SYSTEM AND METHOD FOR AGENTLESS DETECTION OF SENSITIVE DATA ON MANAGED DATABASES

§103 §112 §DP

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION The Action is responsive to the Amendments and Remarks filed with the Request for Continued Examination on 3/10/2026. Claims 1-21 are pending claims. Claims 1, 11, and 12 are written in independent form. Priority Acknowledgment is made of a claim for priority as a Continuation of Application 18/049096, filed 10/24/2022, which claims priority from Provisional Application 63/377400, filed 9/28/2022. Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1-21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. Independent Claims 1, 11, and 12 contain the subject matter “wherein the rendered output groups data objects sharing the data schema” which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.It is not clearly stated in the written description any grouping action in the output of data objects sharing the data schema.It is noted that while Applicant states in the Remarks dated 3/10/2026 that “ample support for the amended subject matter may be found, for examples, in paragraphs [0033], [0036]-[0038], [0060], [0067], and [0073]-[0078] of the Applicant’s specification”, the cited paragraphs, nor the rest of Applicant’s specification, do not appear to recite the output grouping data objects sharing the data schema. It is noted that the terms “group”, “grouped” or “grouping” are not even used anywhere in Applicant’s specification let alone in the context of a rendered output.The closest support that could be found with respect to the limitation at issue is Applicant’s specification states that “In some embodiments, the security graph 400 is further traversed, to determine if a data file node is connected to a cluster node. If the data file node is connected to a data cluster node, such as data cluster node 450, the data cluster node 450 may be provided as an output to the query, in lieu of providing the first data file node 440-1, the second data file node 440-2, and the third data file node 440-M, each of which include thereon sensitive data, as indicated, for example, by a metadata value stored thereon.” (Paragraph [0078]) where “Each data file node 440-1 through 440-M, where ‘M’ is an integer having a value of ‘3’ or greater, represents a data file which shares a schema, the schema represented by the data schema node 410.” (Paragraph [0073]). However, outputting an already grouped/clustered data objects that share a schema is not the same as the output grouping data objects sharing the data schema.For purposes of compact prosecution, the claim limitation is being interpreted as “wherein the rendered output comprises a group of [[groups]] data objects sharing the data schema” in light of Paragraphs [0073] and [0078] of the Specification and Figure 2. Dependent Claims 2-10 and 13-21 inherit the deficiencies of their parent claims and are therefore being rejected based upon the same reason(s) stated for their parent claims. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of U.S. Patent No. 12,182,172. Although the claims at issue are not identical, they are not patentably distinct from each other because every limitation in the present application claims is similar to a limitation recited in U.S. Patent No. 12,182,172 with the distinction that Claims 1, 11, and 12 of the present application include: the limitation of “extract a plurality of data files from the database service of a cloud computing environment” in place of the limitation in U.S. Patent No. 12,182,172 reciting “generating a snapshot from the managed database service of a cloud computing environment, the snapshot including a plurality of data files”. the clarification that “classifying of the first data object is based on performing a natural language processing (NLP) technique on the content of the first data object, wherein the content is classified as sensitive data or nonsensitive data based on a result of the NLP technique” in place of the limitation of U.S. Patent No. 12,182,172 reciting “classifying the first data object based on the content, wherein the content is classified as sensitive data or non-sensitive data”. The clarification of “rendering an output based on the classification and the representation of the data schema in response to receiving the query, wherein the rendered output comprises a group of data objects sharing the data schema” in place of the limitation of U.S. Patent No. 12,182,172 reciting “rendering an output based on the classification and the data schema node in response to receiving a query to detect a node representing a data object classified as sensitive data”. However, these are considered to be obvious variations between the present application and U.S. Patent No. 12,182,172 because in (a) both are extracting data files from the database service of a cloud computer environment, in (b) both are performing classification of sensitive or non-sensitive data based on analyzing the content of the first data object and the non-descript NLP technique recited in the present application claims is only loosely recited as being performed “on the content of the first data object” as a broad manner of analyzing in the present claims, and in (c) both are understood as rendering an output that comprises a group of data objects that share the data schema. Present Application Claims Corresponding Claims in U.S. Patent No. 12,182,172 Claim 1 Claim 1 Claim 2 Claim 2 Claim 3 Claim 3 Claim 4 Claim 4 Claim 5 Claim 5 Claim 6 Claim 6 Claim 7 Claim 7 Claim 8 Claim 8 Claim 9 Claim 9 Claim 10 Claim 10 Claim 11 Claim 11 Claim 12 Claim 12 Claim 13 Claim 13 Claim 14 Claim 14 Claim 15 Claim 15 Claim 16 Claim 16 Claim 17 Claim 17 Claim 18 Claim 18 Claim 19 Claim 19 Claim 20 Claim 20 Claim 21 Claim 21 Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Nijjar (U.S. Patent No. 9,069,983) and further in view of Joshi et al. (U.S. Pre-Grant Publication No. 2020/0125746, hereinafter referred to as Joshi). Regarding Claim 1: Nijjar teaches a method for agentless detection of sensitive data in a cloud computing environment and rendering the same for display, comprising: Accessing a database service; Nijjar teaches “a computer (e.g., the computer 300 of Fig. 3) may host one or more virtual machines (e.g., the virtual machines 114 of Fig. 1) that interface with one or more computer users” (Col. 14 Lines 27-41) and, in relation to figure 3, “the operation system 308 generally manages various computer resources (e.g., network resources, data storage resources, file system resources and/or the like)” (Col. 8 Lines 8-10). Therefore, Nijjar teaches accessing a database