SYSTEMS AND METHODS FOR CONSTRAINT ENFORCEMENT IN EVENT STREAMS

§101 §103

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This is a reply to the application filed on 12/29/2023, in which, claims 1-20 are pending. Claims 1, 8, and 15 are independent. When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments. Drawings The drawings filed on 12/29/2023 are accepted Specification The disclosure filed on 12/29/2023 is accepted Information Disclosure Statement The information disclosure statements (IDS) submitted on 02/15/2024 and 04/15/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 1 is directed to an abstract idea without significantly more. The following limitations are directed to an abstract idea because they recite an abstract idea: A method comprising: receive an event stream produced by at least one event producer (mental process; a human can mentally receive/observe a series of events reported by another person, such as a manager receiving a stream of incident reports from employees.) evaluate each respective event in the event stream against a set of one or more constraints (mental process; a human can mentally evaluate each event (an incident report) against a set of rules or policies, such as a manager checking each report against company policies.) based on the evaluation, determine that a given event in the event stream is governed by a given constraint in the set of one or more constraints (mental process; a human can mentally determine that a particular event is subject to a particular rule) after determining that the given event is governed by the given constraint: (mental process; a human iteratively performing the following steps after making the determination.) cause the event to be replaced by a corresponding placeholder event, wherein the placeholder omits at least a portion of data included within the given event (mental process; a human can mentally (or with pen and paper) replace a detailed record with a redacted summary that omits sensitive information) cause the given event to be stored in a repository that complies with the given constraint (mental process; a human can mentally (or with pen and paper) file the original detailed record in a separate secure location that complies with the applicable rule) Additional elements include: a computing system comprising a network interface for communicating over at least one data network, at least one processor, at least one non-transitory computer-readable medium, and program instructions stored on the at least one non-transitory computer-readable medium that are executable by the at least one processor; an event stream; an event producer; an event repository. These additional elements fail to integrate the abstract idea into a practical application because no improvement to a computer or technology is achieved. The claimed invention ends with storing the given event in an event repository. Further, these additional elements recite at a high level of generality (i.e. computing system, network interface, processor, non-transitory computer-readable medium, program instructions, event stream, event producer, event repository) using computers as a tool to implement the abstract idea. Further, these additional elements are insignificant pre-solution activity. The additional elements alone, and in combination with the abstract idea, fail to arrive at significantly more than the abstract idea itself. As noted previously, no improvement to a computer or technology is achieved. The claimed invention ends with storing the given event in an event repository. Further, these additional elements recite at a high level of generality (i.e. computing system, network interface, processor, non-transitory computer-readable medium, program instructions, event stream, event producer, event repository) using computers as a tool to implement the abstract idea. Further, these additional elements are insignificant pre-solution activity. Independent claims 8 and 15 are rejected under similar rationale. Dependent claims do not cure the deficiency of the independent claims and are therefore rejected based on the aforementioned rationale. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-5, 7-12 and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Shoemaker et al. (US 9177174 B1, referred to as Shoemaker), in view of Li et al. (US 20180336218 A1, referred to as Li). In reference to claim 1, A computing system comprising: a network interface for communicating over at least one data network; at least one processor; least one non-transitory computer-readable medium; and program instructions stored on the at least one non-transitory computer-readable medium that are executable by the at least one processor (Shoemaker: Col. 11 Line 19 - Col. 12 Line 10 and Fig 10. Provides for the exact structural correspondence.) receive an event stream produced by at least one event producer (Shoemaker: Col. 2, lines 48-55; Col. 5, lines 1-4; Col. 6, lines 42-47 and Fig. 5 Provides for receiving/identifying of digital communications (emails, documents, messages) from a user/producer.) evaluate each respective event in the event stream against a set of one or more