DETAILED ACTION
1. This is a Final Office Action Correspondence in response to U.S. Application No. 18/631318 filed on November 05, 2025.
Notice of Pre-AIA or AIA Status
2. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
3. Applicants’ arguments have been considered but are not persuasive.
On Pg.16-17 in regards to 35 U.S.C. 103, relating to claim 1 Applicant argues the cited reference Rajesh does not teach “relationships of additional users to the user or relationships of additional documents related to one or more documents in the first layer of documents”.
Examiner replies that a new reference was introduced to teach these amendments.
On Pg.17 in regards to 35 U.S.C. 103, relating to claim 7 Applicant argues the cited reference Rajesh does not teach “Claim 14 similarly recites "wherein identifying the first layer of documents related to activities of the user comprises identifying one or more of: one or more documents trending around the user, one or more documents viewed by the user, one or more documents modified by the user, and one or more documents shared with the user”.
Examiner replies a new reference was introduced to teach these limitations.
Claim Rejections - 35 U.S.C. §101
4. 35 U.S.C. §101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
5. Claims 1-22 are rejected under 35 USC 101 as directed to an abstract idea without significantly more.
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one independent claim, 1, specifically claim 1 recites in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions,
“identifying by the at least one processor and based on activities and/or relationships of the user subsequent documents that include the sensitive data wherein identifying the subsequence documents comprises” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions,
identifying a first layer of documents related to activities of the user in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions;
and identifying a second layer of documents determined in response to one or more of: relationships of additional users to the user or relationships of additional documents related to one or more documents in the first layer of documents in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions,
in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim of 1 recites elements to be mere instructions to apply an exception, because they recite no more than an idea of a solution or outcome that is not an improvement to the functioning of a computer or to another technology:
For example, “identifying by a computing device that at least one processor and memory a user associated with one or more documents in the one or more data repositories in the computer network or the cloud infrastructure wherein the user comprises a very attacked person (VAP)” is seen as MPEP 2106.05(f) i. Remotely accessing user-specific information through a mobile interface and pointers to retrieve the information without any description of how the mobile interface and pointers accomplish the result of retrieving previously inaccessible information, Intellectual Ventures v. Erie Indem. Co., 850 F.3d 1315, 1331, 121 USPQ2d 1928, 1939 (Fed. Cir. 2017);
For example, “and initiating by the at least one processor and based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified subsequent documents” is seen as MPEP 2106.05(f) i. Remotely accessing user-specific information through a mobile interface and pointers to retrieve the information without any description of how the mobile interface and pointers accomplish the result of retrieving previously inaccessible information, Intellectual Ventures v. Erie Indem. Co., 850 F.3d 1315, 1331, 121 USPQ2d 1928, 1939 (Fed. Cir. 2017);
This judicial exception is not integrated into a practical application. At step 2B, the claim recites “identifying by a computing device that at least one processor and memory a user associated with one or more documents in the one or more data repositories in the computer network or the cloud infrastructure wherein the user comprises a very attacked person (VAP)”, “and initiating by the at least one processor and based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified subsequent documents”.
For example, “identifying by a computing device that at least one processor and memory a user associated with one or more documents in the one or more data repositories in the computer network or the cloud infrastructure wherein the user comprises a very attacked person (VAP)” is seen as computer functions that are well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality). MPEP 2106.05(d); (II), (iv).
For example, “and initiating by the at least one processor and based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified subsequent documents”, is seen as computer functions that are well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality). MPEP 2106.05(d); (II), (iv).
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 3, specifically claim 3 recites “identifying one or more documents trending around the user” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 3 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 5, specifically claim 5 recites “wherein identifying the second layer of documents determined in response to relationships of additional documents related to one or more documents in the first layer of documents comprises identifying one or more documents in a same folder as at least one of the one or more documents identified in the first layer of documents” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 5 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 6, specifically claim 6 recites “wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying documents associated with one or more additional users relevant to the user by relationship within an organization to which the user belongs” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 6 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 7, specifically claim 7 recites “wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying owners of the one or more documents identified as trending around the user, modified by the user, or shared with the user” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 7 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 8, specifically claim 8 recites “wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying owners of the one or more documents in the same folder as the at least one of the one or more documents identified in the first layer of documents” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 8 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 9, specifically claim 9 recites “wherein the documents in the one or more data repositories in the computer network or the cloud infrastructure comprise a set of documents managed by one or more sensitive data handling teams within an organization” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 9 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 10, specifically claim 10 recites no new abstract ideas.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The dependent claim of 10 recites elements to be mere instructions to apply an exception, because they recite no more than an idea of a solution or outcome that is not an improvement to the functioning of a computer or to another technology:
For example “wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team” is seen as MPEP 2106.05(g) v. Consulting and updating an activity log, Ultramercial, 772 F.3d at 715, 112 USPQ2d at 1754.
