DETAILED ACTION
1. This communication is responsive to the Preliminary Amendment filed 8/14/2025.
Claims 1-20 have been added.
Claims 1-20 are presented for examination.
Notice of Pre-AIA or AIA Status
2. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 101
3. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
4. Claims 1, 8 and 15 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claims recite “determining that a classification of a digital content item corresponds to a data policy; generating, based on the data policy and attributes of the digital content item, a mapping of the digital content item to digital data requirements of the data policy; determining, violations of digital data requirements of the data policy; and generating, reports associated with the one or more violations” which is an abstract idea under mental process.
This judicial exception is not integrated into a practical application because the additional computer elements which are recited as a processor and memory, do not add meaningful limitations to the abstract idea, and they simply implement the abstract idea on a computing device. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because generating data/content violations reports based on a mapping of the digital content item to digital data requirements of the data policy, are general computer functions which is well understood routine and conventional activities.
Claims 2-7, 9-14 and 16-20 are dependent on claims 1, 8 and 15 respectively, and includes all the limitations of claims 1, 8 and 15. Therefore, claims 2-7, 9-14 and 16-20 recite the same abstract idea. The additional limitations recited in claims 2-7, 9-14 and 16-20, for example data type requirements, sensitive data, encrypting data, and taking remediation actions, do not amount to significantly more than the abstract idea.
Double Patenting
5. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
6. Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,321,334. Although the conflicting claims are not identical, they are not patentably distinct from each other.
U.S. Patent Application 19/197,307
Claim 1
A method comprising:
determining that a classification of a digital content item corresponds to a data policy;
generating, based on the determination that the digital content item corresponds to the data policy and one or more attributes of the digital content item, a mapping of the digital content item to one or more digital data requirements of the data policy;
determining, based on the one or more digital data requirements and the mapping, one or more violations of the one or more digital data requirements of the data policy; and generating, based on the one or more violations of the one or more digital data requirements of the data policy, one or more reports associated with the one or more violations.
U.S. Patent No. 12,321,334
Claim 1
A computer-implemented method comprising:
generating, by processing hardware utilizing a classifier model, classifications of each of a plurality of digital content items accessed at a digital data repository via an integration with the digital data repository;
generating, by the processing hardware and based on the classifications of each of the plurality of digital content items, mappings between the plurality of digital content items and a set of digital data requirements of a data policy by:
determining that a classification of a digital content item of the plurality of digital content items corresponds to the data policy according to a predetermined mapping between the classification and the data policy; and
generating, in response to determining that the digital content item corresponds to the data policy, a mapping of the digital content item to the set of digital data requirements of the data policy based on one or more attributes of the digital content item;
determining, by the processing hardware in response to generating the mappings, that the set of digital data requirements indicates data missing from the digital data repository; and
generating, by the processing hardware, an indication of the data missing from the digital data repository for display via a graphical user interface of a client device.
It is noted that the claimed limitations of claims 1-20 of Patent Application 19/197,307 are not patentably distinct from that of claims 1-20 of U.S. Patent No. 12,321,334. It appears to be proper to apply the judicially created doctrine of obvious-type double patenting to the claims at issue.
Claim Rejections - 35 USC § 103
7. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
8. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
9. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
10. Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Okorafor et al. (US 2020/0019558) hereinafter Okorafor, in view of Sinkar et al. (US 2022/0318273) hereinafter Sinkar.
In claim 1, Okorafor discloses “A method comprising:
determining that a classification of a digital content item corresponds to a data policy ([0036] an extraction and classification module 120, also referred to simply as “classification module 120”, may initiate classification of the retrieved dataset to classify the retrieved dataset and to provide metadata for the retrieved dataset. In some embodiments, classification module 120 may automatically generate actionable policies using the metadata provided by the classifying of the retrieved input data [0037] a compliance engine module 122 may automatically generate a compliance engine using the generated plurality of actionable policies, and may control security of access to the retrieved input data using the generated compliance engine. For example, compliance engine module 122 may initiate distributed curation rules processing to curate the retrieved datasets based on the provided metadata, using artificial intelligence processing);
generating, based on the determination that the digital content item corresponds to the data policy and one or more attributes of the digital content item, a mapping of the digital content item to one or more digital data requirements of the data policy
([0033] For example, the set of data requirements may include location information for a data source and format information for datasets located at the data source. For example, the user may provide information specifying multiple different types/formats of data, and access information specifying where the data may be accessed, as well as how the data may be accessed for onboarding to the system [0034] the user is provided with “one stop” data management, as the system is automated after the user provides the initial input of the set of data requirements [0037] a compliance engine module 122 may automatically generate a compliance engine using the generated plurality of actionable policies, and may control security of access to the retrieved input data using the generated compliance engine. For example, compliance engine module 122 may initiate distributed curation rules processing to curate the retrieved datasets based on the provided metadata, using artificial intelligence processing [0038] a data quality control module 124 may control data quality based on an actionable metadata driven policy for data quality analysis, using artificial intelligence processing. In some embodiments, a centralized consistency, correctness, and completeness check is performed on the processed data received from compliance engine module 122)”.