service via operation system 308 which manages various computer resources including data storage resources. Extracting a plurality of data files from the database service of a cloud computing environment; Nijjar teaches “a snapshot for the virtual machine is created and started” and “in some embodiments, the DLP module calls various virtualization functions using one or more processors to generate a snapshot (e.g., the snapshot 420 of Fig. 4) of the frozen virtual machine in memory at the computer” (Col. 14 Line 56 – Col. 15 Line 3) thereby teaching extracting data files for the snapshot via calling various virtualization functions to generate the snapshot. Detecting a first data object in the plurality of data files, the first data object including a content; Nijjar teaches “at step 508, the data objects are examined” (Col. 13 Lines 10-26). Nijjar further teaches “if the DLP module identifies a portion of any data object that exceeds a certain threshold sensitivity level as defined in the DLP policy, the DLP module uses the one or more processors to perform one or more remediate techniques on the virtual disk that includes the identified object” (Col. 13 Lines 27-37]). Therefore, Nijjar teaches detecting a data object including the content of the data object for classification as sensitive information. Classifying the first data object based on performing a natural language processing (NLP) technique on the content of the first data object, wherein the content is classified as sensitive data or non-sensitive data based on a result of the NLP technique; and Nijjar teaches classifying particular data objects as sensitive information by applying “the DLP policy to the one or more data objects to assess sensitivity levels for various portions of the one or more data objects” where “if the DLP module identifies a portion of any data object that exceeds a certain threshold sensitivity level as defined in the DLP policy, the DLP module uses the one or more processors to perform one or more remediate techniques on the virtual disk that includes the identified object” (Col. 13 Lines 27-37]). Therefore, Nijjar teaches classifying data objects based on the content of the data object being classified as sensitive or non-sensitive data;Nijjar further teaches the classifying of a data object by performing a natural language processing technique on the content of the data object by teaching “the DLP policy 320 includes one or more unique patterns (e.g., collections of words) that are used to distinguish sensitive information 328 from any other information..[and] may define one or more word patterns (e.g., ‘Security Exchange Filing’) that specify various data having a very high sensitivity level” where “the DLP module 116 may examine the DLP policy 118 to determine a current sensitivity level of one or more data objects that include the sensitive information 328 of the data objects 326” (35) and in an example that “DLP module 318 examines a MICROSOFT word file and identifies a string ‘confidential and/or Privileged Information’. Based on the DLP policy 320, the identification of such a string represents a very strong likelihood that the file includes very sensitive information” (36). Nijjar explicitly teaches all of the elements of the claimed invention as recited above except: A data object including a data schema; Generating a representation in a security database to represent: the first data object and the classification thereof, and the data schema, wherein the security graph further includes a representation of the cloud computing environment; Detecting a second data object in the plurality of data files, the second data object sharing the data schema of the first data object; Generating in the security database: a second representation of a data object representing the second data object; Connecting the data schema representation to: the second data object representation and the generated representation of the first data object, in response to detecting the shared data schema; Receiving a query to detect a representation of a data object classified as sensitive data; and Rendering an output based on the classification and the representation of the data schema in response to receiving the query, Wherein the rendered output groups data objects sharing the data schema. However, in the related field of endeavor of sensitive data discovery, Joshi teaches: A data object including a data schema; and Joshi teaches “contextual information for a database object may include…schema-level context” (Para. [0089]). Generating a representation in a security database to represent: the first data object and the classification thereof, and the data schema, wherein the security graph further includes a representation of the cloud computing environment. Joshi teaches “a hierarchical regex may be stored and/or represented as a tree structure or a directed graph comprising a set of nodes and edges” and “SDDE 106 may traverse the tree structured during the evaluation process…to determine the search patterns to use when scanning data objects for sensitive data” (Para. [0087]). Joshi further teaches “a parent node in a hierarchy corresponds to a generic regex. Nodes that are children of the parent nodes are referred to as specific regexes. A generic regex defines a generic or broader pattern to search for in comparison to the child nodes. The specific regexes in the hierarchy may define more specific or narrower patterns for which to search. For example, a generic node in the hierarchy may define a regex as follows “(?i)credit.*number.” A more specific regex in the hierarchy may define the regex “(?i)credit*.card*.number”. As can be seen, the specific regex added the literal subexpression “card” in between two other subexpressions “credit” and “number” of the generic regex.” (Para. [0083]). As mentioned in the previous limitation, Joshi teaches the first data object including a data schema (Para. [0089]). Therefore, Joshi teaches a node in the hierarchical regex to represent a first data object and the classification as sensitive data, and the data schema. Detecting a second data object in the plurality of data files, the second data object sharing the data schema of the first data object; Joshi teaches “a parent node in a hierarchy corresponds to a generic regex. Nodes that are children of the parent nodes are referred to as specific regexes. A generic regex defines a generic or broader pattern to search for in comparison to the child nodes. The specific regexes in the hierarchy may define more specific or narrower patterns for which to search. For example, a generic node in the hierarchy may define a regex as follows “(?i)credit.