DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 11/17/2020 has been entered.
As per instant Amendment, Claims 1, 8, and 15 are independent claims.  Claims 1-2, 6-9, 13-16 and 20 have been examined and are pending. This Action is made Non-FINAL. 

Response to Arguments
Applicant’s arguments with respect to claims 1, 8 and 15 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. The new reference Hutton et al. (US 2017 /0048199) used to address the limitations.

The amended claims 1, 10 and 15 have been addressed in rejection below.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-2, 7-9 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Seese et al. (“Seese,” US 2015/0100357), published on April 9, 2015 in view of Hutton et al. (“Hutton,” US 2017 /0048199), published on February 16, 2017.

Regarding claim 1: Seese discloses a system comprising:
a processor (Seese: fig. 6); 
Seese: fig. 6), the medium including instructions executable by the processor to perform operations, comprising: 
configuring the scanning service to receive notifications from a cloud storage service about storage activity and to access data in the cloud storage service (Seese: ¶0017 detect, by an enterprise computer system, an activity notification from a cloud service that stores data on behalf of an enterprise; ¶0037 the cloud service 104A pushes an activity notification to the job scheduler 112. The activity notification may include fields that include data that indicate that a file maintained by the cloud service 104A has been uploaded or changed by an enterprise user);
receiving, by the scanning service from the cloud storage service, a notification regarding storage activity related to a file in the data (Seese: ¶0017 the activity notification may specify a file name involved in an activity performed by the cloud service (e.g., creating or modifying a file)); 
after the completion of the storage activity, receiving by the scanning service from the cloud storage service, the file (Seese: ¶0038 retrieve the file from the cloud service 104a; ¶0039 at step 3, the back end server 114 connects to cloud service 104A to obtain (e.g., by pulling or downloading) the file from cloud service 104a); 
scanning, by the scanning service, the file (Seese: ¶0017 after downloading the file, the enterprise computer system may analyze the file against a data loss prevention rule).
Seese does not explicitly disclose configuring the scanning service with an account having access to change permission on files in the data stored by the cloud storage 
However Hutton discloses configuring the scanning service with an account having access to change permission on files in the data stored by the cloud storage service (Hutton: ¶0046 file content policy 120 can operate by identifying how to process content that does not conform to rules for the purported file type. A file can be analysed to see if it determines with a set of rules for the file's purported file type. Then, if a portion of the content does not conform to the set of rules for that file type, file content policy 120 can be used to determine how to process the content);
determining from the scan that at least one portion of the file should not be distributed to one or more applications because the at least one portion of the file contains malware or other malicious content (Hutton: ¶0027 the set of rules can also specify that certain content elements in a file can be malicious [...] the set of rules can specify that a macro, even if it conforms to the rules for the file format, is considered potentially malicious; ¶0028 once a file has been examined, the file can be sanitised. Sanitising the file involves eliminating the portions of the file that are not conforming, leaving only the portions of the file that conform to the rules. Note that the file as a whole is not necessarily disallowed if a portion of the file does not conform to the set of rules. For example, macros can be eliminated from a document, while the text of the document can be allowed through; ¶0092 and ¶0095); and
taking an action with respect to the cloud storage service based on the determination that the at least one portion of the file should not be distributed, wherein the action includes, with the scanning service configured with the account having access to change permission on the file, setting a permission for the file on the cloud storage service to make the file unavailable to one or more applications when the at least one portion of the file contains malware or other malicious content (Hutton: ¶0031 since a file that includes malicious content will not conform to the rules associated with the file type, the malicious content will be blocked, regardless of whether or not a signature can be used to detect the malicious content; ¶0050 file content policy 120 can specify that the content should be allowed (action 610), sanitised (action 615), or quarantined (action 620); and ¶0095).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Hutton with the system and method of Seese to include having access to change permission on files in the cloud storage service to provide users with a means for providing policies that can adjust security risk (Hutton: ¶0003). 

Regarding claim 2: Seese in view of Hutton discloses the system of claim 1.
Seese further discloses wherein the instructions are further executable by the processor to configure the scanning service to receive notifications from said cloud storage service about storage activity associated with a plurality of accounts associated with the Seese: ¶0022 The cloud services 104A-C may provide cloud storage services to users (e.g., employees, departments, teams, etc.) of the enterprise).

