DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 4, 11 and 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 4 recites the limitation: “sending the encrypted second file segment of the file to the another computing device downloading the encrypted second portion of the file…”. The limitation recites “sending the encrypted file segment…” and “downloading the encrypted second portion” and is not clear regarding the operation (sending or downloading) that is being performed. Claims 11 and 18 recite similar limitations and are similarly unclear. 
Claims 4, 11 and 18 recites the limitation: "the encrypted second portion of the file" in line 6.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 8-14 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter. Claim 8 is directed to a computer program product residing on a computer readable storage medium having a plurality of instructions stored thereon. The last 5 lines of paragraph [0067] of the pg-pub specification recites: “In the context of the present disclosure, a computer-usable or computer-readable, storage medium may be any tangible medium that can contain or store a program for use by or in connection with the instruction execution system, apparatus, or device.” The specification does not explicitly recite that the computer readable storage medium is not a transitory medium. Therefore, one of ordinary skill in the art can construe the computer readable storage medium of claim 8 to be a transitory medium which is non-statutory. Claims 9-14 depend on claim 8 and are non-statutory.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 2, 4, 5, 8, 9, 11, 12, 15, 16, 18 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20080295176 to Holostov et al (hereinafter Holostov) and US 20090288166 to Brown et al (hereinafter Brown).
As per claims 1 and 8, Holostov teaches:
A method comprising: 
receiving, by a computing device, a plurality of file segments of a file, the plurality of file segments being received individually by the computing device (Holostov: [0037] At block 402, gateway 104 connects with one of the client devices 102(a-n) and one of the servers 108(a-n). [0038]: If the file has not previously been requested ("no" to block 404), then the client device's request 110 for the portion of the content file 109 is transmitted to server 108a in block 406. [0039]: Next in block 408, the gateway 104 receives a next portion of the content file 109 from server 108a. In block 410, the gateway 104 stores the received portion in memory 124 and assembles the portion in sequential order into a block within an assembly file); 
scanning, by the computing device, a first file segment of the file to identify the presence of malware within the file segment (Holostov: [0039]: Then in block 412, the gateway 104 scans the block with the largest number of contiguous portions in the assembly file by comparing one or more portions against the virus signatures retrieved from the datastore 214. [0041]: In block 414, the gateway 104 determines if a virus was detected); 
and 
sending, by the computing device, the encrypted file segment of the file to another computing device before a second file segment of the file is received by the computing device (Holostov: [0041]: If a virus was not detected ("no" to block 414), the portions are disassembled from the assembly file in block 415 and fed as disassembled portions 116 (FIG. 1) to the client computer device 102a in the order that the portions were requested in request 110. The current portion (or portions) is sent to the client computer device 102a before all the portions are received by gateway 104).
Holostov does not teach: encrypting, by the computing device, the first file segment of the file to create an encrypted file segment in response to identification by the scan of the first file segment that malware is absent from the first file segment. Also, Holostov teaches sending a file segment to the client computer device but does not teach sending the encrypted file segment. However, Brown teaches:
(Brown: [0032] The scan assurance module 311 interacts with the block server module 303 to indicate that the blocks provided to the client have been scanned. Specifically, the scan assurance module 311 adds, to each block sent to the client 120, an indication of whether a malware scan has been performed on the application to which the block corresponds. [0033]: in one embodiment the server authentication module 312 encrypts a communications channel between the server 110 and the client 120 to ensure that the indication is not altered during transmission by a malicious intermediary; thus, the server 110 encrypts the block before transmitting it to the client);
sending, by the computing device, the encrypted file segment of the file to another computing device (Brown: [0033]: thus, the server 110 encrypts the block before transmitting it to the client).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Brown in the invention of Holostov to include the above limitations. The motivation to do so would be to assure a client 120 that the indication in a block provided by the scan assurance module 311 is trustworthy (Brown: [0033]).

As per claims 2 and 9, Holostov in view of Brown teaches:
(Holostov: [0021] After each portion is received, assembled, and the largest available portions of the assembly file 126 is scanned and if no viruses are detected, the last received portion is fed to client computing device 102a. [0024]: Assembly file 126 may be scanned after reception of each new portion is received. Further when the entire content file is stored in the assembly file 126, the entire file may be scanned to determine if a virus is present. [0041]: If all the portions of the content file have been received ("yes" to block 414), then the last received portion from server 108a is sent to client computer device 102a in block 418); and 
determining that the file is completely downloaded to the another computing device (Holostov: [0041]: If all the portions of the content file have been received ("yes" to block 414), then the last received portion from server 108a is sent to client computer device 102a in block 418).