*number.” A more specific regex in the hierarchy may define the regex “(?i)credit*.card*.number”. As can be seen, the specific regex added the literal subexpression “card” in between two other subexpressions “credit” and “number” of the generic regex.” (Para. [0083]). Joshi further teaches “a hierarchical regex may be stored and/or represented as a tree structure or a directed graph comprising a set of nodes and edges” and “SDDE 106 may traverse the tree structured during the evaluation process…to determine the search patterns to use when scanning data objects for sensitive data” (Para. [0087]). Therefore, Joshi teaches adding a data structure of an object to the hierarchical regex to represent the data object and the classification as sensitive data, and then using that data structure in the regex to detect future data objects that are similar or the same in structure. Generating in the security database: a second representation of a data object representing the second data object; Joshi further teaches “a parent node in a hierarchy corresponds to a generic regex. Nodes that are children of the parent nodes are referred to as specific regexes. A generic regex defines a generic or broader pattern to search for in comparison to the child nodes. The specific regexes in the hierarchy may define more specific or narrower patterns for which to search. For example, a generic node in the hierarchy may define a regex as follows “(?i)credit.*number.” A more specific regex in the hierarchy may define the regex “(?i)credit*.card*.number”. As can be seen, the specific regex added the literal subexpression “card” in between two other subexpressions “credit” and “number” of the generic regex.” (Para. [0083]). Therefore, Joshi teaches a node in the hierarchical regex to represent a data object and the classification as sensitive data. Connecting the data schema representation to: the second data object representation and the generated representation of the first data object, in response to detecting the shared data schema; Joshi teaches “In addition or as an alternative to table-level contexts, SDDE 106 may analyze other contexts. For example, SDDE 106 may determine whether objects in the same schema and/or database are mapped to the same sensitive group classifier.” (Para. [0092]) thereby teaching having connected, or mapped, objects after determining the objects as being in the same schema and/or database. Receiving a query to detect a representation of a data object classified as sensitive data; and Joshi teaches “a query analytic system receives a set of one or more queries that accesses data from a set of data objects” (Abstract) and “sensitive data is detected by searching for data and/or metadata that match a set of regular expressions.” (Para. [0046]). Rendering an output based on the classification and the representation of the data schema in response to receiving the query, Joshi teaches ““a hierarchical regex may be stored and/or represented as a tree structure or a directed graph comprising a set of nodes and edges” and “SDDE 106 may traverse the tree structured during the evaluation process…to determine the search patterns to use when scanning data objects for sensitive data” (Para. [0087]) thereby teaching a query to detect a node representing a data object classified as sensitive. Joshi further teaches rending an output based on a request/query by teaching “information about the second object may be displayed when information about related objects is requested for the first object” (Para. [0052]). Wherein the rendered output a group of data objects sharing the data schema. Joshi teaches an output that groups data objects sharing the data schema by teaching displaying an output based on a request/query where “when a relationship between two objects is detected, the query analytic system stores an indication of the relationship even though there may be no explicitly defined relationship within the database” and “information about the second object may be displayed when information about related objects is requested for the first object” (Para. [0052]). Therefore, the displayed output groups the second and first data objects that have the identified relationship. Thus, it would have been obvious to one of ordinary skill in the art, having the teachings of Joshi and Nijjar at the time that the claimed invention was effectively filed, to have modified the systems and methods for protecting sensitive information form disclosure through virtual machine files, as taught by Nijjar, with the use of comparing data structures in addition to content of data objects, as taught by Joshi. One would have been motivated to make such combination because Joshi teaches generating confidence scores “as a function of multiple factors, which may help reduce false positives and/or false negatives when classifying data objects as sensitive” (Para. [0048]) and it would be obvious to a person having ordinary skill in the art that it would be beneficial to improve the accuracy and precision of classifying sensitive data objects by reducing false positives and/or false negatives. Regarding Claim 2: Joshi and Nijjar further teach: Detecting that a workload deployed in the cloud computing environment stores data in the database service. Joshi teaches “RDE 108 determines which of a set of one or more operations to use to discover relationships” where “examples operations may include…analyzing workload repository” (Para. [0183]) Regarding Claim 3: Joshi and Nijjar further teach: Receiving access credentials for the database service, the access credentials providing access to the plurality of data files. Joshi “These managed applications may be authenticated or plugged in to the microservices manager, for example, with user-supplied application credentials to the manager, without requiring reauthentication each time the managed application is used alone or in combination with other applications” (Para. [0265]) Regarding Claim 4: Joshi and Nijjar further teach: Inspecting only a portion of the plurality of data files for a data object. Joshi teaches “in one or more embodiments, in a multi-tenant computer network, tenant isolation is implemented to ensure that the applications and/or data of different tenants are not shared with each other. Various tenant isolation approaches may be used.” (Para. [0257]) thereby teaching inspecting only a portion of the plurality of data files for a data object. Regarding Claim 5: Joshi and Nijjar further teach: Classifying the first data object further based on any one of: the data schema, the content, a metadata, and any combination thereof. Nijjar teaches classifying