CTNF 18/949,237 CTNF 83789 DETAILED ACTION This office action is in response to the original application filed on September 20, 2024. Notice of Pre-AIA or AIA Status 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Claims 1-20 are pending. Double Patenting 08-33 AIA The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg , 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman , 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi , 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum , 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel , 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington , 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA/25, or PTO/AIA/26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. 08-35 AIA Claim s 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claim s 1-20 of copending Application No. 18/949,281 . Although the claims at issue are not identical, they are not patentably distinct from each other because the instant application and ‘281 are directed to a method of monitoring of sensitive data/data processing across entity infrastructures . This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Claim Rejections - 35 USC § 102 07-07-aia AIA 07-07 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – 07-08-aia AIA (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. 07-15 AIA Claim s 1, 3-6, 8-9, 11-14 and 16-20 are rejected under 35 U.S.C. 102( a)(1 ) as being anticipated by Forman (US Pub. No. 2010/0083346) . As per claim 1 Forman discloses: A system for heightened data security via interconnected monitoring of data processes across entity infrastructures, the system comprising: a network interface configured to communicate via a communication network; (paragraph 56 of Forman, scanning application 250 receives the screening digests and a matching criterion as part of information 122 ( preferably via network interface 252 ), and uses this information to identify matching documents, files or other data units). At least one non-transitory storage device comprising computer program code stored thereon; and at least one processing device operably coupled to the network interface and the at least one non-transitory storage device, wherein the computer program code comprises computer instructions configured to cause the processing device to: (paragraph 88 of Forman, the present invention also relates to machine-readable media on which are stored program instructions for performing the methods and functionality of this invention ). Connect to, using the network interface, entity storage devices via the communication network, wherein each entity storage device of the entity storage devices is associated with an associated entity of a plurality of associated entities; (paragraph 15 of Forman, certain of an enterprise's data-processing devices 13-18, primarily the laptop computers 16 might connect irregularly to the network 20. For example, an employee typically would connect his or her laptop computer 16 to the network 20 (either wirelessly or using a hardwired connection) while in the office, and then disconnect the laptop computer 16 when traveling or otherwise working remotely ). Extract one or more data entries from a first entity storage device of a first entity of the plurality of associated entities; (paragraph 59 of Forman, in step 301 scanning application 250 retrieves a file. For example, in the "system scan" mode, scanning application 250 preferably just retrieves the next file on the hard disk or other mass storage device 254, while in the "scan on save" or "scan on transfer" modes, the retrieved file is the one that triggered the scan ). Search the entity storage devices for a match to at least one data entry of the one or more data entries; (paragraph 1 of Forman, the present invention pertains to systems, methods and techniques for scanning information across different devices and is useful, e.g., in scanning enterprise personal computers for designated sensitive data ) and (paragraph 64 of Forman, in step 308, a determination is made as to whether the subject data unit satisfies the specified matching criterion (or one of the matching criteria, if more than one has been provided). As noted above, in certain embodiments, any single match is adequate to satisfy the matching criterion ). Transmit, using the network interface and in response to finding the match to the at least one data entry while searching the entity storage devices, a notification to the first entity of the match to the at least one data entry via the communication network. (Paragraph 65 of Forman, in step 310, characteristic information regarding the data unit satisfying the matching criterion is transmitted to the central processing facility 110, together with any metadata. Such characteristic information can include, e.g., the entire data unit itself, just the full (e.g., cryptographic) scan digests from which the corresponding matching abbreviated scan digests were generated in step 305, or just those ones of the full scan digests that correspond to actual matches ). Claims 9 and 17 are rejected under the same reason set forth in rejection of claim 1. As per claim 3 Forman discloses: The system of claim 1, wherein the one or more data entries comprises one or more sensitive data entries. (Paragraph 1 of Forman, the present invention pertains to systems, methods and techniques for scanning information across different devices and is useful, e.g., in scanning enterprise personal computers for designated sensitive data ). Claims 11 and 18 are rejected under the same reason set forth in rejection of claim 3. As per claim 4 Forman discloses: The system of claim 3, wherein the one or more sensitive data entries are encrypted prior to extraction from the first entity storage device. (Paragraph17 of Forman, several different approaches can be employed to enforce policies pertaining to sensitive data items (SDIs). In addition, different approaches can be combined into a single information security system. One example is information security system 50 shown in FIG. 2. Generally speaking, system 50 contemplates a number of different storage locations, such as locations 52-55. Although shown as discrete locations 52-55, in practice the storage locations typically will be arranged in a hierarchy, e.g., with a device's hard drive divided into folders and subfolders, potentially having different properties (e.g., encryption, user access and/or availability over the network 10); however, it should be noted that one or more of the locations 52-55 could be a single folder or even a single file ). Claims 12 and 19 are rejected under the same reason set forth in rejection of claim 4. As per claim 5 Forman discloses: The system of claim 4, wherein each of the encrypted one or more sensitive data entries comprises an associated hash, and wherein the at least one non-transitory storage device comprises computer-executable program code that, when executed by the at least one processing device, causes the at least one processing device to, when searching the entity storage devices, search the entity storage devices for a match to associated hashes of the encrypted one or more sensitive data entries. (paragraph 56 of