SENSITIVE DATA LEAKAGE PREVENTION

§103 §112

DETAILED ACTION This communication is responsive to the application # 18/800,511 filed on August 12, 2024. Claims 1-20 are pending and are directed toward SENSITIVE DATA LEAKAGE PREVENTION. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: engine in claims 1-9. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The claim limitations use a generic placeholder “engine” that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. The whole sensitive data leakage prevention system is claimed as being stored in memory without any disclosure of “engines” structure. Claims 1-9 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. The claim 1 limitation “A system for sensitive data leakage prevention, the system comprising: a computing platform including a memory and at least one computing processor device in communication with the memory, wherein the memory stores a sensitive data leakage prevention system” provides a circular definition of “sensitive data leakage prevention system”, which is infinite, and therefore indefinite. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 2, 4, 6-8, 10, 11, 13, 15-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nagpal et al. (US 2020/0349298, Pub. Date: Nov. 5, 2020), in view of YANG et al. (US 2025/0254045, priority Apr. 2, 2024), hereinafter referred to as Nagpal and YANG. As per claim 1, Nagpal teaches a system for sensitive data leakage prevention (The present disclosure relates generally to information security, and more specifically to data loss prevention using machine learning. Nagpal, [0002]), the system comprising: a computing platform including a memory and at least one computing processor device in communication with the memory, wherein the memory stores a sensitive data leakage prevention system that is executable by one or more of the at least one computing processor devices (Nagpal, FIG. 1) and includes: a data collection engine configured to (i) receive, from a plurality of data sources, data sets comprising data and designated for computing network transmission (302-RECEIVE DATA, Nagpal, FIG. 3) and (ii) segregate the data within the data sets based on data type (304-IDENTIFY THE CONTENT OF THE DATA, Nagpal, FIG. 3), wherein data type includes document data and image data (For example, the disclosed system is able to distinguish between a document that contains restricted types of images and a document that contains other types of images. Nagpal, [0006]); Nagpal does not teach detecting ciphertext, YANG however teaches a cryptography engine configured to scan (i) first textual datum extracted from the document data and (ii) second textual data extracted from the image data to detect ciphertext within the document data and the image data (The data includes but is not limited to: video data, audio data, image data, document data, etc. Further, a pre-trained data encryption discriminative model may be also stored in the database 101. When the computer device is required to detect encrypted data, whether the communication data is encrypted data may be determined by the data encryption discriminative model. YANG, [0027]); Nagpal in view of YANG are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Nagpal in view of YANG. This would have been desirable because a current method for performing encryption detection on communication data offers single analysis on the communication data, there is still room for improvement in corresponding effectiveness of the encryption detection on the communication data. (YANG, [0004]). Nagpal in view of YANG further teaches a machine learning engine including one or more machine learning models trained on supervised and unsupervised learning and configured to analyze the first and second textual datum to determine a data classification for each first and second textual datum within the data (The disclosed system is trained using machine learning to identify restricted types of data within images and text of a document. In other words, the system is trained to identify different types and classes of restricted text and images. Nagpal, [0013]), wherein the data classification is selected from a group consisting of (i) public data, (ii) private data and (iii) confidential data (Examples of text types include, but are not limited to, personal information, product information, client information, information technology information, confidential information, financial information, network configuration information, account information, general information, addresses, or any other suitable class of text. Nagpal, [0018]); a deep learning engine including one or more deep learning models that self-train and are configured to identify emerging data points that impact data classification and continuously feed the emerging data points to the machine learning models (the data loss prevention engine 104 may be configured to autonomously train itself to identify new restricted data types while processing data. For example, over time while the data loss prevention engine 104 is analyzing data 103, the data loss prevention engine 104 may identify restricted data types that have not been previously identified or stored as a known restricted data type. In this example, the data loss prevention engine 104 improves the operation of the system 100 by adapting to recognize new types of restricted data types that may lead to data loss or other types of attacks. Nagpal, [0019]); and an intelligence