particular data objects as sensitive information by applying “the DLP policy to the one or more data objects to assess sensitivity levels for various portions of the one or more data objects” where “if the DLP module identifies a portion of any data object that exceeds a certain threshold sensitivity level as defined in the DLP policy, the DLP module uses the one or more processors to perform one or more remediate techniques on the virtual disk that includes the identified object” (Col. 13 Lines 27-37]). Therefore, Nijjar teaches classifying data objects based on the content of the data object being classified as sensitive or non-sensitive data; Nijjar further teaches that “the virtual machine files 108 may includes various data objects 110 (e.g., file system objects, such as data files, directories and/or metadata)” (Col. 5 Lines 39-52) thereby teaching classifying the data object based on metadata. Joshi teaches “SDDE 106 is configured to automatically search for and discover data using a set of data and/or metadata regexes” (para. [0070]) where “a hierarchical regex may be stored and/or represented as a tree structure or a directed graph comprising a set of nodes and edges” and “SDDE 106 may traverse the tree structured during the evaluation process…to determine the search patterns to use when scanning data objects for sensitive data” (Para. [0087]). Therefore, Joshi teaches using the schema/data structure for classifying data objects. Regarding Claim 6: Joshi and Nijjar further teach: Extracting from the first data object a file header and a plurality of data blocks. Nijjar teaches “the mapping information 316 may include an extent…for each and every addressable data block associated with the data objects 326 within the one or more virtual disks” (Col. 8 Line 40-61) and “the DLP module processing the mapping information to perform an address scan of the one or more virtual disks in which each logical portion (e.g., data block) of the one or more data objects is examined” (Col. 13 Line 10-26). Nijjar also teaches “the DLP module issues read operations for various metadata blocks” (Col. 12 Line 56 – Col. 13 Line 9) thereby teaching extracting a file header in order to access the metadata blocks about the data objects. Regarding Claim 7: Joshi and Nijjar further teach: Classifying sensitive data further as any one of: personal identifiable information (PII), Personal health information (PHI), Payment card industry (PCI), and any combination thereof. Joshi teaches “SDDE 106 is configured to analyze and classify data objects that include sensitive data. Sensitive data may include, but is not limited to, personal credit information (PCI), personal identifying information (PII), personal health information (PHI), trade secrets, and/or other confidential information.” (Para. [0060]) Regarding Claim 8: Joshi and Nijjar further teach: Initiating a mitigation action in response to determining that the content is classified as sensitive data. Joshi teaches “data security operations may be performed based on the confidence scores assigned to data objects” where “example data security operation may include…data deletion” and “one or more operations may be automatically triggered against a data object if there is a high level of confidence that the data object stores sensitive data” (Para. [0050]) Regarding Claim 9: Joshi and Nijjar further teach: initiating the mitigation action in response to determining that the content is classified as sensitive data deployed on a data object in a cloud computing environment which is unauthorized for storing sensitive data. Joshi teaches “the techniques for automatically detecting sensitive data may be combined with the techniques for automatically discovering relationships between data objects to bolster data security in a cloud or other network environment” (Para. [0053]) and “DPE 110 may automatically delete sensitive data. For example, SDDE 106 may monitor uploads to a cloud environment for sensitive data of a particular sensitive type” (Para. [0173]). Joshi further teaches that the cloud computing environment is unauthorized for storing sensitive data because the sensitive data is deleted, which indicates that the cloud or other network environment is not authorized for storing the particular sensitive data. Regarding Claim 10: Joshi and Nijjar further teach: Wherein the mitigation action further comprises: configuring a storage service to delete the first data object; and Joshi teaches “the techniques for automatically detecting sensitive data may be combined with the techniques for automatically discovering relationships between data objects to bolster data security in a cloud or other network environment” (Para. [0053]) and “DPE 110 may automatically delete sensitive data. For example, SDDE 106 may monitor uploads to a cloud environment for sensitive data of a particular sensitive type” (Para. [0173]). Deleting the first data object. Joshi teaches “the techniques for automatically detecting sensitive data may be combined with the techniques for automatically discovering relationships between data objects to bolster data security in a cloud or other network environment” (Para. [0053]) and “DPE 110 may automatically delete sensitive data. For example, SDDE 106 may monitor uploads to a cloud environment for sensitive data of a particular sensitive type” (Para. [0173]). Regarding Claim 11: Some of the limitations herein are similar to some or all of the limitations of Claim 1. Joshi and Nijjar further teach: A non-transitory computer-readable medium storing a set of instructions for agentless detection of sensitive data in a cloud computer environment and rendering the same for display, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a device cause the device to perform steps (Nijjar – Claim 10 & Joshi – Para. [0291])). Regarding Claim 12: Some of the limitations herein are similar to some or all of the limitations of Claim 1. Joshi and Nijjar further teach a system for agentless detection of sensitive data in a cloud computing environment and rendering the same for display, comprising: One or more processors configured to perform steps (Nijjar – Col. 7 Line 54 – Col. 8 Line 7 and Joshi – Para. [0280]). Regarding Claim 13: All of the limitations herein are similar to some or all of the limitations of Claim 2. Regarding Claim 14: All of the limitations herein are similar to some or all of the limitations of Claim 3. Regarding Claim 15: All of the limitations herein are similar to some or all of the limitations of Claim 4. Regarding Claim 16: All of the limitations herein are similar to some or all of the limitations of Claim 5. Regarding