges, each node identifying a
third party with which processed privacy policy identifies the first-level entity as
having an information sharing relationship with and each edge identifies a type of
information; (5) predicting a flow of data in data graph using AI-ML discriminative
models to predict the edge probabilities; (6) creating insights and
recommendations based on the predicted flow of data using AI-ML; and (7)
providing the insights and recommendations to the customer."), comprising:
retrieving data related to a first-level entity, wherein the first-level entity is
associated with a governance policy (para 0043 "In step 110, information related
to the first-level entity's collection and usage of consumers' data (including the
first-level entity's privacy policies, and its consumer-data tracking activities and
methods, such as: third party cookies, ad trackers, canvas/browser fingerprinting,
and tracking by social networks and platforms (e.g., Facebook, Google Analytics,
etc.) may be retrieved. Such information may be referred to collectively herein as
a first-level entity's data collection and usage policies." Para 0046 "In step 115, a
first-level entity's data collection and usage policies are processed into a useable
format. For instance, a first-level entity's data collection and usage policies may
be formatted and transformed from an initial unstructured nature or form into a
more structured nature or form. In embodiments, this may include processing,
e.g., privacy policies with NLP (natural language processing). A privacy policy, or
other textual data collection and usage policies, may be processed using NLP in
order to identify specific word patterns that indicate that the entity collects, uses,
shares, sells, etc., a consumer's data. For example, NLP may be used to discern
types of consumer data collected, declared usage of consumer data, and/or
sharing of collected consumer data, by the first-level entity. For instance, an
entity may publish the following information regarding data that it collects from
consumers of its website/service: para 0047 "Information You Provide To Us. At
some Services, you can register, order products, enter contests, vote in polls or
otherwise express an opinion, subscribe to one of our services such as our
online newsletters or text message alerts, or participate in one of our online
forums or communities. In the course of these various offerings, we often seek to collect from you various forms of information, such as: name, address, e-mail
address, telephone number, fax number and credit card information.");
processing the data with one or more machine learning models (para
0057 "In step 120, nodes and edges in the graph may be generated using the
information obtained from the data collection and usage policies, from the
information from user interactions with apps and websites, and from other
documents and data sources. The nodes and edges in the graph may be
generated using AI-ML generative models or more traditional methods. These Al-
ML approaches may include: Variational Autoencoder (VAE), auto-regressive
models, and other approaches (including the GNN models discussed above), to
generate graphs with a similar structure. In embodiments where traditional
methods are used to generate all or a part of the graph, AI-ML may be used to
predict nodes and edges based on incomplete data."),
wherein the processing includes: adding labels to the data; adding
classifications to the data based on the labels; generating nodes and edges in a
graph based on the governance policy and known user interactions with the data
(para 0097 "Graph data from GNN 240 may then be processed by classifier 245.
Classifier 245 may train and predict sharing network nodes and edges of the
graph data it processes. Classifier 245 may be a machine learning engine and
may include one or more classification ML models/algorithms, such as a decision
tree, a naive bayes algorithm, or any other desirable or necessary classifying
model/algorithm. In accordance with an embodiment, classifier 245 may assign
labels to nodes and node attribute data, and may predict edges based on nodes
and node attributes. For instance, classifier 245 may assign a "social network
provider" label to a graph node, may assign an attribute of the node a "data
collection" label or a "privacy policy" label, etc. Additionally, based on assigned
node and attribute labels, classifier 245 may predict edges, or relationships,
between classified nodes. For example, classifier 245 may predict/assign an
edge relationship between a node labeled as an online advertiser and a node
labeled as a social network provider, where the edge represents a type of data
that the social network provider will share with the online advertiser.");
resolving ambiguous nodes into specific nodes (para 0062 "In step 125,
ambiguous nodes (e.g., nodes that are not assigned to a specific entity) may be
resolved into specific nodes as possible. In some embodiments, names for the
ambiguous nodes may be found in data collection and usage policies. In other
embodiments, other data sources may be reviewed for this information.
Examples of other sources may include legal documents such as contracts,
lawsuits, court transcripts, etc., news articles, press releases, other content on
the entity's web sites, manual input, examination of web site code, etc.");
predicting edge probabilities in the graph and predicting a flow of data
through the graph based on the edge probabilities (para 0075 "In step 150, AI-
ML may be used to predict the flow of data in a network using discriminative
models to predict the edge probabilities. Types of discriminative models may
include: GNNs, bipartite graphs using scoring functions, recurrent neural
networks (RNNs), and heuristics. AI-ML may be used to predict the flow of a
consumer's data through the graph or network. For example, based on the data
probes, the entities that may receive the consumer's data may be identified.")