Forman, scanning application 250 receives the screening digests and a matching criterion as part of information 122 (preferably via network interface 252), and uses this information to identify matching documents, files or other data units ) and (paragraph 42 of Forman, in step 162 a screening digest (or hash) preferably is generated for each of the designated chunks 220. It is noted that the terms "digest" and "hash" are used interchangeably herein and refer to a relatively short, typically fixed-length, string that is generated in a fixed, predetermined manner and is representative of some source data, typically having been calculated across all of such source data ). Claims 3 and 20 are rejected under the same reason set forth in rejection of claim 5. As per claim 6 Forman discloses: The system of claim 5, wherein the encrypted one or more sensitive data entries are associated with a user, and wherein the user is able to view one or more unencrypted versions corresponding to the encrypted one or more sensitive data entries. (Paragraph17 of Forman, several different approaches can be employed to enforce policies pertaining to sensitive data items (SDIs). In addition, different approaches can be combined into a single information security system. One example is information security system 50 shown in FIG. 2. Generally speaking, system 50 contemplates a number of different storage locations, such as locations 52-55. Although shown as discrete locations 52-55, in practice the storage locations typically will be arranged in a hierarchy, e.g., with a device's hard drive divided into folders and subfolders, potentially having different properties (e.g., encryption, user access and/or availability over the network 10); however, it should be noted that one or more of the locations 52-55 could be a single folder or even a single file ). Claim 14 is rejected under the same reason set forth in rejection of claim 6. As per claim 8 Forman discloses: The system of claim 1, wherein the notification comprises: the match to the at least one data entry; data events associated with the at least one data entry; and one or more data processes associated with entity storage devices comprising the matching at least one data entry. (paragraph 64 of Forman, in step 308, a determination is made as to whether the subject data unit satisfies the specified matching criterion (or one of the matching criteria, if more than one has been provided). As noted above, in certain embodiments, any single match is adequate to satisfy the matching criterion ). Claim 16 is rejected under the same reason set forth in rejection of claim 8 . Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. . 07-20-02-aia AIA This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 07-21-aia AIA Claim s 2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Forman (US Pub. No. 2010/0083346) in view of Satish (US 8,250,085) . As per claim 2: Forman teaches the method of scanning/searching sensitive data across different devices (see paragraph 1 of Forman) but fails to disclose: The system of claim 1, wherein the at least one non-transitory storage device comprises computer-executable program code that, when executed by the at least one processing device, causes the at least one processing device to, prior to connecting to the entity storage devices: transmit, using the network interface, to each associated entity of the plurality of associated entities, an agreement authorizing access to other entity storage devices via the communication network; and receive, via the communication network, an acceptance of the agreement for each associated entity of the plurality of associated entities. However, in the same field of endeavor, Satish teaches this limitation as, (column 4, line 55-64 of Satish, organization requesting the fingerprint sharing feature, the customer database 206 may store the name 210 of the organization and a unique customer ID 208 assigned to the organization. In addition, the customer database 206 may specify whether the organization has agreed to sharing fingerprints (column 212) and to allowing the detection of external sensitive data (column 214). It should be noted that the format of the customer database 206 is shown in FIG. 2 for illustration only and is not intended to limit the scope of the present disclosure in any way ). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Forman and include the above limitation using the teaching of Satish in order to allow to publish fingerprints of sensitive data at other devices and to receive reports specifying the detection of sensitive data (see column 4, line 42-50 of Satish). Claim 10 is rejected under the same reason set forth in rejection of claim 2 . 07-21-aia AIA Claim s 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Forman (US Pub. No. 2010/0083346) in view of Huang (US Pub. No. 2006/0272024) . As per claim 7: Forman teaches the method of scanning/searching sensitive data across different devices (see paragraph 1 of Forman) but fails to disclose: The system of claim 6, comprising a user dashboard comprising: a plurality of interactive environments; one or more sensitive data entries associated with the user; and notices of data events comprising the one or more sensitive data entries associated with the user. However, in the same field of endeavor, Huang teaches this limitation as, ( see fig. 9 of Huang ). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Forman and include the above limitation using the teaching of Huang in order to enhance the communication of security violations of the system with user (see paragraph 53 of Huang). Claim 15 is rejected under the same reason set forth in rejection of claim 7. Conclusion The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Scheiblauer (US Pub. No. 2018/0337778). Scheiblauer’s reference discloses: A method implemented in a computing system hosting a three-dimensional virtual reality world. The computer system stores a set of searchable records, each having: a searchable hash of at least a portion of personally identifiable information; and an encrypted identity, decryptable using an encryption key generated based at least in part on the searchable hash and a global key. In response to a search request identifying at least a portion of personally identifiable information as a search criterion, the computer system generates a hash of the search criterion, and finds a matching searchable record that has a searchable hash equal to the hash computed from the search criterion. An encryption key is computed based on the global key and the matched searchable record to decrypt an encrypted identity of a user having at least the portion of personally identifiable information that is the search criterion in the search request. Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /TESHOME HAILU/Primary Examiner, Art Unit 2434 Application/Control Number: 18/949,237 Page 2 Art Unit: 2434 Application/Control Number: 18/949,237 Page 3 Art Unit: 2434 Application/Control Number: 18/949,237 Page 4 Art Unit: 2434 Application/Control Number: 18/949,237 Page 5 Art Unit: 2434 Application/Control Number: 18/949,237 Page 6 Art Unit: 2434 Application/Control Number: 18/949,237 Page 7 Art Unit: 2434