Claim 17: All of the limitations herein are similar to some or all of the limitations of Claim 6. Regarding Claim 18: All of the limitations herein are similar to some or all of the limitations of Claim 7. Regarding Claim 19: All of the limitations herein are similar to some or all of the limitations of Claim 8. Regarding Claim 20: All of the limitations herein are similar to some or all of the limitations of Claim 9. Regarding Claim 21: All of the limitations herein are similar to some or all of the limitations of Claim 10. Response to Amendment Applicant’s Amendments, filed on 3/10/2026, are acknowledged and accepted. Response to Arguments On page 1 of the Remarks filed on 3/10/2026, Applicant argues, with respect to the Double Patenting rejection, that “the ’172 claims affirmatively require “generating a snapshot from the managed database service … the snapshot including a plurality of data files” (’172 claim 1), and all subsequent operations in the ’172 claim set are performed on that snapshot. By contrast, present claims 1, 11, and 12 require “extracting a plurality of data files from the database service of a cloud computing environment” and contain no “snapshot” requirement. The snapshot step in the ’172 claims is not a semantic restatement of extraction: it is a point-in-time managed-service operation that yields a distinct artifact and access path. Omitting that snapshot in favor of direct extraction from the database service defines a different pipeline with different concurrency, access-control, and consistency tradeoffs.”.Applicant’s argument is not convincing because generating a snapshot including a plurality of data files from the database service of a cloud computer environment, in its broadest reasonable interpretation, is understood as being substantially similar to extracting a plurality of data files from the database service of a cloud computer environment since the snapshot cannot be generated to include “a plurality of data files” without extracting the “plurality of data files” and both limitations are including the same recitation of “a plurality of data files” from the same “database service of a cloud computer environment”. On pages 1-2 of the Remarks filed on 3/10/2026, Applicant argues, with respect to the Double Patenting rejection, that “the present independent claims now positively require “classifying the first data object based on performing a natural language processing (NLP) technique on the content of the first data object,” making NLP the mechanism that drives the sensitive/non-sensitive determination. The ’172 claims merely require “classifying … based on the content,” without requiring any NLP. Replacing an unspecified content classifier with a specific NLP technique (e.g., embedding-based semantic analysis as disclosed at Spec. ¶¶[0049]–[0051]) is not a mere matters-of-degree variation: it imposes a particular class of models and computations to leverage linguistic semantics that the ’172 claims do not require.”Applicant’s argument is not convincing because both limitations from the present application and the ‘172 patent are performing classification of sensitive or non-sensitive data based on analyzing the content of the first data object and the non-descript NLP technique recited in the present application claims is only loosely recited as being performed “on the content of the first data object” as a broad manner of analyzing in the present claims. On page 2 of the Remarks filed on 3/10/2026, Applicant states, with respect to the Double Patenting rejection, that “independent claims have been further amended to require that “the rendered output groups data objects sharing the data schema.” This output-level grouping by shared schema is a claim-level requirement that is absent from the ’172 claim set, and aligns with the disclosed benefits of reducing operator interactions and compute resources by rendering at a clustered granularity.”Applicant’s argument is moot in light of the 112(a) rejection of the argued amended limitation presented above. It is further noted that the interpretation of the argued limitation, based on paragraphs [0073] and [0078] and Figure 2 of the present specification, was not found to overcome the Double Patenting rejection and is further addressed in the rejection above. On page 4 of the Remarks filed on 3/10/2026, Applicant argues that “Contrary to the Office Action's position, paragraph [0046] of Joshi does not describe ‘receiving a query to detect a representation of a data object classified as sensitive data.’” because the cited paragraph [0046] of Joshi “concerns where the DLP module can be installed (such as an email client, server, gateway, or USB driver) and notes that it monitors for sensitive information at various protocol levels. It does not mention receiving any query from a user or system, a query "to detect a representation of a data object," or a query specifically aiming to detect a representation of a data object classified as sensitive data.”Upon further review, Applicant’s argument is not convincing. The claims do not recite that the query is received “from a user or system” as is being argued. Further, Joshi teaches the “query to detect a representation of a data object classified as sensitive data” in the broadest reasonable interpretation of detecting a representation classified as sensitive by teaching “a query analytic system receives a set of one or more queries that accesses data from a set of data objects” (Abstract) and “sensitive data is detected by searching for data and/or metadata that match a set of regular expressions.” (Para. [0046]). On page 5 of the Remarks filed on 3/10/2026, Applicant argues that “Nijjar and Joshi, whether considered individually or together, do not reveal the Applicant’s feature of ‘rendering an output based on the classification and the representation of the data schema in response to receiving the query.’” because paragraph [0052] of Joshi “merely outlines the structural elements of a storage system and notes that storage management software 412 creates interfaces (such as IDE/ATA, SCSI, etc.) for storage devices. It does not reference any classification of data as sensitive or non-sensitive, any data schema or its representation, any received queries, or any output rendered in response to a query.”Upon further review, Applicant’s argument is not convincing because it is not just paragraph [0052] that teaches the limitation being argued but paragraph [0052] in combination with paragraph [0087].Paragraph [0052] is being relied upon as rendering an output (“object may be displayed”) in response/relation to receiving a query (“when information about related