processing and parsing the text of the governance policy related to the data with natural language processing ("NLP") (para 0046 “In step 115, a first-level entity's data collection and usage policies are processed into a useable format. For instance, a first-level entity's data collection and usage policies may be formatted and transformed from an initial unstructured nature or form into a more structured nature or form. In embodiments, this may include processing, e.g., privacy policies with NLP (natural language processing).”),
wherein the parsing identifies one or more specific word patterns that represent one or more of data collected, a declared usage, and a sharing policy (para 0046 “A privacy policy, or other textual data collection and usage policies, may be processed using NLP in order to identify specific word patterns that indicate that the entity collects, uses, shares, sells, etc., a consumer's data. For example, NLP may be used to discern types of consumer data collected, declared usage of consumer data, and/or sharing of collected consumer data, by the first-level entity.”);
inserting a data probe at an entity in the graph, monitoring injected data from the data probe into the graph as the injected data traverses the graph, identifying, based on the data probes, the entities that receive the data (para 0035 “Embodiments may include validation of generated graphs using probes including trackable data and interaction with entities represented as graph nodes. For example, once built, the graph may be validated and modified by inserting data probes comprising trackable data (e.g., synthetic data) with a specific entity/organization (e.g., a first-level entity represented on the graph) and monitoring the other entities represented as nodes in the graph for receipt of the probe data.” Para 0071 “In step 140, data probes may be inserted into an entity represented in the graph, and then the propagation of the data in the data probe may be monitored. For example, the graph or network may be validated or modified by inserting a data probe of synthetic data, or by monitoring real data, as it propagates through the graph or network. For example, the type of data, timing, etc. may be monitored. As the data propagates to different entities, the graph or network may be verified or modified, and edges may be removed or added as necessary. In addition, nodes may also be added as is necessary and/or desired.”)
generating automated messages to one or more users that are likely to receive a consumer's data based on the entity identification that request the one or more users delete the consumer's data when a user work task is completed, wherein the automated messages are sent preemptively before the data may be shared with the entity (para 0077 “For example, automated messages may be sent to entities that are likely to receive a consumer's data requesting the entities to delete the consumer's data. In one embodiment, nodes that are particularly active in sharing consumer data may be targeted initially, and then less active nodes may follow.”)
identifying, via the graph, one or more differences between what the governance policy specifies and what the one or more users requesting and past uses (para 0081 “In another embodiment, the graph or network may be used to identify any differences between what the user has agreed to in the privacy policy and what data is actually being taken by the entity, and what data is actually being shared with third parties. If the entity is taking or sharing data that is outside the permissions of the privacy policy (i.e., unauthorized), the user may be notified.”);
and when the entity is taking or sharing data that is outside the permissions of the governance policy based on the governance policy (para 0081 “If the entity is taking or sharing data that is outside the permissions of the privacy policy (i.e., unauthorized), the user may be notified.”)
As per claim 2, Bonat discloses:
The method of claim 1, wherein the graph is refined with new edge-to-
node connections based on discovered relationships (Bonat para 0067 and 0097
"In step 135, when a new entity node is added to the graph or network, the
process recursively iterates for that new entity. For example, the privacy policy or
other data collection and usage policies for the new entity is retrieved and
parsed, new ambiguous nodes are created and resolved and new nodes that
represent newly discovered entities are added to the graph.").
As per claim 3, Bonat discloses:
The method of claim 1, comprising: inserting a data probe at an entity in
the graph; and monitoring injected data from the data probe into the graph as the
injected data traverses the graph (Bonat para 0035, 0040 and 0075).
As per claim 4, Bonat discloses:
The method of claim 3, comprising: updating the graph based on a
traverse path of the injected data (Bonat para 0037, 0068, and 0073).
As per claim 5, Bonat discloses:
The method of claim 4, wherein the updating includes adding edges to the
graph (Bonat para 0067, 0071, and 0097).
As per claim 6, Bonat discloses:
The method of claim 4, wherein the updating includes adding nodes to the
graph (Bonat para 0067, 0071, and 0097).
As per claim 7, Bonat discloses:
The method of claim 1, comprising: generating an action with respect to
an end user based on the flow of data through the graph (Bonat para 0076 and
0081).
As per claim 8, the implementation of the method of claim 1 will execute the
system of claim 8. The claim is analyzed with respect to claim 1.
As per claim 9, the claim is analyzed with respect to claim 2.
As per claim 10, the claim is analyzed with respect to claim 3.
As per claim 11, the claim is analyzed with respect to claim 4.
As per claim 12, the claim is analyzed with respect to claim 5.
As per claim 13, the claim is analyzed with respect to claim 6.
As per claim 14, the claim is analyzed with respect to claim 7.
As per claim 15, the implementation of the method of claim 1 will execute
the non-transitory computer readable storage medium (paragraph 0115) of claim 15. The claim is analyzed with respect to claim 1.
As per claim 16, the claim is analyzed with respect to claim 2.
As per claim 17, the claim is analyzed with respect to claim 3.
As per claim 18, the claim is analyzed with respect to claim 4.
As per claim 19, the claim is analyzed with respect to claim 6.
As per claim 20, the claim is analyzed with respect to claim 7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GARY S GRACIA/Primary Examiner, Art Unit 2499