This judicial exception is not integrated into a practical application. At step 2B, the claim recites “wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team”.
For example, “wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team”, is seen as computer functions that are well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality). MPEP 2106.05(d); (II), (iv).
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 11, specifically claim 11 recites no new abstract ideas.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The dependent claim of 11 recites elements to be mere instructions to apply an exception, because they recite no more than an idea of a solution or outcome that is not an improvement to the functioning of a computer or to another technology:
For example “wherein identifying the user comprises is based on their position within their organization” is seen as insignificant extra activities.
This judicial exception is not integrated into a practical application. At step 2B, the claim recites “wherein identifying the user comprises is based on their position within their organization”.
For example, “wherein identifying the user comprises is based on their position within their organization”, is seen as computer functions that are well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality). MPEP 2106.05(d); (II), (iv).
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one independent claim, 12, specifically claim 12 recites “identify a user associated with one or more documents at the data discovery starting point” the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions,
“identify using activities and/or relationships of the user subsequent documents that include the sensitive data, wherein identifying the subsequence documents comprises” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions,
“identifying a first layer of documents related to activities of the user, in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions;
and identifying a second layer of documents determined in response to one or more of: relationships of additional users to the user or relationships of additional documents related to one or more documents in the first layer of documents” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions, in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim of 12 recites elements to be mere instructions to apply an exception, because they recite no more than an idea of a solution or outcome:
For example “one or more data repositories in a computer network or cloud infrastructure having data stored therein, the data managed by an organization and comprising the sensitive data” is seen as insignificant extra activities.
For example, “a processor coupleable to the one or more data repositories in the computer network or cloud infrastructure” is seen as insignificant extra activities.
For example, “and a storage device for storing instructions, wherein the processor is configured to operate in response to the stored instructions to: couple to the one or more data repositories in the computer network or cloud infrastructure” is seen as insignificant extra activities.
For example, “and initiate, based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified subsequent documents” is seen as MPEP 2106.05(f) i. Remotely accessing user-specific information through a mobile interface and pointers to retrieve the information without any description of how the mobile interface and pointers accomplish the result of retrieving previously inaccessible information, Intellectual Ventures v. Erie Indem. Co., 850 F.3d 1315, 1331, 121 USPQ2d 1928, 1939 (Fed. Cir. 2017);
This judicial exception is not integrated into a practical application. At step 2B, the claim recites “one or more data repositories in a computer network or cloud infrastructure having data stored therein, the data managed by an organization and comprising the sensitive data”, “a processor coupleable to the one or more data repositories in the computer network or cloud infrastructure”, “and a storage device for storing instructions, wherein the processor is configured to operate in response to the stored instructions to: couple to the one or more data repositories in the computer network or cloud infrastructure”, “and initiate, based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified subsequent documents”.
For example, “one or more data repositories in a computer network or cloud infrastructure having data stored therein, the data managed by an organization and comprising the sensitive data”, do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The additional elements are a step of transmitting data, and is recognized as well understood, routine, and conventional activity within the field of computer functions as an element of receiving or transmitting data over a network (MPEP 2106.05(d)(II)(i)).
For example, ““a processor coupleable to the one or more data repositories in the computer network or cloud infrastructure” do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The additional elements are a step of transmitting data, and is recognized as well understood, routine, and conventional activity within the field of computer functions as an element of receiving or transmitting data over a network (MPEP 2106.05(d)(II)(i)).
For example, “and a storage device for storing instructions, wherein the processor is configured to operate in response to the stored instructions to: couple to the one or more data repositories in the computer network or cloud infrastructure”, do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The additional elements are a step of transmitting data, and is recognized as well understood, routine, and conventional activity within the field of computer functions as an element of receiving or transmitting data over a network (MPEP 2106.05(d)(II)(i)).