objects is requested for the first object”) and paragraph [0087] is being relied upon to teach a query that detects a node representing a data object classified as sensitive (“a hierarchical regex may be stored and/or represented as a tree structure or a directed graph comprising a set of nodes and edges” and “SDDE 106 may traverse the tree structured during the evaluation process…to determine the search patterns to use when scanning data objects for sensitive data”). On pages 5-6 of the Remarks filed on 3/10/2026, Applicant argues that “Neither Nijjar nor Joshi discloses the claimed feature of ‘wherein the rendered output groups data objects sharing the data schema.’” because “Joshi explains that SDDE 106 may evaluate whether objects in the same schema/database map to the same sensitive group classifier, but this addresses an internal scoring heuristic—not grouping outputs by shared schema. Joshi also states that information about related objects may be displayed together, but these relationships arise from other discovery mechanisms (e.g., name matching, workload analytics), not from shared schema grouping” and “Nijjar primarily addresses scanning virtual machine files and remediation under DLP policy, such as quarantining, deleting, or encrypting objects. It does not teach a query interface for retrieving representations of sensitive objects grouped by schema, nor any form of output grouping by shared schema.”Applicant’s argument is moot in light of the 112(a) rejection of the argued amended limitation presented above. It is further noted that the interpretation of the argued limitation, based on paragraphs [0073] and [0078] and Figure 2 of the present specification, was not found to overcome the previously cited prior art and is further addressed in the rejection above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Lee et al. (U.S. Pre-Grant Publication No. 2013/0117232) teaches “a captured database model snapshot contains the information that defines the structure of the database model from which it is captured” and “the captured database model snapshot may be generated to have the form of a file system object (e.g., a file), and its contents may be formatted in a generic, human readable form” (Para. [0004]). Lee further teaches “snapshot object generator 408 may convert metadata 414 into XML code” and “generate the database model snapshot object to contain the source database model serialized into XML and packaged into an OPC (open packaging convention) format” (Para. [0047]). Lee also teaches “any type of testing and number of tests may be performed on a database model snapshot object, including validity testing, testing for security violations (e.g., checking whether particular sensitive columns/tables are present in a data model), testing for legal requirements (e.g., checking whether legal requirements for contents of a data model are being met), testing for business requirements, and/or other types of testing” (Para. [0070]). Lukacs et al. (U.S. Pre-Grant Publication No. 2020/0065131) teaches performing software audits remotely and automatically, on a relatively large number of client systems (e.g., a corporate network, a virtual desktop infrastructure system, etc.) An audit engine executes on each client system, in a hardware virtualization configuration wherein the audit engine executes outside an audited virtual machine. When receiving an audit request from an audit server, some embodiments of the audit engine drop an audit agent into the audited virtual machine, and remove the audit agent upon completion of the audit. Griffith et al. (U.S. Pre-Grant Publication No. 2017/0323110) teaches generating a secured system snapshot of a system. An example computer-implemented method includes receiving an instruction to generate a system snapshot. The system snapshot captures data from a computer executable object loaded in a memory. The method also includes accessing metadata that is associated with the computer executable object from a mapping list. The method also includes capturing the secured system snapshot by. Capturing the secured system snapshot includes determining sensitivity of the computer executable object by comparing the metadata with a predetermined criteria, and excluding a capture of sensitive data from the computer executable object into the system snapshot in response to the metadata of the computer executable object matching the predetermined criteria. The method also includes storing the secured system snapshot. Sanvido (U.S. Pre-Grant Publication No. 2022/0253225) teaches protecting sensitive data in snapshots, including: creating a transformed snapshot portion by applying a transformation specified in an access policy to one or more data objects contained within the portion of the stored snapshot, wherein the stored snapshot is a copy of data in a storage system at a particular point in time prior to a request to access the snapshot; and providing access to the transformed snapshot portion. Bracholdt et al. (U.S. Pre-Grant Publication No. 2020/0349130) teaches a metastructure for representing and manipulating or analyzing a data model is provided herein. A source representation of the first data model may be received. The source representation may include a representation of one or more structural components of the first data model, respectively having identifiers and types. One or more instances of a metastructure schema object datatype may be generated based on the one or more structural components of the source representation. Generating a given instance of the metastructure schema object datatype for a given structural component may include assigning a first identifier of the given structural component to the first data member of the given instance, determining a first type associated with the given structural component, and assigning the first type to the second data member of the given instance. The one or more instances of the metastructure schema object datatype may be stored in association.The reference further teaches “ A lightweight and standardized method or format, such as the matching metastructure technologies disclosed herein, generally makes mapping data models much easier and faster, while being less costly and less labor-intensive, because consistency in format generally increases efficiency, such as by allowing re-use of work, and may be automated or semi-automated.” (Para. [0049]). Lankford et al. (U.S. Pre-Grant Publication No. 2019/0377713) teaches database schema management systems and methods. An intake engine can receive a platform-specific schema definition language and an intake template for converting the input schema