constraints (Shoemaker: Col. 3, lines 14-50; Col. 3, lines 30-42 and FIG. 1 Provides for evaluating communication content against constraints (detection rules for sensitive information types like credit cards, passwords) that determine whether data should be protected.) based on the evaluation, determine that a given event in the event stream is governed by a given constraint in the set of one or more constraints (Shoemaker: Col. 3, lines 14-50; and Col. 2, lines 60-65 Provides for determining that specific identified information (e.g., validated credit card number) is governed by a protection constraint (sensitivity rules).) after determining that the given event is governed by the given constraint (Shoemaker: Col. 4, lines 1-10; Col. 3, lines 48-55 and FIG. 1 Provides for conditional processing (replacement and storage) that occurs after determining information is governed by protection constraints.) cause the event to be replaced by a corresponding placeholder event within the event stream, wherein the placeholder event omits at least a portion of data included within the given event (Shoemaker: Col. 4, lines 29-60; Col. 5, lines 60-65 and (FIGS. 3A, 3B, 4) Provides for replacing sensitive information with placeholder information in the communication stream that omits the actual sensitive data.) cause the given event to be stored in an event repository that complies with the given constraint (Shoemaker: Col. 4, lines 1-12; Col. 8, lines 60-67; Col. 9, lines 1-7 and (FIG. 1 and FIG. 7) Provides for storing sensitive information in a secure vault repository that enforces constraints (access controls, time limits, authorization rules).) Shoemaker doesn't explicitly teach that the received event is from a stream produced by at least on event producer. However, Li teaches: Wherein the received event stream is produced by at least one event producer (Li: [0025]-[0031], [0066] and (Fig 1, 2) Provides for receiving event streams from event producers (computers 100, point of sale devices 500). The system explicitly receives continuous streams of logged events from multiple sources over a network.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Shoemaker, which provides a computing system for evaluating digital communications against constraints, replacing sensitive information with placeholders, and storing protected data in secure repositories, with the teachings of Li, which introduces receiving continuous event streams from multiple event producers over a network. One of ordinary skill in the art would recognize the ability to incorporate Li's stream-based architecture into Shoemaker's constraint evaluation and data protection system to enable real-time processing of continuous event flows. One of ordinary skill in the art would be motivated to make this modification in order to handle high-volume, continuous data flows from multiple sources rather than processing discrete individual communications, enable scalable real-time protection. In reference to claim 2, The computing system of claim 1, further comprising program instructions stored on the at least one non-transitory computer-readable medium that are executable by the at least one processor such that the computing system is configured to: receive, from a consumer that has subscribed to the event stream, a request for the given event (Shoemaker: Col. 6 Line 55 - Col. 7 Line 15 Provides for receiving a request from a consumer (Bob/receiving system 130) who has subscribed to the communication stream (is an authorized recipient of the email) to access the event (view the email).) validate that the consumer is authorized to access the given event (Shoemaker: Col. 7, lines 25-50; Col. 8, lines 10-25 and (FIG. 5; FIG. 7) Provides for validating consumer authorization through ACL checking before granting access to sensitive information.) retrieve the given event from the data repository (Shoemaker: Col. 7, lines 10-16; and Col. 7, lines 60-65 Provides for retrieving the original event data (sensitive information) from the vault repository using identifiers.) transmit the given event to the consumer in response to the request (Shoemaker: Col. 7, lines 14-16; Col. 7, lines 60-67; and Col. 8, lines 1-8 Provides for transmitting/rendering the complete event (email with sensitive information restored from vault) to the authorized consumer in response to their access request.) In reference to claim 3, The computing system of claim 2, wherein the program instructions that are executable by the at least one processor such that the computing system is configured to validate that the consumer is authorized to access the given event comprise program instructions that are executable by the at least one processor such that the computing system is configured to: identify a location where the consumer is located (Shoemaker: Col. 5 Line 30 - Col. 6 Line 25 Provides for access limitation based on "access location" as an explicit constraint type.) compare the location to a triggering condition included in the given constraint (Shoemaker: Col. 5 Line 30 - Col. 6 Line 25 Provides for comparing access conditions (time, location, device) against triggering conditions in constraints and