For example, “and initiate, based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified subsequent documents” do not include additional elements that are sufficient to amount to significantly more than the judicial exception. The additional elements are a step of transmitting data, and is recognized as well understood, routine, and conventional activity within the field of computer functions as an element of receiving or transmitting data over a network (MPEP 2106.05(d)(II)(iv)).
With respect to Step 1, the claims are directed to a computer-implemented method.
With respect to Step 2A Prong one dependent claim, 14, specifically claim 14 recites “identifying one or more documents trending around the user, one or more documents viewed by the user, one or more documents modified by the user, and one or more documents shared with the user” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 14 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a system.
With respect to Step 2A Prong one dependent claim, 16, specifically claim 16 recites “wherein identifying the second layer of documents determined in response to relationships of additional documents related to one or more documents in the first layer of documents comprises identifying one or more documents in a same folder as at least one of the one or more documents identified in the first layer of documents” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 16 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a system.
With respect to Step 2A Prong one dependent claim, 17, specifically claim 17 recites “wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying documents associated with one or more additional users relevant to the user by relationship within an organization to which the user belongs” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 17 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a system.
With respect to Step 2A Prong one dependent claim, 18, specifically claim 18 recites “wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying owners of the one or more documents identified as trending around the user, viewed by the user, modified by the user, or shared with the user” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 18 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a system.
With respect to Step 2A Prong one dependent claim, 19, specifically claim 19 recites “wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying owners of the one or more documents in the same folder as the at least one of the one or more documents identified in the first layer of documents” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 19 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a system.
With respect to Step 2A Prong one dependent claim, 20, specifically claim 20 recites “documents in the one or more data repositories in the computer network or the cloud infrastructure comprises a set of documents managed by one or more sensitive data handling teams within an organization” in the context of this claim encompasses the user mentally selecting a starting point of a documents stored on paper with coded instructions. These limitations could be reasonably and practically performed by the human mind, for instance based on a human can identify documents, starting points within the documents in order to identify sensitive data and to mask the sensitive data.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The independent claim 20 recites no new additional elements.
This judicial exception is not integrated into a practical application.
With respect to Step 1, the claims are directed to a system.
With respect to Step 2A Prong one dependent claim, 21, specifically claim 21 recites no new abstract ideas.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The dependent claim of 21 recites elements to be mere instructions to apply an exception, because they recite no more than an idea of a solution or outcome that is not an improvement to the functioning of a computer or to another technology:
For example “wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team” is seen as MPEP 2106.05(g) v. Consulting and updating an activity log, Ultramercial, 772 F.3d at 715, 112 USPQ2d at 1754.
This judicial exception is not integrated into a practical application. At step 2B, the claim recites “wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team”.
For example, “wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team”, is seen as computer functions that are well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality). MPEP 2106.05(d); (II), (iv).
With respect to Step 1, the claims are directed to a system.
With respect to Step 2A Prong one dependent claim, 22, specifically claim 22 recites no new abstract ideas.
Accordingly, the claim recites an abstract idea.
Step 2A Prong Two the claims do not recite additional elements that integrate the judicial exception into a practical application.
The dependent claim of 22 recites elements to be mere instructions to apply an exception, because they recite no more than an idea of a solution or outcome that is not an improvement to the functioning of a computer or to another technology:
For example “wherein the processor is further configured to operate in response to the stored instructions to identify the user comprises a VAP based on their position within their organization” is seen as MPEP 2106.05(g) v. Consulting and updating an activity log, Ultramercial, 772 F.3d at 715, 112 USPQ2d at 1754.
This judicial exception is not integrated into a practical application. At step 2B, the claim recites “wherein the processor is further configured to operate in response to the stored instructions to identify the user comprises a VAP based on their position within their organization”.
For example, “wherein the processor is further configured to operate in response to the stored instructions to identify the user comprises a VAP based on their position within their organization”, is seen as computer functions that are well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality). MPEP 2106.05(d); (II), (iv).
Claim Rejections - 35 USC § 103
6. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
7. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
8. Claim(s) 1-4, 6, 7, 9-15, 17, 18 and 20-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rajesh U.S. Patent Application Publication No. 2020/0311304 (herein as ‘Rajesh) and further in view of Amar U.S. Patent No. 11,611,590 (herein as ‘Amar’).