Regarding claim 7: Seese in view of Hutton discloses the system of claim 1.
Seese further discloses wherein the instructions are further executable by the processor wherein, based on the determination that the at least one portion of the file should not be distributed, the file contains confidential information comprising one or more of credit card numbers, social security numbers, multiple phone numbers, and a predefined pattern (Seese: ¶0054 a DLP rule may further specify an action that the cloud service 102A is to perform in response to detecting that the file (or files) violates a policy of the enterprise [...] DLP rules may include data or logic configured to identify confidential data, such as social security numbers, financial data (e.g., credit card number, magnetic stripe data, and the like), username and password pairs, proprietary information, licensed data (e.g., copyrighted works), or any other data that may compromise the enterprise if the data is misappropriated).

Regarding claim 8: Seese discloses a method comprising:
configuring a scanning service to receive notifications from a cloud storage service about storage activity (Seese: ¶0017 detect, by an enterprise computer system, an activity notification from a cloud service that stores data on behalf of an enterprise; ¶0037 the cloud service 104A pushes an activity notification to the job scheduler 112. The activity notification may include fields that include data that indicate that a file maintained by the cloud service 104A has been uploaded or changed by an enterprise user);
Seese: ¶0017 the activity notification may specify a file name involved in an activity performed by the cloud service (e.g., creating or modifying a file)); 
after completion of the storage activity, loading by the scanning service from the cloud storage service, the file (Seese: ¶0038 retrieve the file from the cloud service 104a; ¶0039 at step 3, the back end server 114 connects to cloud service 104A to obtain (e.g., by pulling or downloading) the file from cloud service 104a); and
scanning the file by the scanning service (Seese: ¶0017 after downloading the file, the enterprise computer system may analyze the file against a data loss prevention rule).
Seese does not explicitly disclose configuring the scanning service with an account having access to change permission on files in the data stored by the cloud storage service; determining from the scan that at least one portion of the file should not be distributed to one or more applications because the at least one portion of the file contains malware or other malicious content and taking an action with respect to the cloud storage service based on the determination that the at least one portion of the file should not be distributed, wherein the action includes, with the scanning service configured with the account having access to change permission on the file, setting a permission for the file on the cloud storage service to make the file unavailable to one or more applications when the at least one portion of the file contains malware or other malicious content.
However Hutton discloses configuring the scanning service with an account having access to change permission on files stored by the cloud storage service (Hutton: ¶0046 file content policy 120 can operate by identifying how to process content that does not conform to rules for the purported file type. A file can be analysed to see if it determines with a set of rules for the file's purported file type. Then, if a portion of the content does not conform to the set of rules for that file type, file content policy 120 can be used to determine how to process the content);
determining from the scan that at least one portion of the file should not be distributed to one or more applications because the at least one portion of the file contains malware or other malicious content (Hutton: ¶0027 the set of rules can also specify that certain content elements in a file can be malicious [...] the set of rules can specify that a macro, even if it conforms to the rules for the file format, is considered potentially malicious; ¶0028 once a file has been examined, the file can be sanitised. Sanitising the file involves eliminating the portions of the file that are not conforming, leaving only the portions of the file that conform to the rules. Note that the file as a whole is not necessarily disallowed if a portion of the file does not conform to the set of rules. For example, macros can be eliminated from a document, while the text of the document can be allowed through); and
taking an action with respect to the cloud storage service based on the determination that the at least one portion of the file should not be distributed, wherein the action includes, with the scanning service configured with the account having access to change permission on the file, setting a permission for the file on the cloud storage service to make the file unavailable to one or more applications when the at least one portion of the file contains malware or other malicious content (Hutton: ¶0031 since a file that includes malicious content will not conform to the rules associated with the file type, the malicious content will be blocked, regardless of whether or not a signature can be used to detect the malicious content; ¶0050 file content policy 120 can specify that the content should be allowed (action 610), sanitised (action 615), or quarantined (action 620)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Hutton with the system and method of Seese to include having access to change permission on files in the cloud storage service to provide users with a means for providing policies that can adjust security risk (Hutton: ¶0003).  

Regarding claims 9 and 14: Claims 9 and 14 are similar in scope to claims 2 and 7, respectively, and are therefore rejected under similar rationale.