verifying compliance during access attempts.) based on the comparison, determine that transmitting the given event to the consumer would not violate the constraint (Shoemaker: Col. 7 Line 49 - Col. 8 Line 35 Provides for determining whether transmitting would violate constraints based on verification checks (time limits, ACL authorization).) In reference to claim 4, The computing system of claim 2, program instructions that are executable by the at least one processor such that the computing system is configured to validate that the consumer is authorized to access the given event comprise program instructions that are executable by the at least one processor such that the computing system is configured to: identify an information technology (IT) protocol that is enforced upon the consumer (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 Provides for identifying whether the consumer's system enforces specific IT protocols/capabilities (sensitive information protection features), including querying system/software identifiers to determine protocol compliance.) compare the IT protocol to a triggering condition included in the given constraint (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 Provides for comparing the receiving system's protocol capabilities against the constraint requirement (support for sensitive information protection) and making conditional processing decisions based on this comparison.) based on the comparison, determine that transmitting the given event to the consumer would not violate the constraint (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 and Col. 7 Lines 40-55 Provides for determining that transmission would not violate constraints based on protocol compliance verification.) In reference to claim 5, The computing system of claim 1, wherein the placeholder event: omits at least a portion of an event payload included in the given event (Shoemaker: Col. 4 Provides for placeholder information that explicitly omits the actual sensitive data payload (the real credit card number) while maintaining the structure of the communication.) includes data that identifies that the given event is stored in the data repository (Shoemaker: Col. 4 Provides for reference tags/identifiers that are transmitted with the communication and explicitly identify that the sensitive information is stored in the vault repository, enabling retrieval.) In reference to claim 7, The computing system of claim 1, wherein the at least one event producer comprises a point-of-sale system that produced the given event in response to a purchase made via the point-of-sale system (Li: [0025]-[0031], [0066] and (Fig 1, 2) Provides for receiving event streams from event producers (computers 100, point of sale devices 500). The system explicitly receives continuous streams of logged events from multiple sources over a network.) In reference to claim 8, A non-transitory computer-readable medium, wherein the non-transitory computer-readable medium is provisioned with program instructions (Shoemaker: Col. 11 Line 19 - Col. 12 Line 10 and Fig 10. Provides for the exact structural correspondence.) receive an event stream produced by at least one event producer (Shoemaker: Col. 2, lines 48-55; Col. 5, lines 1-4; Col. 6, lines 42-47 and Fig. 5 Provides for receiving/identifying of digital communications (emails, documents, messages) from a user/producer.) evaluate each respective event in the event stream against a set of one or more constraints (Shoemaker: Col. 3, lines 14-50; Col. 3, lines 30-42 and FIG. 1 Provides for evaluating communication content against constraints (detection rules for sensitive information types like credit cards, passwords) that determine whether data should be protected.) based on the evaluation, determine that a given event in the event stream is governed by a given constraint in the set of one or more constraints (Shoemaker: Col. 3, lines 14-50; and Col. 2, lines 60-65 Provides for determining that specific identified information (e.g., validated credit card number) is governed by a protection constraint (sensitivity rules).) after determining that the given event is governed by the given constraint (Shoemaker: Col. 4, lines 1-10; Col. 3, lines 48-55 and FIG. 1 Provides for conditional processing (replacement and storage) that occurs after determining information is governed by protection constraints.) cause the event to be replaced by a corresponding placeholder event within the event stream, wherein the placeholder event omits at least a portion of data included within the given event (Shoemaker: Col. 4, lines 29-60; Col. 5, lines 60-65 and (FIGS. 3A, 3B, 4) Provides for replacing sensitive information with placeholder information in the communication stream that omits the actual sensitive data.) cause the given event to be stored in an event repository that complies with the given constraint (Shoemaker: Col. 4, lines 1-12; Col. 8, lines 60-67; Col. 9, lines 1-7 and (FIG. 1 and FIG. 7) Provides for storing sensitive information in a secure vault repository that enforces constraints (access controls, time limits, authorization rules).) Shoemaker doesn't explicitly teach that the received event is from a stream produced by at least on event producer. However, Li teaches: Wherein the received event stream is produced by at least one event producer (Li: [0025]-[0031], [0066] and (Fig 1, 2) Provides for receiving event streams from event producers (computers 100, point of sale devices 500). The system explicitly receives continuous streams of logged events from multiple sources over a network.