Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
DETAILED ACTION
Claims 1-27 are pending in this office action. Claims 3 and 10 stand canceled. Claims 26-27 have been newly added.
Applicant’s arguments, filed 12/16/2025, have been fully considered.
Priority
No foreign priority is claimed.
Response to Arguments
Applicant’s arguments, filed 12/16/2025, have been fully considered wherein the applicant presents arguments regarding the presence or absence of claimed limitations in the prior art. The arguments are moot in view of new grounds of rejection presented below.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-2, 4, 6-9, 11, 13-18, 20-26 are rejected under 35 U.S.C. 102(a)(1), 102(a)(2) as being anticipated by Snellman et al. (US 2021/0209077 A1, Snellman hereinafter).
For claim 1, Snellman teaches a processor-implemented method, the method comprising: identifying two or more users (Abstract; para 0006, 0008, 0035 - plurality of system or application users);
identifying one or more data regulation requirements (para 0006-0007, 0010-0011, 0063 - data policy as data regulation requirement);
determining a set of data rules from the one or more data regulation requirements (Abstract; para 0054, 0063 - rules associated with regulation requirements);
identifying a data set (Abstract; para 0011, 0054 - identifying data for accessing);
determining, in response to a request for a subset of data from the data set, an access state to the subset of data for a user from the two or more users based on one or more data rules from the set of data rules (para 0009, 0011, 0040, 0288, 0304 - accessing data subset from the data set with rules pertaining to access regulations or permissions associated with users); and
generating filtered data based on the subset of data according to the determined access state (Abstract; para 0079, 0290, 0304, 0343, 0345 - permission state determining access state and determining filtered/masked data based on regulatory rules associated with permission levels).
For claim 2, Snellman teaches the claimed subject matter as discussed above. Snellman further teaches providing the filtered data to the user from the two or more users (Abstract; para 0290, 0304, 0343, 0345).
For claim 4, Snellman teaches the claimed subject matter as discussed above. Snellman further teaches identifying a change in at least one data regulation requirement, wherein a change may include introduction of a new data regulation requirement or removal of an existing data regulation requirement; and modifying at least one data rule based on the change (para 0308-0310, 0351, 0355 - policy or data regulation update, and application-level user rules are specified to be applied based on the policy update).
For claim 6, Snellman teaches the claimed subject matter as discussed above. Snellman further teaches preparing evidence of authenticity of the filtered data (para 0063, 0079, 0111, 0115, 0245 - data validator, authenticity and utilizing mechanisms such as hash comparison for data integrity or correctness).
For claim 7, Snellman teaches the claimed subject matter as discussed above. Snellman further teaches wherein the data regulation requirements include at least one agreement between at least two of the two or more users (para 0080, 0115, 0117, 0155 - consensus or agreement among parties with regards to regulations rules or permissions).
As to claim 8, the claim limitations are similar to those of claim 1, except claim 8 is drawn to a computer system, the computer system comprising: one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage media, and program instructions stored on at least one of the one or more tangible storage media for execution by at least one of the one or more processors via at least one of the one or more memories (Snellman - Fig. 1, 15; para 0013, 0098, 0365-0366), wherein the computer system is capable of performing the method of claim 1. Therefore claim 8 is rejected according to claim 1.
As to claims 9, 11, 13-14, the claim limitations are similar to those of claims 2, 4, 6-7 respectively. Therefore claims 9, 11, 13-14 are rejected according to claims 2, 4, 6-7 respectively as above.
As to claim 15, the claim limitations are similar to those of claim 1, except claim 15 is drawn to a computer program product, the computer program product comprising: one or more computer-readable tangible storage media and program instructions stored on at least one of the one or more tangible storage media (Snellman - Fig. 1, 15; para 0013, 0098, 0365-0366), the program instructions executable by a processor capable of performing the method of claim 1. Therefore claim 15 is rejected according to claim 1.