Regarding claim 15: Seese discloses a non-transitory computer readable storage medium having computer readable code thereon for a scanning service, the medium including instructions executable by one or more processors to perform operations, comprising:
configuring the scanning service to receive notifications from a cloud storage service about storage activity and to access data in the cloud storage service (Seese: ¶0017 detect, by an enterprise computer system, an activity notification from a cloud service that stores data on behalf of an enterprise; ¶0037 the cloud service 104A pushes an activity notification to the job scheduler 112. The activity notification may include fields that include data that indicate that a file maintained by the cloud service 104A has been uploaded or changed by an enterprise user); 
Seese: ¶0017 The activity notification may specify a file name involved in an activity performed by the cloud service (e.g., creating or modifying a file)); 
after completion of the storage activity, receiving by the scanning service from the cloud storage service, the file (Seese: ¶0038 retrieve the file from the cloud service 104a; ¶0039 at step 3, the back end server 114 connects to cloud service 104A to obtain (e.g., by pulling or downloading) the file from cloud service 104a); and
scanning, by the scanning service, the file (Seese: ¶0017 after downloading the file, the enterprise computer system may analyze the file against a data loss prevention rule).
Seese does not explicitly disclose configuring the scanning service with an account having access to change permission on data in the cloud storage service; determining from the scan that at least one portion of the file should not be distributed to one or more applications because the at least one portion of the file contains malware or other malicious content and taking an action with respect to the cloud storage service based on the determination that the at least one portion of the file should not be distributed, wherein the action includes, with the scanning service configured with the account having access to change permission on the data including the file, setting a permission for the file on the cloud storage service to make the file unavailable to one or more applications when the at least one portion of the file contains malware or other malicious content.
However Hutton discloses configuring the scanning service with an account having access to change permission on data in the cloud storage service (Hutton: ¶0046 file content policy 120 can operate by identifying how to process content that does not conform to rules for the purported file type. A file can be analysed to see if it determines with a set of rules for the file's purported file type. Then, if a portion of the content does not conform to the set of rules for that file type, file content policy 120 can be used to determine how to process the content);
determining from the scan that at least one portion of the file should not be distributed to one or more applications because the at least one portion of the file contains malware or other malicious content (Hutton: ¶0027 the set of rules can also specify that certain content elements in a file can be malicious [...] the set of rules can specify that a macro, even if it conforms to the rules for the file format, is considered potentially malicious; ¶0028 once a file has been examined, the file can be sanitised. Sanitising the file involves eliminating the portions of the file that are not conforming, leaving only the portions of the file that conform to the rules. Note that the file as a whole is not necessarily disallowed if a portion of the file does not conform to the set of rules. For example, macros can be eliminated from a document, while the text of the document can be allowed through); and
taking an action with respect to the cloud storage service based on the determination that the at least one portion of the file should not be distributed, wherein the action includes, with the scanning service configured with the account having access to change permission on the data including the file, setting a permission for the file on the cloud storage service to make the file unavailable to one or more applications when the at least one portion of the file contains malware or other malicious content (Hutton: ¶0031 since a file that includes malicious content will not conform to the rules associated with the file type, the malicious content will be blocked, regardless of whether or not a signature can be used to detect the malicious content; ¶0050 file content policy 120 can specify that the content should be allowed (action 610), sanitised (action 615), or quarantined (action 620)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Hutton with the system and method of Seese to include having access to change permission on files in the cloud storage service to provide users with a means for providing policies that can adjust security risk (Hutton: ¶0003). 

Regarding claim 16: Claim 16 is similar in scope to claim 2, and is therefore rejected under similar rationale.


Claims 6, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Seese et al. (“Seese,” US 2015/0100357), published on April 9, 2015 in view of Hutton et al. (“Hutton,” US 2017 /0048199), published on February 16, 2017 and Ye et al. (“Ye,” US 9317686), published on April 19, 2016. 

Regarding claim 6: Seese in view of Hutton discloses the system of claim 1.
Seese in view of Hutton does not explicitly disclose wherein the instructions are further executable by the processor wherein, based on the determination that the at least one portion of the file should not be distributed, the file contains malware comprising disruptive computer instructions that may cause one or more of damage to one or more 
However Ye discloses wherein, based on the determination that the at least one portion of the file should not be distributed, the file contains malware comprising disruptive computer instructions that may cause one or more of damage to one or more computing devices, compromising files on one or more computer devices, or obtaining private information from the one or more computing devices (Ye: col. 6  lines 47-49  step 224 determines whether the process is malware, or more specifically, whether the process is ransom ware).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Ye with the system and method of Seese and Hutton to include based on the determination that at least a portion of the file should not be distributed, said file contains malware to provide users with a means for protecting a user and the computer files in real time (Ye: col. 2 lines 18-19).

Regarding claim 13: Claim 13 is similar in scope to claim 6, and is therefore rejected under similar rationale.

Regarding claim 20: Claim 20 is similar in scope to claim 6, and is therefore rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857.  The examiner can normally be reached on Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/FAHIMEH MOHAMMADI/    Examiner, Art Unit 2439                                                                                                                                                                                         
/KARI L SCHMIDT/Primary Examiner, Art Unit 2439