to a platform-neutral schema. The intake template can define one or more translation operations required to convert from the first platform-specific schema definition language to a platform-neutral schema definition language. In embodiments, the intake engine can validate the input schema based on one or more design criteria. A repository can store platform-neutral schemas and deployment information. An output template can define one or more translation operations to convert from the platform-neutral schema definition language to a platform-specific schema definition language. A deployment engine can deploy a selected schema to a target database upon request.The reference further teaches “multiple schema records 302 can be associated with the same schema, such that each schema record 302 is a different version of the parent schema.” (Para. [0034]). Yan et al. (U.S. Pre-Grant Publication No. 2019/0303459) teaches a search engine identifies external data records that describe similar entities and may each conform to a different data format or source schema. The engine derives mappings capable of translating data values between differently formatted attributes of two source schemas and uses these mappings to identify degrees of similarity between attributes and schemas. When the search engine receives a search request, the engine translates submitted search criteria into values of a first schema's attributes and then uses the mappings to map those values onto selected attributes of other schemas. The search engine then uses each schema's selected attributes to select external data records formatted in that schema. Each selected record is assigned a match score that is weighted by the similarity of the record schema's selected attributes to the search criteria. Records are then retrieved in order of decreasing match score. Gentleman et al. (U.S. Pre-Grant Publication No. 2022/0207163) teaches the dynamic data classification of data objects. Examples enable prediction of candidate data classification labels for data objects associated with one or more applications, services, or computing devices. Examples enable the assignment of one or more data classification labels to a data object for transmission to one or more computing devices. Examples enable the interactive and progressive application of machine learning techniques to data classification systems to assign data classification labels with probable certainty. Examples enable the tracking, monitoring, storage, sorting, and retrieval of labeled data objects. Examples provide for access control configuration of services to restrict or allow access to data objects based on data classifications and other service parameters.The reference further teaches “API documentation may be parsed to identify and extract parameter names, API call descriptions, schema descriptions, field names and the like for tokenization. The tokenized data may be converted, for example, into natural language processing vector data objects” (Para. [0086]) and “The terms “security related data,” “security data,” or the like refer to a type of data classification that is associated with a data object that contains user account credentials (e.g., account password, security question answer, etc.) and/or information that is determined, by a user, application, or organization to be sensitive (e.g., encryption keys, authentication certificates, trade secrets, patient medical information, etc.)… In some embodiments, the “Security/Secret” data classification label may be associated with a data object that contains sensitive words (e.g., social security number, etc.)” (Para. [0146]). Kishi et al. (U.S. Pre-Grant Publication No. 2022/0150065) teaches determining an encryption technique for a modified data object to backup. Deep data inspection is performed on an object using a natural language processing module to determine facets for the object. The facets provide facet values for instances of sensitive information in the object. The facet values for the object are processed to determine a cumulative facet value. A determination is made of an encryption technique comprising one of a plurality of different encryption techniques to use on the object based on the cumulative facet value. The determined encryption technique is used to encrypt the object to transfer to a backup storage.The reference further teaches “The deep data inspection module 134 may utilize a natural language classification program that collects and analyzes content in the data objects 104 to classify sensitive information in the data objects 104 as facets based on processing of the metadata and content of the data objects 104. The deep data inspection module 134 may use natural language processing (NLP) utilizing ontology based natural language classification techniques to extract the facet values for sensitive information instances in the object. The deep data inspection module 134 may use deep inspection techniques such as IBM® Watson™ Explorer Content analytics, StoredIQ, Sentiment Analytics, Contextual Views based on natural language classification as well as Watson™ Application Programming Interfaces (APIs) such as speech to text, visual recognition, etc. These techniques help in capturing metadata information from data objects and determining a classification of sensitive information in the data objects 104. (IBM, Watson, and StoredIQ are trademarks of International Business Machines Corporation throughout the world).” (Para. [0036]). Tutuianu et al. (U.S. Patent No. 11,599,667) teaches a candidate attribute combination of a first data set is identified, such that the candidate attribute combination meets a data type similarity criterion with respect to a collection of data types of sensitive information for which the first data set is to be analyzed. A collection of input features is generated for a machine learning model from the candidate attribute combination, including at least one feature indicative of a statistical relationship between the values of the candidate attribute combination and a second data set. An indication of a predicted probability of a presence of sensitive information in the first data set is obtained using the machine learning model. Non-Patent Literature Dias, "Discovery of Sensitive Data With Natural Language Processing", 2019, ISCTE - Instituto Universitario de Lisboa (Portugal) ProQuest Dissertations & Theses (Year: 2019) teaches the study of a hybrid approach to the problem of Named Entities Recognition for the Portuguese language. This approach combines several techniques such as rule-based/lexical-based models, machine learning algorithms and neural networks. The