As to claim 1 Rajesh teaches a computer-implemented method for protecting sensitive data within documents in one or more data repositories in a computer network or cloud infrastructure for protection of sensitive data (Par. 0063 Rajesh discloses the sensitive data is stored on storage devices. Par. 0066 Rajesh discloses a computer network, a data storage); the method comprising:
selecting by a computing device having at least one processor and memory a data discovery starting point within the documents in the one or more data repositories in the computer network or the cloud infrastructure (Fig. 11a (1102-1103) and Par. 0114 Rajesh discloses determining sensitive data within documents);
identifying by a computing device having at least one processor and memory a user associated with one or more documents in the one or more data repositories in the computer network or the cloud infrastructure (Fig. 11a (1102-1103) and Par. 0114 Rajesh discloses determining a user associated with the sensitive data within documents);
identifying by the at least one processor and based on activities and/or relationships of the user subsequent documents that include the sensitive data (Fig. 11a (1104), and Par. 0114 Rajesh discloses users that access the sensitive data);
and initiating by the at least one processor and based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified subsequent documents (Fig. 11b (1107f) and Rajesh discloses replacing the sensitive data with tokens).
Rajesh does not teach but Amar teaches wherein the user comprises a very attacked person (VAP) (Fig. 1a and Col. 7 Lines 27-46 Amar discloses identifying a VAP known as (Very Attacked Person));
wherein identifying the subsequent documents comprises:
identifying a first layer of documents related to activities of the user (Fig.1a and Col. 8 Lines 39-41 Amar discloses the user as access to information or systems. Col. 31 Lines 50-55 Amar discloses the data is data records);
and identifying a second layer of documents determined in response to one or more of: relationships of additional users to the user or relationships of additional documents related to one or more documents in the first layer of documents (Col. 8 Lines 50-58 Amar discloses documents that are associated with a website, such as entering data into an on-line form. The website is seen as the first layer of documents. On-line form on the website is seen as the second layer of documents. entering data into an on-line form on the website is seen as the second layer of document related to the first documents).
Rajesh and Amar are analogous art because they are in the same field of endeavor, document processing. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to modify the sensitive data of Rajesh to include the identification of a very attacked person of Amar, to allow for a reduction in cybersecurity risk (Col. 3 Lines 1-60 and Col. 4 Lines1-30 Amar).
As to claim 3 Rajesh in combination with Amar teaches each and every limitation of claim 2.
In addition Rajesh teaches wherein identifying the first layer of documents related to activities of the user comprises identifying one or more documents trending around the user, (Par. 0034 Rajesh discloses the user accessing the document. Par. 0096 Rajesh discloses monitoring who and what data manipulation statements are made).
As to claim 6 Rajesh in combination with Amar teaches each and every limitation of claim 4.
In addition Rajesh teaches wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying documents associated with one or more additional users relevant to the user by relationship within an organization to which the user belongs (Par. 0082 and 0124 Rajesh discloses using data mapping so users can be a part of users groups. The data mapping has the lineage of related users where the groups are authorized or not authorized).
As to claim 7 Rajesh in combination with Amar teaches each and every limitation of claim 4.
In addition Amar teaches wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying owners of the one or more documents identified as trending around the user, modified by the user, or shared with the user (Col. 8 Lines 50-58 Amar discloses documents that are associated with a website, such as entering data into an on-line form).
As to claim 9 Rajesh in combination with Amar teaches each and every limitation of claim 4.
In addition Rajesh teaches wherein the documents in the one or more data repositories in the computer network or the cloud infrastructure comprises comprise a set of documents managed by one or more sensitive data handling teams within an organization (Fig. 11a (1102-1103) and Par. 0114 Rajesh discloses determining sensitive data within documents).
As to claim 10 Rajesh in combination with Amar teaches each and every limitation of claim 9.
In addition Rajesh teaches wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team (Par. 112 Rajesh discloses the user being a system administrator).
As to claim 11 Rajesh in combination with Amar teaches each and every limitation of claim 1.
In addition Rajesh teaches wherein identifying the user is based on their position within their organization (Par. 0097 Rajesh discloses a user no longer at the company should not have their data at risk. Being a former employee is a position within the organization).