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Shoemaker, which provides a computing system for evaluating digital communications against constraints, replacing sensitive information with placeholders, and storing protected data in secure repositories, with the teachings of Li, which introduces receiving continuous event streams from multiple event producers over a network. One of ordinary skill in the art would recognize the ability to incorporate Li's stream-based architecture into Shoemaker's constraint evaluation and data protection system to enable real-time processing of continuous event flows. One of ordinary skill in the art would be motivated to make this modification in order to handle high-volume, continuous data flows from multiple sources rather than processing discrete individual communications, enable scalable real-time protection. In reference to claim 9, The non-transitory computer-readable medium of claim 8, further provisioned with program instructions that, when executed by the at least one processor, cause the computing system to: receive, from a consumer that has subscribed to the event stream, a request for the given event (Shoemaker: Col. 6 Line 55 - Col. 7 Line 15 Provides for receiving a request from a consumer (Bob/receiving system 130) who has subscribed to the communication stream (is an authorized recipient of the email) to access the event (view the email).) validate that the consumer is authorized to access the given event (Shoemaker: Col. 7, lines 25-50; Col. 8, lines 10-25 and (FIG. 5; FIG. 7) Provides for validating consumer authorization through ACL checking before granting access to sensitive information.) retrieve the given event from the data repository (Shoemaker: Col. 7, lines 10-16; and Col. 7, lines 60-65 Provides for retrieving the original event data (sensitive information) from the vault repository using identifiers.) transmit the given event to the consumer in response to the request (Shoemaker: Col. 7, lines 14-16; Col. 7, lines 60-67; and Col. 8, lines 1-8 Provides for transmitting/rendering the complete event (email with sensitive information restored from vault) to the authorized consumer in response to their access request.) In reference to claim 10, The non-transitory computer-readable medium of claim 9, wherein the program instructions that, when executed by at least one processor, cause the computing system to validate that the consumer is authorized to access the given event comprise program instructions that, when executed by at least one processor, cause a computing system to: identify a location where the consumer is located (Shoemaker: Col. 5 Line 30 - Col. 6 Line 25 Provides for access limitation based on "access location" as an explicit constraint type.) compare the location to a triggering condition included in the given constraint (Shoemaker: Col. 5 Line 30 - Col. 6 Line 25 Provides for comparing access conditions (time, location, device) against triggering conditions in constraints and verifying compliance during access attempts.) based on the comparison, determine that transmitting the given event to the consumer would not violate the constraint (Shoemaker: Col. 7 Line 49 - Col. 8 Line 35 Provides for determining whether transmitting would violate constraints based on verification checks (time limits, ACL authorization).) In reference to claim 11, The non-transitory computer-readable medium of claim 9, program instructions that, when executed by at least one processor, cause the computing system to validate that the consumer is authorized to access the given event comprise program instructions that, when executed by at least one processor, cause a computing system to: identify an information technology (IT) protocol that is enforced upon the consumer (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 Provides for identifying whether the consumer's system enforces specific IT protocols/capabilities (sensitive information protection features), including querying system/software identifiers to determine protocol compliance.) compare the IT protocol to a triggering condition included in the given constraint (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 Provides for comparing the receiving system's protocol capabilities against the constraint requirement (support for sensitive information protection) and making conditional processing decisions based on this comparison.) based on the comparison, determine that transmitting the given event to the consumer would not violate the constraint (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 and Col. 7 Lines 40-55 Provides for determining that transmission would not violate constraints based on protocol compliance verification.) In reference to claim 12, The non-transitory