As to claims 16, 18, 20-21, the claim limitations are similar to those of claims 2, 4, 6-7 respectively. Therefore claims 16, 18, 20-21 are rejected according to claims 2, 4, 6-7 respectively as above.
For claim 17, Snellman teaches the claimed subject matter as discussed above. Snellman further teaches preparing documentation of the generating (para 0220, 0271, 0278, 0280, 0290, 0352 - instructions based on comments (documented) pertaining to processing of the rules and generation of modified or filtered data, and also creating logs or audit logs pertaining to data modifications).
For claim 22, Snellman teaches a processor-implemented method, the method comprising: identifying one or more data regulation requirements (para 0006-0007, 0010-0011, 0063 - data policy as data regulation requirement);
determining a set of data rules from the one or more data regulation requirements (Abstract; para 0054, 0063 - rules associated with regulation requirements);
identifying a data set (Abstract; para 0011, 0054 - identifying data for accessing);
determining, based on one or more data rules from the set of data rules, an access state to a subset of data from the identified data set (para 0009, 0011, 0040, 0288, 0304 - accessing data subset from the data set with rules pertaining to access regulations or permissions associated with users); and
generating filtered data according to the determined access state (Abstract; para 0079, 0290, 0304, 0343, 0345 - permission state determining access state and determining filtered/masked data based on regulatory rules associated with permission levels);
preparing documentation of the generating (para 0220, 0278, 0280, 0290, 0352 - instructions based on comments (documented) pertaining to processing of the rules and generation of modified or filtered data, and also creating logs or audit logs pertaining to data modifications).
For claim 23, Snellman teaches the claimed subject matter as discussed above. Snellman further teaches wherein the preparing includes identifying the underlying data regulation requirements that led to the data rules that in turn led to the determined access state (para 0205-0206, 0288-0290, 0351--0352 - rules based on policies, maintained by security driver, and providing comments, creating logs etc. as part of tracking applied policies/rules by security driver).
As to claim 24, the claim limitations are similar to those of claim 22, except claim 24 is drawn to a computer program product, the computer program product comprising: one or more computer-readable tangible storage media and program instructions stored on at least one of the one or more tangible storage media (Snellman - Fig. 1, 15; para 0013, 0098, 0365-0366), the program instructions executable by a processor capable of performing the method of claim 22. Therefore claim 24 is rejected according to claim 22.
As to claims 25, the claim limitations are similar to those of claim 23. Therefore claim 25 is rejected according to claim 23 as above.
For claim 26, Snellman teaches the claimed subject matter as discussed above. Snellman further teaches wherein determining the access state to the subset of data for the user is completed by a trained machine learning model based on a description of the subset of data (para 0236 - risk metrics based on access requests for entities, applications, devices etc., based on historical log events, to predict the likelihood of various types of access requests such as to particular units of content or data sets, types of data, amounts and frequencies of access requests etc. and predicting using the trained model, maliciousness and thus the access state of the request).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 5, 12, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Snellman et al. (US 2021/0209077 A1, Snellman hereinafter), in view of Roth et al. (US SG 10201803844T A, Roth hereinafter).
For claims 5, 12 and 19, Snellman teaches the claimed subject matter as discussed above in claim 4. Snellman further teaches location-based rules wherein the requested data undergoes restriction or processing based on location of the requested object (para 0054). Snellman does not appear to explicitly disclose, however Roth discloses wherein the change is based on a change in a location of the identified data (para 0020, 0025, 0042, 0072, 0082, 0089, 0091 - policy generations/modifications associated with jurisdiction regulations and enforcement of data compliance). Based on Snellman in view of Roth, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Roth in the system of Snellman, in order to apply additional entity or data security mechanisms including criteria such as location or jurisdiction area-based conditions to enforce security features, thereby improving security robustness of Snellman’s system.
Allowable Subject Matter
Claim 27 is objected to as being dependent upon a rejected base claim and parent claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims in addition to overcoming the above-mentioned objections/rejections associated with their parent claims.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433