As to claim 12 Rajesh teaches a system for protection of sensitive data comprising:
one or more data repositories in a computer network or cloud infrastructure having data stored therein, the data managed by an organization and comprising the sensitive data (Par. 0063 Rajesh discloses the sensitive data is stored on storage devices. Par. 0066 Rajesh discloses a computer network, a data storage);
a processor coupleable to the one or more data repositories in the computer network or cloud infrastructure (Par. 0029 Rajesh discloses a processor);
and a storage device for storing instructions, wherein the processor is configured to operate in response to the stored instructions to:
couple to the one or more data repositories in the computer network or cloud infrastructure (Par. 0063 Rajesh discloses the sensitive data is stored on storage devices. Par. 0066 Rajesh discloses a computer network, a data storage);
identify a user associated with one or more documents in the one or more data repositories in the computer network or the cloud infrastructure, (Fig. 11a (1102-1103) and Par. 0114 Rajesh discloses determining a user associated with the sensitive data within documents);
identify using activities and/or relationships of the user subsequent documents that include the sensitive data (Fig. 11a (1104), and Par. 0114 Rajesh discloses users that access the sensitive data);
and initiate by the at least one processor and based on instructions stored in the memory, one or more security actions to address the sensitive data in one or more of the identified (Fig. 11b (1107f) and Rajesh discloses replacing the sensitive data with tokens).
Rajesh does not teach but Amar teaches where the user comprises a very attacked person (VAP) (Fig. 1a and Col. 7 Lines 27-46 Amar discloses identifying a VAP known as (Very Attacked Person));
where identifying the subsequent documents comprises: identifying a first layer of documents related to activities of the user, (Fig.1a and Col. 8 Lines 39-41 Amar discloses the user as access to information or systems. Col. 31 Lines 50-55 Amar discloses the data is data records);
and identifying a second layer of documents determined in response to one or more of: relationships of additional users to the user or relationships of additional documents related to one or more documents in the first layer of documents (Col. 8 Lines 50-58 Amar discloses documents that are associated with a website, such as entering data into an on-line form. The website is seen as the first layer of documents. On-line form on the website is seen as the second layer of documents. entering data into an on-line form on the website is seen as the second layer of document related to the first documents).
Rajesh and Amar are analogous art because they are in the same field of endeavor, document processing. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to modify the sensitive data of Rajesh to include the identification of a very attacked person of Amar, to allow for a reduction in cybersecurity risk (Col. 3 Lines 1-60 and Col. 4 Lines1-30 Amar).
As to claim 14 Rajesh in combination with Amar teaches each and every limitation of claim 13.
In addition Amar teaches wherein identifying the first layer of documents related to activities of the user comprises identifying one or more documents trending around the user, one or more documents viewed by the user (Col. 8 Lines 50-58 Amar discloses documents that are associated with a website, such as entering data into an on-line form);
one or more documents modified by the user, and one or more documents shared with the user (Par. 0096 Rajesh discloses monitoring who and what data manipulation statements are made).
As to claim 17 Rajesh in combination with Amar teaches each and every limitation of claim 15.
In addition Rajesh teaches wherein the processor is further configured to operate in response to the stored instructions to identify the second layer of documents determined in response to relationships of additional users to the user by identifying documents associated with one or more additional users relevant to the user by relationship within an organization to which the user belongs (Par. 0082 and 0124 Rajesh discloses using data mapping so users can be a part of users groups. The data mapping has the lineage of related users where the groups are authorized or not authorized).
As to claim 18 Rajesh in combination with Amar teaches each and every limitation of claim 15.
In addition Amar teaches wherein the processor is further configured to operate in response to the stored instructions to identify the second layer of documents determined in response to relationships of additional users to the user by identifying owners of the one or more documents identified as trending around the user, viewed by the user, modified by the user, or shared with the user (Col. 8 Lines 50-58 Amar discloses documents that are associated with a website, such as entering data into an on-line form).
As to claim 20 Rajesh in combination with Amar teaches each and every limitation of claim 12.
In addition Rajesh teaches wherein the documents in the one or more data repositories in the computer network or the cloud infrastructure comprise a set of documents managed by one or more sensitive data handling teams within an organization (Fig. 11a (1102-1103) and Par. 0114 Rajesh discloses determining sensitive data within documents).