rule-based and lexical-based approaches were used only for a set of specific classes. For the remaining classes of entities, SpaCy and Stanford NLP tools were tested, two statistical models – Conditional Random Fields and Random Forest – were implemented and, finally, a BidirectionalLSTM approach as experimented. The best results were achieved with the Stanford NER model (86.41%), from the Stanford NLP tool. Regarding the statistical models, we realized that Conditional Random Fields is the one that can obtain the best results, with a f1-score of 65.50%. With the Bi-LSTM approach, we have achieved a result of 83.01%. The corpora used for training and testing were HAREM Golden Collection, SIGARRA News Corpus and DataSense NER Corpus. Barrett et al. (U.S. Pre-Grant Publication No. 2023/0315698) teaches generating, updating, and/or otherwise managing an asset management system and its associated objects. An example embodiment is configured for accessing an asset management repository comprising a plurality of object type identifier nodes and a plurality of object attribute identifier nodes configured in a directed graph structure; receiving an object query comprising a selected object type identifier; traversing the directed graph structure to return a selected object type schema comprising an object attribute identifier node subset associated with the selected object type identifier; and outputting a selected object type interface component based on the selected object type schema for rendering to the object types registry interface.The reference further teaches “in some embodiments, the schema (e.g., schema 600) may also comprise objects with different object attribute identifiers within the same schema (e.g., both Object A′ (615) and Object B′ (665) may also comprise different attributes, such as Object A′ (610) may be associated with Attribute 1′ (630) and Object B′ may be associated with Attribute 2′ (650)).” (Para. [0053]). Eike et al. (U.S. Pre-Grant Publication No. 2020/0293523) teaches metadata-driven data maintenance. One or more data object queries are obtained from one or more data object frameworks. One or more sets of data objects are received based on the one or more data object queries. One or more data object nets are built based on the one or more sets of data objects and the one or more data object frameworks and respectively associated with one or more processes. The one or more data object nets and their associated processes are analyzed. Data object maintenance is performed on the data objects of the one or more data object nets based on the analysis of the one or more data object nets and their associated processes. Murthy (U.S. Pre-Grant Publication No. 2010/0228734) teaches providing a user-directed keyword-based search on a large collection of XML documents, and displaying a summary of results to the user. Prior to receiving search requests from a user, an offline analysis of a large collection of XML documents is performed to construct an inverted index of keywords. For each keyword, the index stores a set of location indicators that identify all the instances of the keyword found in the collection of documents. A location indicator may comprise a document identifier, an indication of the position of the node in the hierarchy of nodes within the XML document containing the keyword, and an indication of the pathname of the node containing the keyword. Once the index is constructed, keyword searching can be done efficiently by a keyword lookup in the index. Various display strategies enable the user to see the specific portion of a large XML document containing the keyword and/or path frequency information allowing the user to easily refine the search to specific paths within the collection of documents.The reference further teaches “Large collections of XML (eXtensible Markup Language) documents are increasingly prevalent in the enterprise. Information about the structure of specific types of XML documents may be specified in documents referred to as "XML schemas". For example, the XML schema for a particular type of XML document may specify the names for the data items (tags) contained in that particular type of XML document, the hierarchical relationship between the data items contained in that type of XML document, data types of the data items contained in that particular type of XML document, etc.” (Para. [0003]). Kwiecien et al. (U.S. Pre-Grant Publication No. 2019/0034047) teaches the present invention provides a platform that enables codeless generation of online mass spectrometry data exploration portals. The platform facilitates upload of generic spreadsheets containing processed mass spectrometry results (e.g., peak tables) and enables on-the-fly hierarchical organization of data. Following data upload, platform users can select individual visualizations to add to their custom web portal from a menu of options. Based on these selections, a complete webpage is constructed with all associated functionality embedded. These custom web portals can then be shared with collaborators and other researchers at the discretion of the creator via a developed user permissions sharing scheme.The reference further teaches “The electronic database is searchable so that data uploaded from multiple peak tables is able to be found through a query, tracked and/or sorted. Additionally, entry of the data into the electronic database allows for easy automated processing. This allows the data to be easily compared and grouped together in different various ways. Through analysis and manipulation of the data, useful points in the data sets and outlying results can be easily detected.” (Para. [0012]). Shah et al. (U.S. Pre-Grant Publication No. 2018/0150548) teaches recognizing unknown data objects may be implemented for data objects stored in a data store. Data objects that are identified as unknown may be accessed to retrieve a portion of the data object. Different representations of the data object may be generated for recognizing different data schemas. An analysis of the representations may be performed to identify a data schema for the unknown data object. The data schema may be stored in a metadata store for the unknown data object.The reference further teaches Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT F MAY whose telephone number is (571)272-3195. The examiner can normally be reached Monday-Friday 9:30am to 6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Boris Gorney can be reached on 571-270-5626. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ROBERT F MAY/Examiner, Art Unit 2154 4/2/2026 /BORIS GORNEY/Supervisory Patent Examiner, Art Unit 2154