Patent Application 18187339 - SYSTEMS AND METHODS FOR DEMOCRATIZING SENSITIVE

Title: SYSTEMS AND METHODS FOR DEMOCRATIZING SENSITIVE DATA

Application Information

• Invention Title: SYSTEMS AND METHODS FOR DEMOCRATIZING SENSITIVE DATA
• Application Number: 18187339
• Submission Date: 2025-05-14T00:00:00.000Z
• Effective Filing Date: 2023-03-21T00:00:00.000Z
• Filing Date: 2023-03-21T00:00:00.000Z
• National Class: 707
• National Sub-Class: 714000
• Examiner Employee Number: 83772
• Art Unit: 2167
• Tech Center: 2100

Rejection Summary

• 102 Rejections: 0
• 103 Rejections: 1

Cited Patents

The following patents were cited in the rejection:

• US 0143194🔗
• US 0041296🔗

Office Action Text

    Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the communication filed on March 14, 2025.
Response to Amendment
Applicant’s amendment filed on March 14, 2025 with respect to claims 1-10 and 21-30 has been received, entered into the record and considered.
As a result of the amendment, claims 1, 3-4, 6 and 8 has been amended, claims 2 and 7 has been cancelled (11-20 previously cancelled) and 21-30 has been newly added.
claims 1, 3-6, 8-10 and 21-30 remain pending in this office action.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-6, 8-10 and 21-30 are rejected under 35 U.S.C. 103 as being unpatentable over Ford et al (US 2017/0041296 A1), in view of Stewart et al (US 2006/0143194 A1).
As per claim 1, Ford discloses:
- One or more computer-readable non-transitory storage media embodying instructions that, when executed by a processor, cause the processor to perform operations comprising (computer readable media executed by a processor, Para [0696], [0698]), 
- importing datasets comprising sensitive data from one or more applications associated with multiple domains within an organization, wherein the datasets comprise functional data and control data related to a plurality of events (downloading and uploading sensitive data (i.e., importing sensitive dataset), Para [0068], [0191], associated with different location (i.e., domain within and organization), Para [0244], [0321], data with different functions (i.e., functional data), Para [0080], [0086] and role, location or relationship based access to data (i.e., control data with plurality of event), Para [0124], [0190], [0207], [0239], [0290], [0395]), 
- identifying event classifications based on the plurality of events (classifying event based on sensitive or restricted, Para [0207], [0249], [0250]), 
- generating a secured view based on the entitlement table, wherein the secured view prevents unauthorized disclosure of the sensitive data (generating secure view which prevents unauthorized access, [0080], [0352], [0374], [0375], Fig. 1A, item 133, 1D, item 102, Fig. 2A, item 239, 255]), 
Ford does not explicitly disclose defining a functional table using the functional data and by mapping a plurality of keys to the event classifications; defining a control table using the control data and by mapping the plurality of keys to a plurality of users; joining the functional table and the control table to generate an entitlement table by using the plurality of keys to join the functional table and the control table. However, in the same field of endeavor Steward in an analogous art disclose defining a functional table using the functional data and by mapping a plurality of keys to the event classifications (table with different defining asset with ID (i.e., functional table defining functional data such as division), Para [0056], Fig. 1, item 110, 115), defining a control table using the control data and by mapping the plurality of keys to a plurality of users (table with user role (i.e., control table defining control data such as role), Para [0057], [0058], Fig. 1, item 130), ; joining the functional table and the control table to generate an entitlement table by using the plurality of keys to join the functional table and the control table (joining Asset Table and Role table to generate entitlement table using primary key, Para [0038], [0042], [0043], [0077], Fig. 4).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the functional table and control table and joining those table to create an entitlement table by Stewart as the means to share and access sensitive data between various division, location (i.e., domain) in Ford, (Ford, Para [0207], [0249], [0250], Stewart, Para [0042], [0043], [0077], Fig. 4). Ford and Stewart are analogous prior art since they both deal with sharing data between various division in an organizational database. A person of the ordinary skill in the art would have been motivated to make aforementioned modification to exchanging sensitive data efficiently. This is because one aspect of Ford invention is to maintaining effective mirroring and exchanging content as described in at least Para [0107], [0152]. Defining a function table and control table and joining those table to create an entitlement table is part of this process. However, Ford doesn’t specify any particular manner in which entitlement table is created by joining functional table and control table. This would have lead one of the ordinary skill in the art to seek and recognize the creation of an entitlement table by joining functional and control table as taught by Stewart. Stewart describes how an entitlement used to manage the organizations document/data more efficiently in Para [0044], [0044], as desired by Ford. 
	As per claim 3, rejection of claim 1 is incorporated, and further Steward discloses:
	- wherein the one or more control tables comprise control table is a role-based control table, the role-based control table comprising one or more of the following fields (role-based access privilege, Para [0042], [0043]), 
