DISTRIBUTED DYNAMIC MULTI-LEVEL SECURITY DATA

Notice of Pre-AIA or AIA Status 1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 2. Applicant’s arguments filed on 01/12/2026, with respect to the 35 U.S.C 102 rejection of claims 1-3, 5-11, 13-17 and 19-20 as being anticipated by U.S. Publication No. 20240143774 hereinafter Ramirez have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 3. Claims 1-3, 5-11, 13-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 20240143774 hereinafter Ramirez in view of U.S. Publication No. 20210406601 hereinafter Narlikar. As per claim 1, Ramirez discloses: A method for multi-level security (MLS) data collaboration and access (para 0004 "The operations can further include: applying the restrictions to the data based on data access level and access limitations. The data access clearance can be generated using an attribute based access control, an access- control list, or a role-based access control.") comprising: receiving, by an MLS core, new data to be stored in a knowledge repository (para 0018 "The data can be transmitted from the industrial plant 106 to the data store 108 over the network 110. The industrial plant 106 can include any type of industrial environment where different components or machines can be used to complete one or more industrial processes." Para 0021" The data store 108 stores information within the system 100, including industrial data received from sensors 116A, 116B, 116C, 118, from the industrial plant 106, from the user devices 104A, 104B and/or from the data access control system 102."), the new data generated based on prior data accessed through a data fabric (para 0025 "At 202, a query, including a request to access data stored within a data store is received. The data can include information in a digital form that was generated by sensors in an industrial plant that can be transmitted or processed." The new data (digital form) was generated by data from the sensors (prior data) accessed through the data fabric. Applicant's specification does not provide clear examples of how the new data is generated from prior data); determining, by a classifier model, a classification of a hierarchy of classifications for the new data; storing the classification as metadata associated with the new data in the knowledge repository and the new data via the data fabric (Tables 1-13); receiving, by the MLS core, a request from a user to access first data via the data fabric (para 0025 "At 202, a query, including a request to access data stored within a data store is received."); determining, by an attribute based access control (ABAC) Boolean union modifier and based on a local subject attribute policy, a global access policy, an object attribute policy, a classification of the first data, and attributes of the user, that the user is authorized to access the first data; and providing the first data to the user (Para 0025 "Every object can have attributes (field purposes) within its metadata that contain both the combination of classification and constraints that have been applied to the data object, and the values for them. Examples of data object attributes are illustrated by Tables 1 and 2." Para 0027 "In some countries (in the example illustrated in Table 4, in Malaysia) and with some contracts, it is required to not only limit the data to people who work for the customer have geopolitical clearance for that country, but also to limit the data flow (e.g., place restrictions on the data leaving the country and whether users who are located outside of the country can access the data at all, and if so to what extent). Para 0028 "With ABAC, the data record/document/report would require the following attribute information to be considered when determining if a user should be allowed access to the object. "Does the user have a 'confidential' classification clearance entitlement AND do the user's geopolitical clearances include "MYS" AND do the user's subject terms clearances include 'name of collaborating user' AND is the user currently located within a preset location (e.g., Malaysia)?." Para 0029 "With ABAC, the data record/document would require the following attribute information to be considered when determining if the user should be allowed access to the object. "Does the user have a 'confidential' classification clearance entitlement AND do the user's code word clearances include the string "UMBRA," as illustrated in Table 5." Para 0034 "At 208, data cross border flow constraints are determined based on the set of restriction values that determine geographical boundary relationship restrictions that must be applied to location of the server (data store 108, described with reference to FIG. 1) containing the data concerned, the location of those wishing to access the data concerned, and limitations of cross border actions that can be performed on that data. " Para 0044 " At 214, the data access control result is provided. If it determined, using the selected approach, that access to data is granted, the user device is granted access to at least a portion (rows) of data. "PLEASE SEE Tables 1-13). providing the first data to the user if the user satisfies all of the access restrictions or blocking the user from accessing the first data if the user does not satisfy one or more the access restrictions (para 0022 “The data access control system 102 can use different methods to manage the way in which user device 104A, 104B are matched to data, including data access control, such as attribute based access control (ABAC). ABAC differs from the other methods by defining that all the information required to grant or deny access is included directly on the data object requested by the user device 104A, 104B.”). Ramirez does not disclose: the new data derived based on prior data accessed through a data fabric that couples multiple colocation centers; determining, by a machine learning (ML) classifier model, a classification determining, based on access restrictions, whether the user is authorized to access the first data Narlikar discloses: the new data derived based on prior data accessed through a data fabric that couples multiple colocation centers (para 0193 “For example, the data processing system 105 can include one or more servers in one or more data centers or server farms.” Para 0075 “ A first portion of the cross-modal pipeline is described herein. Data of a new modality (e.g., video posts) can be provided as input, and the system can train models for existing tasks. Labeled data (e.g., labelled categories 128 stored in the database 115, etc.) and models that perform these tasks for existing data modalities may be stored in one or more data repositories (e.g., as the feature classifiers 122 in the database 115, etc.). Processing unclassified or un-modeled and rich data modalities may be time and resource intensive. Techniques to overcome these hurdles are described herein, by developing structured (e.g., categorical and quantitative) features common across data modalities via organizational resources.”); determining, by a machine learning (ML) classifier model, a classification (para 0043 “Machine learning models can be used for tasks such as content and event classification, and often adapt existing models to new data modalities (e.g., adapt from text to images or video, or across other media formats, etc.) to perform the same predictive tasks over these new modalities. Consider the following example a content moderation system (e.g., one or more of the systems described herein, etc.) can use an ML pipeline to flag policy-violating posts on a social media application (e.g., harmful speech, spam, or sensitive content, etc.). Such a system can support a variety of media formats, including video-based posts. The system can classify new video posts for the same violations as the text and image posts.”) determining, based on access restrictions, whether the user is authorized to access the first data (para 0037 “Content selection is often governed in part by policies that dictate what content can be provided in a particular context. For example, content selection policies can use device information, online activity information, time and date information, interaction information, regulatory restrictions, or information resource restrictions to control what content can be displayed on a web page or application. Generally, content is classified into one or more content categories based on the features of the content. Content selection services can select content for a given context if the features for that content match those of a content policy associated with the context. In contrast, if content does not match the content policy associated with the context, the systems and methods can refrain from selecting or block presentation of that content, thereby ensuring that only appropriate content is selected for the context. Therefore, it would be beneficial for a system to analyze the features of content to automatically assign the content to an appropriate content policy.” para 0115 “The client devices 120 can transmit one or more requests for content to a content publisher, a content provider, or data processing system 105. The client devices 120 can receive content from the device to which the request was transmitted, where the content is selected based on device information (e.g., device model, device type, device operating system, device operating system version, device time, device date, any other context information described herein, etc.) about the client device 120 responsible for the request, and based on context information included in the request indicating a content policy. The context information can include, for example, information about age restrictions for a particular website or application. The context information can include a subject matter of the content with which the requested content will be displayed (e.g., certain content may include sensitive information that may not be suitable for presentation with other content, etc.). Based on the content policy assigned to a content item, the device responsible for content selection (e.g., the data processing system 105, the content publisher 160, a content publisher, etc.) can block presentation or selection of content that is inappropriate for the context information.” Para 0124 “The content rule applier 140 can apply a set of content rules 126 to the feature space to determine content metrics. The content rule applier 140 can retrieve one or more content rules 126 from the database 115, or from the memory of the data processing system 105. The content rules 126 can be, for example, one or more binary or rule-based functions that check for the presence of certain aspects or characteristics of a content item. For example, a content rule may be applied to text in a content item to determine whether an emoji (e.g. “:D”, etc.) is present in the text. The content rules 126 may be logic based, arithmetic based (e.g., checking for a characteristics of an image after applying a certain image filter, etc.), or