computer-readable medium of claim 8, wherein the placeholder event: omits at least a portion of an event payload included in the given event (Shoemaker: Col. 4 Provides for placeholder information that explicitly omits the actual sensitive data payload (the real credit card number) while maintaining the structure of the communication.) includes data that identifies that the given event is stored in the data repository (Shoemaker: Col. 4 Provides for reference tags/identifiers that are transmitted with the communication and explicitly identify that the sensitive information is stored in the vault repository, enabling retrieval.) In reference to claim 14, The non-transitory computer-readable medium of claim 8, wherein the at least one event producer comprises a point-of-sale system that produced the given event in response to a purchase made via the point-of-sale system (Li: [0025]-[0031], [0066] and (Fig 1, 2) Provides for receiving event streams from event producers (computers 100, point of sale devices 500). The system explicitly receives continuous streams of logged events from multiple sources over a network.) In reference to claim 15, A method carried out by a computing system (Shoemaker: Col. 11 Line 19 - Col. 12 Line 10 and Fig 10. Provides for the exact structural correspondence.) receiving an event stream produced by at least one event producer (Shoemaker: Col. 2, lines 48-55; Col. 5, lines 1-4; Col. 6, lines 42-47 and Fig. 5 Provides for receiving/identifying of digital communications (emails, documents, messages) from a user/producer.) evaluating each respective event in the event stream against a set of one or more constraints (Shoemaker: Col. 3, lines 14-50; Col. 3, lines 30-42 and FIG. 1 Provides for evaluating communication content against constraints (detection rules for sensitive information types like credit cards, passwords) that determine whether data should be protected.) based on the evaluation, determine that a given event in the event stream is governed by a given constraint in the set of one or more constraints (Shoemaker: Col. 3, lines 14-50; and Col. 2, lines 60-65 Provides for determining that specific identified information (e.g., validated credit card number) is governed by a protection constraint (sensitivity rules).) after determining that the given event is governed by the given constraint (Shoemaker: Col. 4, lines 1-10; Col. 3, lines 48-55 and FIG. 1 Provides for conditional processing (replacement and storage) that occurs after determining information is governed by protection constraints.) causing the event to be replaced by a corresponding placeholder event within the event stream, wherein the placeholder event omits at least a portion of data included within the given event (Shoemaker: Col. 4, lines 29-60; Col. 5, lines 60-65 and (FIGS. 3A, 3B, 4) Provides for replacing sensitive information with placeholder information in the communication stream that omits the actual sensitive data.) causing the given event to be stored in an event repository that complies with the given constraint (Shoemaker: Col. 4, lines 1-12; Col. 8, lines 60-67; Col. 9, lines 1-7 and (FIG. 1 and FIG. 7) Provides for storing sensitive information in a secure vault repository that enforces constraints (access controls, time limits, authorization rules).) Shoemaker doesn't explicitly teach that the received event is from a stream produced by at least on event producer. However, Li teaches: Wherein the received event stream is produced by at least one event producer (Li: [0025]-[0031], [0066] and (Fig 1, 2) Provides for receiving event streams from event producers (computers 100, point of sale devices 500). The system explicitly receives continuous streams of logged events from multiple sources over a network.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Shoemaker, which provides a computing system for evaluating digital communications against constraints, replacing sensitive information with placeholders, and storing protected data in secure repositories, with the teachings of Li, which introduces receiving continuous event streams from multiple event producers over a network. One of ordinary skill in the art would recognize the ability to incorporate Li's stream-based architecture into Shoemaker's constraint evaluation and data protection system to enable real-time processing of continuous event flows. One of ordinary skill in the art would be motivated to make this modification in order to handle high-volume, continuous data flows from multiple sources rather than processing discrete individual communications, enable scalable real-time protection. In reference to claim 16, The method of claim 15, further comprising: receiving, from a consumer that has subscribed to the event stream, a request for the given event (Shoemaker: Col. 6 Line 55 - Col. 7 Line 15 Provides for receiving a request from a consumer (Bob/receiving system 130) who has subscribed to the communication stream (is an authorized recipient of the email) to access the event (view the email).) validating that the consumer is authorized to access the given event (Shoemaker: Col. 7, lines 25-50; Col. 8, lines 10-25 and (FIG. 5; FIG. 