As to claim 21 Rajesh in combination with Amar teaches each and every limitation of claim 20.
In addition Rajesh teaches wherein the one or more sensitive data handling teams within the organization include one or more of a finance team, a human resources team and a research team (Par. 112 Rajesh discloses the user being a system administrator).
As to claim 22 Rajesh in combination with Amar teaches each and every limitation of claim 12.
In addition Rajesh teaches wherein the processor is further configured to operate in response to the stored instructions to identify the comprises a VAP based on, their position within their organization (Par. 0097 Rajesh discloses a user no longer at the company should not have their data at risk. Being a former employee is a position within the organization).
9. Claim(s) 5, 8, 16 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rajesh U.S. Patent Application Publication No. 2020/0311304 (herein as ‘Rajesh) in combination with Amar U.S. Patent No. 11,611,590 (herein as ‘Amar’) and further in view of Weider et al. U.S. Patent Application Publication No. 2022/0405417 (herein as ‘Weidner’).
As to claim 5 Rajesh teaches each and every limitation of claim 4.
Rajesh does not teach but Weidner teaches wherein identifying the second layer of documents determined in response to relationships of additional documents related to one or more documents in the first layer of documents comprises identifying one or more documents in a same folder as at least one of the one or more documents identified in the first layer of documents (Par. 0050 Weidner discloses related documents being within the same partition. The partition is seen as the folder. The different documents are seen as first and second layer documents).
Rajesh and Weidner are analogous art because they are in the same field of endeavor, document processing. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to modify the sensitive data of Rajesh to include the same partition of Weidner, to allow for accessing content in order to classify sensitive documents correctly based upon extracted metadata (Par. 0002-0003 Weidner).
As to claim 8 Rajesh teaches each and every limitation of claim 5.
Rajesh does not teach but Weidner teaches wherein identifying the second layer of documents determined in response to relationships of additional users to the user comprises identifying owners of the one or more documents in the same folder as the at least one of the one or more documents identified in the first layer of documents (Par. 0050 Weidner discloses related documents being within the same partition. The partition is seen as the folder. The different documents are seen as first and second layer documents).
Rajesh and Weidner are analogous art because they are in the same field of endeavor, document processing. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to modify the sensitive data of Rajesh to include the same partition of Weidner, to allow for accessing content in order to classify sensitive documents correctly based upon extracted metadata (Par. 0002-0003 Weidner).
As to claim 16 Rajesh teaches each and every limitation of claim 15.
Rajesh does not teach but Weidner teaches wherein the processor is further configured to operate in response to the stored instructions to identify the second layer of documents determined in response to relationships of additional documents related to one or more documents in the first layer of documents by identifying one or more documents in a same folder as at least one of the one or more documents identified in the first layer of documents (Par. 0050 Weidner discloses related documents being within the same partition. The partition is seen as the folder. The different documents are seen as first and second layer documents).
Rajesh and Weidner are analogous art because they are in the same field of endeavor, document processing. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to modify the sensitive data of Rajesh to include the same partition of Weidner, to allow for accessing content in order to classify sensitive documents correctly based upon extracted metadata (Par. 0002-0003 Weidner).
As to claim 19 Rajesh teaches each and every limitation of claim 16.
Rajesh does not teach but Weidner teaches wherein the processor is further configured to operate in response to the stored instructions to identify the second layer of documents determined in response to relationships of additional users to the user by identifying owners of the one or more documents in the same folder as the at least one of the one or more documents identified in the first layer of documents (Par. 0050 Weidner discloses related documents being within the same partition. The partition is seen as the folder. The different documents are seen as first and second layer documents).
Rajesh and Weidner are analogous art because they are in the same field of endeavor, document processing. It would have been obvious to one of ordinary skill in the art, before the effective filing date, to modify the sensitive data of Rajesh to include the same partition of Weidner, to allow for accessing content in order to classify sensitive documents correctly based upon extracted metadata (Par. 0002-0003 Weidner).
Conclusion
10. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JERMAINE A MINCEY whose telephone number is (571)270-5010. The examiner can normally be reached 8am EST until 5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ann J Lo can be reached at (571) 272-9767. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/J.A.M/ January 26, 2026Examiner, Art Unit 2159
/ANN J LO/Supervisory Patent Examiner, Art Unit 2159