Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with John A. Garrity on 02/23/2021
The application has been amended as follow:

AMENDMENTS TO THE CLAIMS

1. (Currently Amended) A method of scanning an electronic file for malware in a network, the method comprising: 
at a first node, generating at least one scanning object of the electronic file on the basis of a dynamic configuration provided to the first node of the network by a second node of the network, the dynamic configuration including a definition of malware-susceptible data of the electronic file, and the at least one scanning object being generated by using the malware-susceptible data of the electronic file and neglecting malware-insusceptible data of the electronic file identified by said definition, and generating at least one signature of the at least one scanning object; 
if the at least one signature matches a previously identified signature, determining whether or not the electronic file is malware based on an indication associated with the matching previously identified signature; and


2. (Canceled) 
 
3. (Previously Presented) The method according to claim 1, further comprising: 
sending a request to the second node for a determination of whether the at least one signature matches a previously identified signature, and receiving a determination result from the second node.
  
4. (Original) The method according to claim 3, wherein the indication from the second node of whether or not the electronic file is malware is received together with the determination result.  

5. (Previously Presented) The method according to claim 1, further comprising:  2Application No. 15/046,918; Confirmation No. 4074 
Reply to Office Action of March 27, 2018 retrieving, at the first node, relevant file information for the electronic file; transferring the retrieved relevant file information from the first node to the second node; receiving one or more instructions for generation of the at least one scanning of the electronic file from the second node at the first node; and setting the dynamic configuration on the basis of the received one or more instructions.  

6. (Original) The method according to claim 5, said relevant file information including one or more of file type/format, file size, file permissions, libraries used, file structure, file header, and file path.  

7. (Previously Presented) The method according to claim 5, said one or more instructions including at least one of an instruction on whether or not the at least one scanning object is to be generated for the electronic file and an instruction on how the at least one scanning object is to be generated for the electronic file.


8. (Previously Presented) The method according to claim 7, said instruction on how the at least one scanning object is to be generated for the identified electronic file including at least one of an indication of malware-susceptible data to be used and/or malware-insusceptible data to be neglected and an indication of type/format and/or structure and/or contents of the at least one scanning object to be generated. 
 
9. (Previously Presented) The method according to claim 1, wherein generating the at least one scanning object of the identified electronic file comprises at least one of: 
	picking, from the electronic file, malware-susceptible data of the electronic file, and creating a skeleton version of the electronic file by copying malware-susceptible data of the electronic file into the skeleton version and omitting malware-insusceptible data of the electronic file from the skeleton version.  

10. (Original) The method according to claim 1, wherein the electronic file to be scanned comprises a file of at least one of an Android Application Package (APK), a Portable Executable (PE), a Microsoft Soft Installer (MSI) or any other format capable of distributing and/or installing application software or middleware on a computer. 
 
11. (Original) The method according to claim 1, wherein
 the first node comprises a malware scanning agent, and 
the second node comprises a malware scanning engine or application. 
 
12. (Original) The method according to claim 1, performed at the first node.

13. (Currently Amended) An apparatus, comprising: 
a memory configured to store computer program code; and 
a processor configured to read and execute computer program code stored in the memory, 
wherein the processor is configured to cause the apparatus to perform: 
least one signature of the at least one scanning object; and 
if the at least one signature matches a previously identified signature, determining whether or not the electronic file is malware based on an indication associated with the matching previously identified signature; and
 if the at least one signature does not match a previously identified signature, sending the at least one scanning object from the first node to the second node for scanning and receiving at the first node a scanning result from the second node.
  
14. (Canceled)
  
15. (Currently Amended) The apparatus according to claim 13, wherein the processor is further configured to cause the apparatus to perform: 
sending a request to the second node for a determination of whether the at least one signature matches a previously identified signature, and receiving a determination result from the second node.  

16. (Original) The apparatus according to claim 15, wherein the indication from the second node of whether or not the electronic file is malware is received together with the determination result.

17. (Currently Amended) A non-transitory computer-readable medium, comprising instructions which, when executed on at least one processor, cause the at least one processor to:
 at a first node, generate at least one scanning object of the electronic file on the basis of a dynamic configuration provided to the first node of the network by a second least one signature of the at least one scanning object;
 if the at least one signature matches a previously identified signature, determine whether or not the electronic file is malware based on an indication associated with the matching previously identified signature; and 
if the at least one signature does not match a previously identified signature, send the at least one scanning object from the first node to the second node for scanning and receiving at the first node a scanning result from the second node.
  
18. (Previously Presented) The non-transitory computer-readable medium of claim 17, wherein the at least one processor is further caused to: 
send a request to the second node for a determination of whether the at least one signature matches a previously identified signature, and receive a determination result from the second node. 
 
19. (Previously Presented) The non-transitory computer-readable medium of claim 18, wherein the indication from the second node of whether or not the electronic file is malware is received together with the determination result. 
 
20. (Previously Presented) The non-transitory computer-readable medium of claim 17, wherein the at least one processor is further caused to:  5Application No. 15/046,918; Confirmation No. 4074 
Reply to Office Action of March 27, 2018 retrieving, at the first node, relevant file information for the electronic file; transferring the retrieved relevant file information from the first node to the second node; receiving one or more instructions for generation of the at least one scanning of the electronic file from the second node at the first node; and setting the dynamic configuration on the basis of the received one or more instructions.


 retrieving, at the first node, relevant file information for the electronic file; 
transferring the retrieved relevant file information from the first node to the second node;
 receiving one or more instructions for generation of the at least one scanning of the electronic file from the second node at the first node; and 
setting the dynamic configuration on the basis of the received one or more instructions. 
 
22. (Currently Amended) The apparatus according to claim 21, wherein said relevant file information including one or more of file type/format, file size, file permissions, libraries used, file structure, file header, and file path.


Allowable Subject Matter
Claims 1, 3-13 and 15-22 are allowed.
The following is an examiner’s statement of reasons for allowance:

The closest prior arts made of records are, Kim (WO 2014168408 A1 referred to as Kim) and Albrecht (U.S Pub No. 2001/0005889 A1, referred to as Albrecht). 

Kim discloses an invention which enables cloud-based malware diagnosis for an application and prevents the waste of resources and decrease in network speed during an upload process of an application file by partially uploading a specific partial file which is necessary to diagnose malware from among all of the files in the application when a new application for which malware diagnosis on a portable terminal has not been performed is discovered.

Albrecht discloses a method of scanning electronic files for computer viruses comprises identifying at a first node of a computer network , electronic files which require to be scanned for computer viruses.

However, regarding claims 1, 13 and 17, the prior art of Kim and Albrecht when taken in the context of the claim as a whole do not disclose nor suggest, “at a first node, generating at least one scanning object of the electronic file on the basis of a dynamic configuration provided to the first node of the network by a second node of the network, the dynamic configuration including a definition of malware-susceptible data of the electronic file, and the at least one scanning object being generated by using the malware-susceptible data of the electronic file and neglecting malware-insusceptible data of the electronic file”.

Claims 3-12 depend on claim 1, claims 15-16 and 21-22 depend on claim 13, and claims 18-20 depend on claim 17 and are of consequence allowed.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408.  The examiner can normally be reached on Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HASSAN SAADOUN/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435