ACCESS CONTROL BASED ON CLASSIFICATION OF CHANGED DATA

Detailed Action This office action is in response to applicant’s submission filed on December 15, 2025. Claims 13 and 14 are canceled. Claims 21 and 22 are new. Claims 1-12 and 15-22 are pending and rejected. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment This communication is in response to the amendment filed on December 15, 2025. The Examiner has acknowledged the amended claims. Claims 13 and 14 are canceled. Claims 21 and 22 are new. Claims 1-12 and 15-22 are pending and rejected. Response to Arguments Applicant’s Arguments (Remarks) filed December 15, 2025 have been fully considered, but are moot. Note that this action is made FINAL. See MPEP § 706.07(a). Applicant’s arguments with respect to claims 1, 9, and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-12 and 15-22 are rejected under 35 U.S.C. 103 as being unpatentable by US 2022/0083228 A1 to Ausarkar et al. (hereinafter, “Ausarkar”) over US 20100030781 A1 to Wong et al. (hereinafter, “Wong”). Regarding claim 1, Ausarkar discloses: A non-transitory machine-readable storage medium comprising instructions that upon execution cause a system to: replicate, by a replication manager, write input/output (I/O) operations as representations added to a log; At block 706, the source replication agent 320 adds dehydrated entries to the journal queue. For example, the source replication agent 320 may add, instead of a full entry (or hydrated entry) having both metadata associated with the I/O operation resulting in a change to the source storage device 318 and the data associated with the I/O operation, a dehydrated entry that contains the metadata associated with the I/O operation but not the data associated with the I/O operation. As another example, the source replication agent 320 may add, instead of a full entry or a dehydrated entry, an entry that contains only part of the metadata (e.g., location of the changed block in the source storage device 318)” [0326] [Examiner notes that the journal queue is the log where these representations (of the write) are stored for later]); generate, based on a first sensitivity level assigned by the classifier to first changed data in a first write I/O operation of the write I/O operations as represented in the representation in the log, an access control rule Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer” [0198] [Examiner notes that this text supports the claim limitations as it shows how sensitivity classification is converted into specific, enforceable access control rules which logically, get enforced once the rules are defined (the system will carry them out)]). Ausarkar does not explicitly disclose: classify, using a classifier, in the representations added to the log to identify a sensitivity of in each respective write I/O operation of the write I/O operations, the classifying of the changed data in the respective write I/O operation producing a sensitivity level; However, Wong discloses: classify, using a classifier, in the representations added to the log to identify a sensitivity of in each respective write I/O operation of the write I/O operations, the classifying of the changed data in the respective write I/O operation producing a sensitivity level (“One embodiment of the present invention provides a classifier that can automatically reclassify data in a database in response to any relevant data-change in the database. This classifier specifies classification-rules in a database change-notification system, which identifies the relevant data changes. Furthermore, the classifier reclassifies the data based on these classification-rules. For example, the addition of the keyword "anthrax" to a database column having a low sensitivity rating, would automatically reclassify the database column to a higher sensitivity rating. In a second example, the addition of the keywords "kill" and "die" to the same database column would result in the database column receiving an even higher sensitivity rating. In response to the database column being reclassified with a higher sensitivity rating, the classifier can trigger additional operations. For example, these additional operations can involve auditing a table that includes the database column, encrypting data stored in the database column, or activating an intrusion detection system” [0021]; “In one embodiment of the present invention, changing the classification of a data item may result in changing the classification of additional data items associated with the data item. For example, changing the classification of a field in a table may result in changing the classification of the entire table” [0054] [Examiner notes that in the first text, the log is being interpreted as the database change-notification system as it effectively tracks the changed data, which can be seen as the equivalent of a “log” or data structure tracking changes. Examiner also notes that the classifier assigns s sensitivity rating or level to the changed data]); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Ausarkar with the added structure of Wong in order for the system to be able to efficiently and accurately classify new sensitive data in order to keep it protected. Regarding claim 2, a combination of Ausarkar-Wong discloses the system of claim 1. Ausarkar further discloses: identifying a sensitivity level, from among a plurality of sensitivity levels, of the changed data in the write I/O operation (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.)” [0198]). Regarding claim 3, a combination of Ausarkar-Wong discloses the system of claim 2. Ausarkar further discloses: wherein the generating of the access control rule first sensitivity level (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer” [0198]). Regarding claim 4, a combination of Ausarkar-Wong discloses the system of claim 3. Ausarkar further discloses: wherein different sensitivity levels are associated with different security policies relating to access control (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer.” [0198] [Examiner notes that this text shows exactly how different sensitivity levels (confidential vs. not confidential) are tied to different access control rules (approval required, redirect, etc.)]). Regarding claim 5, a combination of Ausarkar-Wong discloses the system of claim 3. Ausarkar further discloses: wherein the