engine configured to receive outputs from (i) the cryptography engine including detected ciphertext within the document data and the image data, (ii) the machine learning engine and (iii) the deep learning engine (In one embodiment, the data loss prevention engine 104 may be further configured to analyze text within images that are in the data 103 for restricted text. For example, the data loss prevention engine 104 may determine that the data 103 comprises an image that contains a table with personal information which corresponds with a personal information text type. The data loss prevention engine 104 may identify text within an image and may perform a process similar to the process described in step 306 to determine whether the image contains any restricted text. Nagpal, [0033]) and analyze the outputs to determine a level of sensitive data leakage attributed to each data set (Examples of content types may include, but are not limited to, personal, confidential, product information, client information, business, legal, engineering, research and development, information technology, or any other suitable classification type. In one embodiment, the data loss prevention engine 104 compares the determined content type to a set of previously sent content types to determine whether the content type matches one of the previously sent content types. The data loss prevention engine 104 determines that the content type of the data 103 is normal for the sender network device 102 when the content type matches one of the previously sent content types. The data loss prevention engine 104 determines that the content type of the data 103 is abnormal for the sender network device 102 when the content type does not match any of the previously sent content types. In another embodiment, the data loss prevention engine 104 compares the determined content type to a set of restricted content types to determine whether the content type matches one of the restricted content types. Nagpal, [0035]). As per claim 2, Nagpal in view of YANG teaches the system of Claim 1, wherein intelligence engine is further configured to determine, within real-time of the data collection engine receiving the data set, whether the data set should be prohibited from transmission to an intended data recipient based on the level of sensitive data leakage attributed to the data set (314- BLOCK TRANSMISSION OF THE DATA, Nagpal, FIG. 3). As per claim 4, Nagpal in view of YANG teaches the system of Claim 1, wherein the sensitive data leakage prevention system further comprises: a processing engine configured to receive the data sets in unstructured format and normalize the data sets including reformatting the datasets to a structured format ingestible by the cryptography engine, the machine learning engine, the deep learning engine, and the intelligence engine (YANG, [0070]-[0073]). Nagpal in view of YANG are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Nagpal in view of YANG. This would have been desirable because efficiency of extracting the transmission data can be improved, and preparation is made for next data preprocessing (YANG, [0069]). As per claim 6, Nagpal in view of YANG teaches the system of Claim 4, wherein the processing engine is further configured to: identify noisy data in the data set that remains unstructured after normalizing the data set, and filter the noisy data from the data set prior to processing by the cryptography engine, the machine learning engine, the deep learning engine, and the intelligence engine (YANG, [0174]). Nagpal in view of YANG are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Nagpal in view of YANG. This would have been desirable because data deduplication (that is, removal of duplicated data) and data cleaning (removal of an abnormal value, removal of a missing value, etc.) on an output result of the data analyzing module, and the communication data (YANG, [0146]). As per claim 7, Nagpal in view of YANG teaches the system of Claim 1, wherein the data collection engine configured to receive, from a plurality of data sources, the data sets, wherein the plurality of data sources include (i) one or more cloud storages, (ii) one or more data centers, (iii) one or more mass storage devices and (iv) one or more messaging service applications (Nagpal, [0029], [0016]). As per claim 8, Nagpal in view of YANG teaches the system of Claim 1, wherein the sensitive data leakage prevention system further comprises: an optical character recognition engine configured to extract the second textual datum from the image data, and a document engine configured to extract the first textual datum from the document data (Nagpal, [0030]). Claims 10, 11, 13, 15-17, and 19 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of obviousness as used above. Allowable Subject Matter Claims 3, 5, 9, 12, 14, 18, and 20 are indicated as allowable over prior art. The following is a statement of reasons for the indication of allowable subject matter: None of cited by Examiner references teaches limitations as currently presented in Claims 3, 5, 9, 12, 14, 18, and 20. As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with. See 37 CFR 1.111(b) and MPEP § 707.07(a). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938. The examiner can normally be reached on Monday-Friday 7:30am - 5:00pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /OLEG KORSAK/ Primary Examiner, Art Unit 2492 /RUPAL DHARIA/ Supervisory Patent Examiner, Art Unit 2492