- a first field indicating the plurality of users; a second filed indicating a plurality of roles associated with the plurality of users; a third field indicating one or more divisions associated with one or more of the plurality of users; a fourth field indicating one or more business lines associated with one or more of the plurality of users; a fifth field indicating one or more events associated with one or more of the plurality of users; and a sixth field indicating a geographical location associated with one or more of the plurality of users (different field indicating name, role, division, owner, etc., Fig. 1, Para [0056], [0057], [0058]).
As per claim 4, rejection of claim 1 is incorporated, and further Steward discloses:
- wherein the one or more control tables comprise control table is an event-based control table, the event-based control table comprising one or more of the following fields (role based on department or division, (i.e., event-based control table), Para [0035], [0036], [0045]), [0062]), 
a first field indicating the plurality of events; a second field indicating one or more divisions associated with one or more of the plurality of events; a third field indicating one or more business lines associated with one or more of the plurality of events; a fourth field indicating a geographical location associated with one or more of the plurality of events; a fifth field indicating whether one or more of the plurality of events comprises sensitive information; and a sixth field indicating whether one or more of the plurality of events comprises a sensitive flag (different field indicating name, role, division, owner, flag etc., Fig. 1, Para [0056], [0057], [0058]).
As per claim 5, rejection of claim 1 is incorporated and further Stewart discloses:
- the one or more applications comprise a plurality of applications (suborganization such as division, department, HR, etc., (i.e., plurality of application), Para [0035], [0036], [0039]), 
	- each of the datasets is associated with a respective application of the plurality of applications; and each of the plurality of applications is associated with a different data store (HR data associated with HR application, and store in HR data in Human Resource department, Para [0039], [0069], [0079]).
	As per claim 6 and 9,
	Claim 6 and 9 are method claim corresponding to computer readable medium claim 1 and 5 respectively and rejected under the same reason set forth to the rejection of claims 1 and 5 above.
As per claim 8, rejection of claim 6 is incorporated, and further Ford discloses:
- receiving the datasets via one or more push application programming interfaces (APIs) associated with the one or more applications (transmitting data associated with application (i.e., push application), Para [0067], [0190], [0247], [0369], [0401]),
- receiving the datasets via one or more locations shared with the one or more applications; or receiving the datasets from one or more data stores associated with the one or more applications via a stream (shared dataset application, Para [0211], [0374], [0401]).
As per claim 10, rejection of claim 6 is incorporated, and further Stewart discloses:
- identifying one or more rules; and applying the one or more rules to the functional data (identifying rule or policy, Para [0092], and applying policy, Para [0035]).
As per claim 21, rejection of claim 1 is incorporated, and further Ford discloses:
- communicating the secured view to a user (secure view for the user, Para [0183], [0186], [0270], [0555]).
As per claim 22, rejection of claim 21 is incorporated, and further Ford discloses:
- receiving a request from the user to access a portion of the sensitive data related to a specified event of the plurality of events (receive access request to access content in second business entity, Para [0251], [0284], [0287]), 
- identifying a role of the user (role of the user, Para [0173], [0399]), 
	- identifying a role-based entitlement of the user based on the role of the user (role-based entitlement, Para [0092], [0280], [0305], [0373], [0374]), 
	- determining, using the role-based entitlement of the user, a user entitlement (role-based entitlement, [0305], [0373], [0374]), 
	- generating the secured view associated with the user entitlement based on the entitlement table (generating secure view for the user, Para [0305], [0373] – [0374]).
	As per claim 23, rejection of claim 21 is incorporated, and further Ford discloses:
	- wherein the entitlement table filters out entitlements based on an identity of the user (filter out services based on user, Para [0086], [0502]).
	As per claim 24, rejection of claim 21 is incorporated, and further Stewart discloses:
	- wherein the secured view comprises the entitlement table but not the functional table or the control table (Entitlement table 400 does not show functional table or control table, Fig. 4, item 400).
	As per claim 25, rejection of claim 21 is incorporated, and further Stewart discloses:
	- wherein the secured view prevents the user from being exposed to unentitled data provided in the functional table (restricted to view unentitled data, Para [0106]).
	As per claims 26-30,
	Claims 26-30 are method claims corresponding to computer readable medium claims 21-25 respectively and rejected under the same reason set forth to the rejection of claims 21-25 above.
				Response to Arguments
Applicant’s arguments with respect to claims 1, 3-6, 8-10 and 21-30 have been considered but are moot because the new ground of rejection necessitated by the amendment to the claims.
Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
					Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED R UDDIN whose telephone number is (571)270-3138. The examiner can normally be reached M-F: 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Beausoliel Robert can be reached at 571-272-3645. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
/MOHAMMED R UDDIN/Primary Examiner, Art Unit 2167