generating of the access control rule the first changed data in the first write I/O operation (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer” [0198] [Examiner notes that the data category here is seen as a type or class of information that the data object belong to such as personal, financial, health/medical, etc.; in this case, a category (like personal) can be classified into different sensitivity levels depending on the context and both (category and sensitivity level) can be used to refine the access control rule]). Regarding claim 6, a combination of Ausarkar-Wong discloses the system of claim 3. Ausarkar further discloses: wherein the generating of the access control rule Information management policies 148 can additionally specify or depend on historical or current criteria that may be used to determine which rules to apply to a particular data object, system component, or information management operation, such as: frequency with which primary data 112 or a secondary copy 116 of a data object or metadata has been or is predicted to be used, accessed, or modified; time-related factors (e.g., aging information such as time since the creation or modification of a data object); deduplication information (e.g., hashes, data blocks, deduplication block size, deduplication efficiency or other metrics); an estimated or historic usage or cost associated with different components (e.g., with secondary storage devices 108); the identity of users, applications 110, client computing devices 102 and/or other computing devices that created, accessed, modified, or otherwise utilized primary data 112 or secondary copies 116; a relative sensitivity (e.g., confidentiality, importance) of a data object, e.g., as determined by its content and/or metadata; the current or historical storage capacity of various storage devices; the current or historical network capacity of network pathways connecting various components within the storage operation cell; access control lists or other security information; and the content of a particular data object (e.g., its textual content) or of metadata associated with the data object” [0209] [Examiner notes this text lists criteria that can influence rules including time-related factors (time of a data write), identity of users, applications, client computing devices (identifier of an entity that requested a data write), and current or historical storage storage/network capacity of computing devices (computing environment)]). Regarding claims 7 and 22, a combination of Ausarkar-Wong discloses the system of claims 3/21. Ausarkar further discloses: wherein the security policy comprises one or more conditions and one or more access control actions to apply if the one or more conditions are satisfied, and wherein the generating the access control rule comprises including the one or more access control actions in the access control rule (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer.” [0198] [Examiner notes that the condition here is seen as object sensitivity (confidential, privileged, etc.) and the action (if this condition was satisfied) would be to require reviewer approval before access/write. So when the system sees that the data object is sensitive, it takes the action from the policy and inserts it into the rule for that object]). Regarding claim 8, a combination of Ausarkar-Wong discloses the system of claim 1. Ausarkar further discloses: wherein first changed data in the first write I/O operation comprises classifying a first data object containing the first changed data in the first write I/O operation, the first sensitivity level level of the first data object (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer.” [0198] [Examiner notes that this text explicitly defines sensitive objects and that level of sensitivity is applied to the whole object, not just to the piece of data that changed and then it specifies the rules/actions for those sensitive objects]). Regarding claim 9, a combination of Ausarkar-Wong discloses the system of claim 8. Ausarkar further discloses: wherein the instructions upon execution cause the system to: map the first write I/O operation Some types of snapshots do not actually create another physical copy of all the data as it existed at the particular point in time, but may simply create pointers that map files and directories to specific memory locations (e.g., to specific disk blocks) where the data resides as it existed at the particular point in time. For example, a snapshot copy may include a set of pointers derived from the file system or from an application. In some other cases, the snapshot may be created at the block-level, such that creation of the snapshot occurs without awareness of the file system. Each pointer points to a respective stored data block, so that collectively, the set of pointers reflect the storage location and state of the data object (e.g., file(s) or volume(s) or data set(s)) at the point in time when the snapshot copy was created” [0154] [Examiner notes that the I/O operation (disk block changes) is mapped which causes the changed data (updated state of those blocks) to belong to the first data object (file/directory that the pointers map to those blocks)]). Regarding claim 10, a combination of Ausarkar-Wong discloses the system of claim 1. Ausarkar further discloses: receive, by the replication manager, a plurality I/O operations; and identifying the write I/O operations from among the plurality of I/O operations The block-level filter driver 316 may intercept data modification operations (e.g., data writes) that changes one or more blocks stored in the disk volume or file system. For example, the block-level filter driver 316 may locate, monitor, and/or process one or more of the following with respect to one or more applications running on the client computing device 302: data management operations (e.g., data write operations, file attribute modifications), logs or journals (e.g., NTFS change journal), configuration files, file settings, control files, combinations of the same or the like” [0277] [Examiner notes that this text shows the receiving of operation when the driver intercepts all I/O and identifying write when the driver pinpoints the operations that actually modify blocks]). Regarding claim 11, a combination of Ausarkar-Wong discloses the system of claim 1. Ausarkar further discloses: wherein the write I/O operations comprise writes of data blocks (“The block-level filter driver 316 may intercept data modification operations (e.g., data writes) that changes one or more blocks stored in the disk volume or file system. For example, the block-level filter driver 316 may locate, monitor, and/or process one or more of the following with respect to one or more applications running on the client computing device 302: data management operations (e.g., data write operations, file attribute modifications), logs or journals (e.g., NTFS change journal), configuration files, file settings, control files, combinations of the same or the like” [0277]). Regarding claim 12, a combination of Ausarkar-Wong discloses the system of claim 1. Ausarkar further discloses: wherein the log comprises At block 706, the source replication agent 320 adds dehydrated entries to the journal queue. For example, the source replication agent 320 may add, instead of a full entry (or hydrated entry) having both metadata associated with the I/O operation resulting in a change to the source storage device 318 and the data associated with the I/O operation, a dehydrated entry that contains the metadata associated with the I/O operation but not the data associated with the I/O operation. As another example, the source replication agent 320 may add, instead of a full entry or a dehydrated entry, an entry that contains only part of the metadata (e.g., location of the changed block in the source storage device 318)” [0326] [Examiner notes that ethe journal entries are created based on the I/O operations that modify data. The text refers to the I/O resulting in a change to the source storage device. The journal entries represent instances of changed data that will be replicated later. The journal queue mentioned serves as the journal as it stores the changed data and metadata persistently before replication]). Regarding claim 15, Ausarkar discloses: A system comprising: a processing resource; and a non-transitory storage medium storing instructions executable by the processing resource to (“Any given computing device comprises one or more processors (e.g., CPU and/or single-core or multi-core processors), as well as corresponding non-transitory computer memory (e.g., random-access memory (RAM)) for storing computer programs which are to be executed by the one or more processors” [0055]); replicate write input/output (I/O) operations as representations added to a log (“At block 706, the source replication agent 320 adds dehydrated entries to the journal queue. For example, the source replication agent 320 may add, instead of a full entry (or hydrated entry) having both metadata associated with the I/O operation resulting in a change to the source storage device 318 and the data associated with the I/O operation, a dehydrated entry that contains the metadata associated with the I/O operation but not the data associated with the I/O operation. As another example, the source replication agent 320 may add, instead of a full entry or a dehydrated entry, an entry that contains only part of the metadata (e.g., location of the changed block in the source storage device 318)” [0326] [Examiner notes that the journal queue is the log where these representations (of the write) are stored for later]); generate a first access control rule for a first data object containing changed data in a first write I/O operation of the write I/O operations as represented in the representations in the log, the first access control rule generated based on a first sensitivity level assigned by the classifier to the changed data in the first write I/O operation; and perform access control of the first data object based on the first access control rule (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer” [0198] [Examiner notes that this text supports the claim limitations as it shows how sensitivity classification is converted into specific, enforceable access control rules which logically, get enforced once the rules are defined (the system will carry them out)]). Ausarkar does not explicitly disclose: classify, using a classifier, changed data in the representations added to the log to identify a sensitivity level of However, Wong discloses: classify, using a classifier, changed data in the representations added to the log to identify a sensitivity level of One embodiment of the present invention provides a classifier that can automatically reclassify data in a database in response to any relevant data-change in the database. This classifier specifies classification-rules in a database change-notification system, which identifies the relevant data changes. Furthermore, the classifier reclassifies the data based on these classification-rules. For example, the addition of the keyword "anthrax" to a database column having a low sensitivity rating, would automatically reclassify the database column to a higher sensitivity rating. In a second example, the addition of the keywords "kill" and "die" to the same database column would result in the database column receiving an even higher sensitivity rating. In response to the database column being reclassified with a higher sensitivity rating, the classifier can trigger additional operations. For example, these additional operations can involve auditing a table that includes the database column, encrypting data stored in the database column, or activating an intrusion detection system” [0021]; “In one embodiment of the present invention, changing the classification of a data item may result in changing the classification of additional data items associated with the data item. For example, changing the classification of a field in a table may result in changing the classification of the entire table” [0054] [Examiner notes that in the first text, the log is being interpreted as the database change-notification system as it effectively tracks the changed data, which can be seen as the equivalent of a “log” or data structure tracking changes. Examiner also notes that the classifier assigns s sensitivity rating or level to the changed data]); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Ausarkar with the added structure of Wong in order for the system to be able to efficiently and accurately classify new sensitive data in order to keep it protected. Regarding claim 16, a combination of Ausarkar-Wong discloses the