7) Provides for validating consumer authorization through ACL checking before granting access to sensitive information.) retrieving the given event from the data repository (Shoemaker: Col. 7, lines 10-16; and Col. 7, lines 60-65 Provides for retrieving the original event data (sensitive information) from the vault repository using identifiers.) transmitting the given event to the consumer in response to the request (Shoemaker: Col. 7, lines 14-16; Col. 7, lines 60-67; and Col. 8, lines 1-8 Provides for transmitting/rendering the complete event (email with sensitive information restored from vault) to the authorized consumer in response to their access request.) In reference to claim 17, The method of claim 16, wherein validating that the consumer is authorized to access the given event comprises identifying where the consumer is located (Shoemaker: Col. 5 Line 30 - Col. 6 Line 25 Provides for access limitation based on "access location" as an explicit constraint type.) comparing the location to a triggering condition included in the given constraint (Shoemaker: Col. 5 Line 30 - Col. 6 Line 25 Provides for comparing access conditions (time, location, device) against triggering conditions in constraints and verifying compliance during access attempts.) based on the comparison, determining that transmitting the given event to the consumer would not violate the constraint (Shoemaker: Col. 7 Line 49 - Col. 8 Line 35 Provides for determining whether transmitting would violate constraints based on verification checks (time limits, ACL authorization).) In reference to claim 18, . The method of claim 16, wherein validating that the consumer is authorized to access the given event comprises: identifying an information technology (IT) protocol that is enforced upon the consumer (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 Provides for identifying whether the consumer's system enforces specific IT protocols/capabilities (sensitive information protection features), including querying system/software identifiers to determine protocol compliance.) comparing the IT protocol to a triggering condition included in the given constraint (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 Provides for comparing the receiving system's protocol capabilities against the constraint requirement (support for sensitive information protection) and making conditional processing decisions based on this comparison.) based on the comparison, determining that transmitting the given event to the consumer would not violate the constraint (Shoemaker: Col. 3 Line 49 - Col. 4 line 40 and Col. 7 Lines 40-55 Provides for determining that transmission would not violate constraints based on protocol compliance verification.) In reference to claim 19, The method of claim 15, wherein the placeholder event omits at least a portion of an event payload included in the given event (Shoemaker: Col. 4 Provides for placeholder information that explicitly omits the actual sensitive data payload (the real credit card number) while maintaining the structure of the communication.) includes data that identifies that the given event is stored in the data repository (Shoemaker: Col. 4 Provides for reference tags/identifiers that are transmitted with the communication and explicitly identify that the sensitive information is stored in the vault repository, enabling retrieval.) Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shoemaker et al. (US 9177174 B1, referred to as Shoemaker), in view of Li et al. (US 20180336218 A1, referred to as Li) in further view of Nagpal et al. (US 20120078643 A1, referred to as Nagpal). In reference to claim 6, The computing system of claim 1, further comprising program instructions stored on the at least one non-transitory computer-readable medium that are executable by the at least one processor such that the computing system is configured to, prior to causing the given event to be stored in the event repository: identify a location where the event repository is located (Nagpal: [0056]-[0066] and [0093]-[0094] Provides for identifying storage locations (event repositories) and their geographic positions using a mapping database that associates data storage centers with their physical geographic regions.) compare the location of the event repository to a triggering condition included in the given constraint (Nagpal: [0074]-[0079] and [0094] Provides for comparing storage location geography against constraint requirements (predefined geographic regions/rules) to determine if a data storage center falls within the permitted geographic regions specified by constraints.) based on the comparison, determine that storing the given event in the event repository would not violate the given constraint (Nagpal: [0072]-[0080] and [0094] Provides for determining constraint compliance by verifying that selected storage locations satisfy geographic rules/constraints, with error handling when locations would violate constraints.