Okorafor does not appear to explicitly disclose however, Sinkar discloses “determining, based on the one or more digital data requirements and the mapping, one or more violations of the one or more digital data requirements of the data policy ([0075] the system may identify a first dataset in a first data environment for which the metadata repository is missing at least one data attribute. For example, dataset A may be stored on a first data environment, and may have attributes (e.g., a customer identification number) that have not been included in the metadata repository 112. After the missing data attributes have been identified, the system (e.g., classification management device 118) may transmit the policy ID and the identified missing data attributes to policy repository 110); and
generating, based on the one or more violations of the one or more digital data requirements of the data policy, one or more reports associated with the one or more violations ([0023] the classification management device may generate a report indicative of changes implemented on a given dataset in a respective data environment. The report may include the classification requirement applied to any given dataset based on the data environment it has been copied to, a change log for policies being applied based on the classification requirement, including a time and date of any changes made, as well as approvals of the policies to be applied provided by a data steward, including a data steward name, and the time and date of the approval [0077] the system (e.g., classification management device 118) may query metadata repository 112 to determine the data steward (e.g., the permissioned user associated with the dataset) for the respective dataset that included the missing data attributes. In optional step 760, the system (e.g., classification management device 118) may monitor compliance management database 120 for change approval by the data steward. In optional step 770, the system may receive data steward approval from compliance management database 120. After receiving approval, the system may execute the classification code on the respective dataset and update the metadata repository with the missing data attributes)”.
Hence, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine Okorafor and Sinkar, the suggestion/motivation for doing so would have been to provide an improved method of automated data governance across all data environments in an organization ([0004]).
In claim 2, Okorafor teaches
The method of claim 1, wherein the one or more digital data requirements of the data policy comprise one or more data type requirements, one or more time requirements or one or more data storage requirements ([0045] the system gathers source information for retrieving the data, as well as a set of data requirements for governance of the data. Source information can include, for example, information about where the data is currently hosted (e.g., in the cloud), any credentials needed to access the data (e.g., username and password), and the data format (e.g., CSV). The term “data policy” simply refers to one or more rules for governing data. In one example, a data policy could be to hide social security numbers and other sensitive information so that this information is not viewable when the data is searched by external users).
In claim 3, Okorafor teaches
The method of claim 1, wherein the digital content item comprises or more of personally identifiable information or sensitive data ([0060] A sensitive data submodule 522 may be used to detect any personally identify information (P II) data using an Al algorithm and classify it into “Shared” and “Restricted” category).
In claim 4, Sinkar teaches
The method of claim 1, wherein determining the one or more violations of the one or more digital data requirements of the data policy comprises determining one or more data type discovery patterns ([0058] a production data environment may have a policy ID that requires data masking for sensitive data entries, whereas a quality assurance data environment may have a policy ID that only requires anonymization for sensitive data entries. The first dataset may also include a first dataset ID. The Classification management device may use the first dataset ID and the first policy ID to determine data attributes and associated classification requirements for all data entries in the first dataset [0069] the data attribute may be associated with a data type present in the dataset, and the classification requirement for each data entry may be based on the data type present in the dataset as well as the data environment that the dataset is to be copied to (e.g., public-facing data environment vs. data environment open only to organization 108)).
In claim 5, Sinkar teaches
The method of claim 1, further comprising taking one or more actions based on the one or more violations, wherein the one or more actions comprise one or more of: redacting data, encrypting data, or transferring data ([0078] the system (e.g., classification management device 118) may update metadata repository 112 with the missing data attributes. Accordingly, the entries in policy repository 110 may be used to update metadata repository 112 with the missing data attributes).
In claim 6, Sinkar teaches
The method of claim 1, further comprising providing one or more links associated with the one or more violations ([0075] After the missing data attributes have been identified, the system (e.g., classification management device 118) may transmit the policy ID and the identified missing data attributes to policy repository 110 [0076] responsive to transmitting the data attributes and policy ID to policy repository 110, the system (e.g., classification management device 118) may receive classification code from policy repository 110 for each of the identified data attributes. The data attributes may be stored by policy repository 110 and based on the transmitted policy ID, policy repository 110 may return classification code to be applied to each of the identified data attributes. For example, if the data environment is public facing the classification code for the missing data attribute “customer identification number” may be a standardized code argument for data masking (e.g., synthesizer.scrub, TDM.scrub, and/or faker.fake)).
In claim 7, Sinkar teaches
The method of claim 1, further comprising determining one or more remediation actions associated with the one or more violations ([0077] the system (e.g., classification management device 118) may query metadata repository 112 to determine the data steward (e.g., the permissioned user associated with the dataset) for the respective dataset that included the missing data attributes. In optional step 760, the system (e.g., classification management device 118) may monitor compliance management database 120 for change approval by the data steward. In optional step 770, the system may receive data steward approval from compliance management database 120. After receiving approval, the system may execute the classification code on the respective dataset and update the metadata repository with the missing data attributes).
Claims 8-14 are essentially same as claims 1-7 except that they recite claimed invention as an apparatus and are rejected for the same reasons as applied hereinabove.
Claims 15-20 are essentially same as claims 1-6 except that they recite claimed invention as a non-transitory computer-readable media and are rejected for the same reasons as applied hereinabove.
Conclusion
11. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed on 892 form.
Examiner’s Note: Examiner has cited particular figures, and paragraphs in the references as applied to the claims above for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested for the applicant, in preparing the responses, to fully consider the references in entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUAWEN A PENG whose telephone number is (571)270-5215. The examiner can normally be reached Mon thru Fri 9 am to 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Sherief Badawi can be reached at 571-272-9782. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HUAWEN A PENG/Primary Examiner, Art Unit 2169