system of claim 15. Ausarkar further discloses: wherein a representation of the representations added to the log comprises changed data of a corresponding write I/O operation (“At block 706, the source replication agent 320 adds dehydrated entries to the journal queue. For example, the source replication agent 320 may add, instead of a full entry (or hydrated entry) having both metadata associated with the I/O operation resulting in a change to the source storage device 318 and the data associated with the I/O operation, a dehydrated entry that contains the metadata associated with the I/O operation but not the data associated with the I/O operation. As another example, the source replication agent 320 may add, instead of a full entry or a dehydrated entry, an entry that contains only part of the metadata (e.g., location of the changed block in the source storage device 318)” [0326] [Examiner notes that ethe journal entries are created based on the I/O operations that modify data. The text refers to the I/O resulting in a change to the source storage device. The journal entries represent instances of changed data that will be replicated later. The journal queue mentioned serves as the log as it stores the changed data and metadata persistently before replication]). Regarding claim 17, a combination of Ausarkar-Wong discloses the system of claim 15. Ausarkar further discloses: generate a second access control rule for a second data object containing changed data in a second write I/O operation of the write I/O operations, the second access control rule being based on a second sensitivity level assigned by the classifier to the changed data in the second write I/O operation; and perform access control of the second data object based on the second access control rule (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer” [0198] [Examiner notes that this text supports the claim limitations as it shows how sensitivity classification is converted into specific, enforceable access control rules which logically, get enforced once the rules are defined (the system will carry them out)]). Regarding claim 18, a combination of Ausarkar-Wong discloses the system of claim 15. Ausarkar further discloses: map the changed data in the first write I/O operation to the first data object based on: reading a portion of a command specifying the first write I/O operation to determine that the command contains an indication that the command is used for an operation involving a data object, and identifying the first data object based on further information in the command (“Some types of snapshots do not actually create another physical copy of all the data as it existed at the particular point in time, but may simply create pointers that map files and directories to specific memory locations (e.g., to specific disk blocks) where the data resides as it existed at the particular point in time. For example, a snapshot copy may include a set of pointers derived from the file system or from an application. In some other cases, the snapshot may be created at the block-level, such that creation of the snapshot occurs without awareness of the file system. Each pointer points to a respective stored data block, so that collectively, the set of pointers reflect the storage location and state of the data object (e.g., file(s) or volume(s) or data set(s)) at the point in time when the snapshot copy was created” [0154] [Examiner notes that the snapshot system tracks which data blocks are modified when a write happens. These blocks represent the "changed data". The "command" here is broadly defined in the specification (signal, message, metadata). In practice, it is the metadata/pointers created when a snapshot notes a changed block. The snapshot metadata indicates which higher-level object (file, directory, volume) the changed block belongs to. The snapshot system uses that mapping information to link the changed block back to the specific data object it came from. Reading the mappings is equivalent to reading the command information about the write]). Claim 19 recites substantially the same limitations as claim 1 and 15, in the form of a method, therefore it is rejected under the same rationale. Claim 20 recites substantially the same limitations as claim 1 and 15, in the form of a method, for implementing the corresponding system, therefore it is rejected under the same rationale. Regarding claim 21, a combination of Ausarkar-Wong discloses the system of claim 15. Ausarkar further discloses: wherein the generating of the first access control rule is based on a security policy for the first sensitivity level (“Another type of information management policy 148 is an “audit policy” (or “security policy”), which comprises preferences, rules and/or criteria that protect sensitive data in system 100. For example, an audit policy may define “sensitive objects” which are files or data objects that contain particular keywords (e.g., “confidential,” or “privileged”) and/or are associated with particular keywords (e.g., in metadata) or particular flags (e.g., in metadata identifying a document or email as personal, confidential, etc.). An audit policy may further specify rules for handling sensitive objects. As an example, an audit policy may require that a reviewer approve the transfer of any sensitive objects to a cloud storage site, and that if approval is denied for a particular sensitive object, the sensitive object should be transferred to a local primary storage device 104 instead. To facilitate this approval, the audit policy may further specify how a secondary storage computing device 106 or other system component should notify a reviewer that a sensitive object is slated for transfer” [0198] [Examiner notes that this text supports the claim limitations as it shows how sensitivity classification is converted into specific, enforceable access control rules which logically, get enforced once the rules are defined (the system will carry them out)]). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARON MATTHEWOS WORKU whose telephone number is (703)756-1761. The examiner can normally be reached Monday - Friday, 9:30am - 6:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached on 571-270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SARON MATTHEWOS WORKU/Examiner, Art Unit 2408 /LINGLAN EDWARDS/Supervisory Patent Examiner, Art Unit 2408