based on instructions executed by the content rule applier 140. By applying a content rule 126 to a content item, the content rule applier 140 can produce one or more content metrics. The content metrics can indicate a result of the content rule. In the previous example, where the content rules 126 could be used by the content rule applier 140 to check whether text included an emoji, the content metrics could include a binary value of ‘1’ indicating that an emoji is present, or a binary value of ‘0’ if an emoji is not present. The content rule applier 140 can identify various portions of content items on which to apply the one or more content rules 126 using various techniques, including optical character recognition.” The access restrictions including a local subject attribute policy, a global access policy, an object attribute policy, a classification of the first data, and attributes of the user) Therefore, it would have obvious to one of ordinary skill in the art to modify the applying the restrictions to the data based on data access level of Ramirez to include the new data derived based on prior data accessed through a data fabric that couples multiple colocation centers, determining, by a machine learning (ML) classifier model, a classification determining, based on access restrictions, whether the user is authorized to access the first data, as taught by Narlikar. The motivation would have been to bind information using a certificate in order to properly associate data with a certificate. As per claim 2, Ramirez in view of Narlikar discloses: The method of claim 1, further comprising training the classifier model based on input, output examples that include an actual classification for each input example that includes actual data associated with the actual classification (Ramirez para 0043 "An example of a system configured to access an object on behalf of an algorithm can be triggered to train an object-driven model. The system cannot use the accounts to provide object to humans, only to processing code. Providing object to humans or the derived work on the accessed object to humans would be a violation of policy unless approved controls and written authorization from CSRC and data governance is provided. No person can use the below accounts to look at the data or download it. No system can use accounts associated with system training to make data visible for a user (e.g., by blocking or preventing transmission of data to a user account or another system). A system configured to access an object on behalf of an algorithm can be configured to run in an automated system data usage mode, e.g. for training data, by automatically preventing access to the data for users."). As per claim 3, Ramirez in view of Narlikar discloses: The method of claim 1, further comprising: parsing policy definitions and program security classification guidelines for requirements associated with the new data (Ramirez para 0022 "In some implementations, the data access control system 102 can ensure that data access within example system 100 (e.g., data store 108) complies with country and international laws, customer contractual requirements, and data publisher operating policies. The data access control system 102 can determine which user device 104A, 104B can have the clearance to access a particular data object, such as a data record, a document, or a report. "); generating a whitelist based on the requirements associated with the new data (Ramirez para 0039 “As in ACL, in RBAC the onus of making sure the Accounts assigned roles are cleared for the object, is based on interpretation of the needs for objects that exist or will be produced by the person establishing the roles and their capabilities at the time of creating those capabilities. There is no enforcement of policy based on information contained within attributes of the data objects themselves; only on the understanding when the access is granted or revoked. Further, any change to the object itself that changes the understanding of what operations particular Roles would be allowed to perform (i.e. object attributes) would likely require changes to Roles and potentially re-assignment of roles to accounts. The correctness of the permissions allocated to each role for different objects can be rigorously controlled, as the determination of whether an operation can be executed by a given role is done at the time when permissions for that role are determined/granted, and not at operation execution time (run-time).” and providing a whitelist to the classifier model along with the new data, wherein determining the classification occurs further based on the whitelist (Ramirez para 0038 "For example, ACL includes a list of permissions associated with a system resource (object). ACL specifies which user accounts and system accounts are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. In ACL each object can contain a list indicating the Accounts/Groups etc. that have access to that object, and the permitted operations for each account/groups on that object.." Table 1, 3, 4, and 5 Restriction List "Named list of user accounts or groups that are granted access based on the other attribute."). As per claim 5, Ramirez in view of Narlikar discloses: The method of claim 1, wherein determining the user is authorized to access the first data includes identifying first that the user satisfies the global access control policy, and then determining that the user satisfies the object attribute policy and the local subject attribute policy (Ramirez para 0027, 0028 and 0034, Table 8-13). As per claim 6, Ramirez in view of Narlikar discloses: The method of claim 5, wherein: the global access control policy includes course grained governance for user and application access at an enterprise level including authorized users, authorized roles, and authorized applications; the object attribute policy contains attributes that are assigned to the first data, including classification, data type, location, and an identifier to define the object; and the local subject attribute policy includes attributes at a mission level including community of interest (COI), a specific mission, or a time window in which access is allowed (Ramirez para 0026, 0027, 0034, Table 1-13). As per claim 7, Ramirez in view of Narlikar discloses: The method of claim 1, further comprising: adding context data to the new data before determining the classification; and determining the classification further based on the context data (Ramirez para 0022 and 0025). As per claim 8, Ramirez in view of Narlikar discloses: The method of claim 7, wherein the context data includes a goal of the user and others working with the user to accomplish the goal (para 0022 "In some implementations, the data access control system 102 can ensure that data access within example system 100 (e.g., data store 108) complies with country and international laws, customer contractual requirements, and data publisher operating policies."). As per claim 9, the implementation of claim 1 will execute the non- transitory machine-readable medium (Ramirez paragraph 0045) of claim 9. The claim is analyzed with respect to claim 1. As per claim 10, the claim is analyzed with respect to claim 2. As per claim 11, the claim is analyzed with respect to claim 3. As per claim 13, the claim is analyzed with respect to claim 5. As per claim 14, the claim is analyzed with respect to claim 6. As per claim 15, the claim is analyzed with respect to claim 7. As per claim 16, the claim is analyzed with respect to claim 8. As per claim 17, the implementation of claim 1 will execute the system of claim 17. The claim is analyzed with respect to claim 1. As per claim 19, the claim is analyzed with respect to claim 5. As per claim 20, the claim is analyzed with respect to claim 6. 4. Claims 4, 12 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ramirez in view of Narlikar, and further in view of U.S. Publication No. 20140201520 hereinafter Yacobi. As per claim 4, Ramirez in view of Narlikar discloses: The method of claim 1, further comprising: associating with new data (para 0022 and 0025) Ramirez in view of Narlikar does not discloses: associating, by a certificate authority of the knowledge repository, a certificate for the new data; binding, by an integrity binder of the knowledge repository, the certificate to the new data resulting in a bound certificate; and associating the bound certificate with the new data and storing the bound certificate in the knowledge repository Yacobi discloses: associating, by a certificate authority of the knowledge repository, a certificate for the new data; binding, by an integrity binder of the knowledge repository, the certificate to the new data resulting in a bound certificate; and associating the bound certificate with the new data and storing the bound certificate in the knowledge repository (para 0060 "One type of certificate frequently employed in the attribute-based access-control system is an attribute certificate, issued by the CRA, that binds a particular user with attributes. The message portion of the certificate may include, as one example, the user's name 710, an identifier for the user 711, an indication of the attribute bound to the user by the certificate 712, a certificate identification number 713, the public key of the certificate authority 714, for certificate authorities below a root certificate authority in a hierarchy of certificate authorities, used by a recipient to verify the certificate, an indication of the method by which the signature was generated 715, an indication of the hash method used to hash the message prior to the secret-key-based signature generation 716, and from-and-to dates 717 that together specify a period of time during which the certificate is valid. In alternative implementations, a greater number, fewer, or different fields may be included in an attribute certificate. Additional types of certificates employed in an attribute-based access- control system may include certificates that bind personal information to an owner and certificates that bind personal information to a writer, as discussed further below.") Therefore, it would have obvious to one of ordinary skill in the art to modify the applying the restrictions to the data based on data access level of Ramirez in view of Narlikar to include associating, by a certificate authority of the knowledge repository, a certificate for the new data; binding, by an integrity binder of the knowledge repository, the certificate to the new data resulting in a bound certificate; and associating the bound certificate with the new data and storing the bound certificate in the knowledge repository, as taught by Yacobi. The motivation would have been to bind information using a certificate in order to properly associate data with a certificate. As per claim 12, the claim is analyzed with respect to claim 4. As per claim 18, the claim is analyzed with respect to claim 4. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /GARY S GRACIA/Primary Examiner, Art Unit 2499