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Shoemaker in view of Li, which together provide a computing system for evaluating streaming events against constraints, replacing sensitive data with placeholders, and storing protected information in secure repositories, with the teachings of Nagpal, which introduces identifying repository locations, comparing them against geographic constraint requirements, and verifying compliance before storage. One of ordinary skill in the art would recognize the ability to incorporate Nagpal's location-aware constraint validation into the combined event protection system to ensure data sovereignty and regulatory compliance. One of ordinary skill in the art would be motivated to make this modification in order to satisfy data residency requirements imposed by regulations. In reference to claim 13, The non-transitory computer-readable medium of claim 8, further provisioned with program instructions that, when executed by the at least one processor, cause the computing system to, prior to causing the given event to be stored in the event repository: identify a location where the event repository is located (Nagpal: [0056]-[0066] and [0093]-[0094] Provides for identifying storage locations (event repositories) and their geographic positions using a mapping database that associates data storage centers with their physical geographic regions.) compare the location of the event repository to a triggering condition included in the given constraint (Nagpal: [0074]-[0079] and [0094] Provides for comparing storage location geography against constraint requirements (predefined geographic regions/rules) to determine if a data storage center falls within the permitted geographic regions specified by constraints.) based on the comparison, determine that storing the given event in the event repository would not violate the given constraint (Nagpal: [0072]-[0080] and [0094] Provides for determining constraint compliance by verifying that selected storage locations satisfy geographic rules/constraints, with error handling when locations would violate constraints.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Shoemaker in view of Li, which together provide a computing system for evaluating streaming events against constraints, replacing sensitive data with placeholders, and storing protected information in secure repositories, with the teachings of Nagpal, which introduces identifying repository locations, comparing them against geographic constraint requirements, and verifying compliance before storage. One of ordinary skill in the art would recognize the ability to incorporate Nagpal's location-aware constraint validation into the combined event protection system to ensure data sovereignty and regulatory compliance. One of ordinary skill in the art would be motivated to make this modification in order to satisfy data residency requirements imposed by regulations. In reference to claim 20, The method of claim 15, further comprising, prior to causing the given event to be stored in the event repository: identifying a location where the event repository is located (Nagpal: [0056]-[0066] and [0093]-[0094] Provides for identifying storage locations (event repositories) and their geographic positions using a mapping database that associates data storage centers with their physical geographic regions.) comparing the location of the event repository to a triggering condition included in the given constraint (Nagpal: [0074]-[0079] and [0094] Provides for comparing storage location geography against constraint requirements (predefined geographic regions/rules) to determine if a data storage center falls within the permitted geographic regions specified by constraints.) based on the comparison, determining that storing the given event in the event repository would not violate the given constraint (Nagpal: [0072]-[0080] and [0094] Provides for determining constraint compliance by verifying that selected storage locations satisfy geographic rules/constraints, with error handling when locations would violate constraints.) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Shoemaker in view of Li, which together provide a computing system for evaluating streaming events against constraints, replacing sensitive data with placeholders, and storing protected information in secure repositories, with the teachings of Nagpal, which introduces identifying repository locations, comparing them against geographic constraint requirements, and verifying compliance before storage. One of ordinary skill in the art would recognize the ability to incorporate Nagpal's location-aware constraint validation into the combined event protection system to ensure data sovereignty and regulatory compliance. One of ordinary skill in the art would be motivated to make this modification in order to satisfy data residency requirements imposed by regulations. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to AIDAN EDWARD SHAUGHNESSY whose telephone number is (703)756-1423. The examiner can normally be reached on Monday-Friday from 7:30am to 5pm. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson, can be reached at telephone number (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/usptoautomated-interview-request-air-form. /A.E.S./Examiner, Art Unit 2432 /Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432