As per claim 15, Holostov teaches:
A computing system comprising: 
a memory; and a processor coupled to the memory, and configured to: 
receive, by a computing device, a plurality of file segments of a file, the plurality of file segments being received individually by the computing device (Holostov: [0037] At block 402, gateway 104 connects with one of the client devices 102(a-n) and one of the servers 108(a-n). [0038]: If the file has not previously been requested ("no" to block 404), then the client device's request 110 for the portion of the content file 109 is transmitted to server 108a in block 406. [0039]: Next in block 408, the gateway 104 receives a next portion of the content file 109 from server 108a. In block 410, the gateway 104 stores the received portion in memory 124 and assembles the portion in sequential order into a block within an assembly file); 
scan, by the computing device, a first file segment of the file to identify the presence of malware within the file segment (Holostov: [0039]: Then in block 412, the gateway 104 scans the block with the largest number of contiguous portions in the assembly file by comparing one or more portions against the virus signatures retrieved from the datastore 214. [0041]: In block 414, the gateway 104 determines if a virus was detected); 
determine that the file is valid (Holostov: [0021] After each portion is received, assembled, and the largest available portions of the assembly file 126 is scanned and if no viruses are detected, the last received portion is fed to client computing device 102a. [0024]: Assembly file 126 may be scanned after reception of each new portion is received. Further when the entire content file is stored in the assembly file 126, the entire file may be scanned to determine if a virus is present); and 
send, by the computing device, the encrypted file segment of the file to another computing device before a second file segment of the file is received by the computing device in response to determining that the file is valid (Holostov: [0041]: If a virus was not detected ("no" to block 414), the portions are disassembled from the assembly file in block 415 and fed as disassembled portions 116 (FIG. 1) to the client computer device 102a in the order that the portions were requested in request 110. The current portion (or portions) is sent to the client computer device 102a before all the portions are received by gateway 104).
Holostov does not teach: encrypt, by the computing device, the first file segment of the file to create an encrypted file segment in response to identification by the scan of the first file segment that malware is absent from the first file segment. Also, Holostov teaches sending a file segment to the client computer device but does not teach sending the encrypted file segment. However, Brown teaches:
encrypt, by the computing device, the first file segment of the file to create an encrypted file segment in response to identification by the scan of the first file segment that malware is absent from the first file segment (Brown: [0032] The scan assurance module 311 interacts with the block server module 303 to indicate that the blocks provided to the client have been scanned. Specifically, the scan assurance module 311 adds, to each block sent to the client 120, an indication of whether a malware scan has been performed on the application to which the block corresponds. [0033]: in one embodiment the server authentication module 312 encrypts a communications channel between the server 110 and the client 120 to ensure that the indication is not altered during transmission by a malicious intermediary; thus, the server 110 encrypts the block before transmitting it to the client);
send, by the computing device, the encrypted file segment of the file to another computing device (Brown: [0033]: thus, the server 110 encrypts the block before transmitting it to the client).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Brown in the invention of Holostov to include the above limitations. The motivation to do so would be to assure a client 120 that the indication in a block provided by the scan assurance module 311 is trustworthy (Brown: [0033]).

As per claim 16, Holostov in view of Brown teaches:
The computing system of claim 15 wherein the processor is further configured to determine that the file is completely downloaded to the another computing device (Holostov: [0041]: If all the portions of the content file have been received ("yes" to block 414), then the last received portion from server 108a is sent to client computer device 102a in block 418).

As per claims 4, 11 and 18, Holostov in view of Brown teaches:
The method of claim 1 further comprising: receiving the second file segment of the file by the computing device (Holostov: [0039] Next in block 408, the gateway 104 receives a next portion of the content file 109 from server 108a. In block 410, the gateway 104 stores the received portion in memory 124 and assembles the portion in sequential order into a block within an assembly file. [0025]: Thus once portion 4 is received, portion 4 is assembled with portions 1-3, 6, 7, 9 and 10 in assembly file 126 to create a block having portions 1-4, a block having portions 6-7 and a block having portions 9-10. The largest block of contiguous portions, e.g. the block containing portions 1-4, is scanned to determine if a virus is present. [0026] Referring to FIG. 2b, portion 8 is received. Portion 8 is then assembled with portions 1-4, 6-7, and 9-10 in assembly file 126 to create a block having portions 1-4 and a block having portions 6-10. The largest block of contiguous portions, e.g. the block containing portions 6-10 (second file segment), is scanned to determine if a virus is present); 
encrypting the second file segment of the file to create an encrypted second file segment of the file (Brown: [0033] The server authentication module 312 applies cryptographic techniques to assure a client 120 that the indication in a block provided by the scan assurance module 311 is trustworthy. For example, in one embodiment the server authentication module 312 encrypts a communications channel between the server 110 and the client 120 to ensure that the indication is not altered during transmission by a malicious intermediary; thus, the server 110 encrypts the block before transmitting it to the client); and 
sending the encrypted second file segment of the file to the another computing device downloading the encrypted second portion of the file before a third file segment of the file is received by the computing device (Brown: [0033]: thus, the server 110 encrypts the block before transmitting it to the client. [0041]: If a virus was not detected ("no" to block 414), the portions are disassembled from the assembly file in block 415 and fed as disassembled portions 116 (FIG. 1) to the client computer device 102a in the order that the portions were requested in request 110. The current portion (or portions) is sent to the client computer device 102a before all the portions are received by gateway 104).

As per claims 5, 12 and 19, Holostov in view of Brown teaches:
The method of claim 4 further comprising scanning the second file segment of the file to determine validity of the second file segment of the file (Holostov: [0026] Referring to FIG. 2b, portion 8 is received. Portion 8 is then assembled with portions 1-4, 6-7, and 9-10 in assembly file 126 to create a block having portions 1-4 and a block having portions 6-10. The largest block of contiguous portions, e.g. the block containing portions 6-10 (second file segment), is scanned to determine if a virus is present).

Claims 3, 6, 10, 13, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Holostov in view of Brown as applied to claims 1, 8 and 15 above, and further in view of US 8635441 to Frenkel et al (hereinafter Frenkel).
As per claims 3, 10 and 17, Holostov in view of Brown does not teach: sending the another computing device information to decrypt at least the encrypted file segment of the file in response to determining that each segment of the file is valid and in response to determining that the each segment of the file is completely downloaded to the another computing device. However, Frenkel teaches:
further comprising sending the another computing device information to decrypt at least the encrypted file segment of the file in response to determining that each segment of the file is valid and in response to determining that the each segment of the file is completely downloaded to the another computing device (Frenkel: column 7, lines 24-54: After encrypting the data packet, gateway 24 encapsulates the encrypted packet inside another packet for transmission over network 22 to receiver 30, at an encapsulation step 44. The gateway also transmits the decryption key to the receiver. The key may be transmitted separately, either before or after transmission of the encrypted packet. The gateway may wait for a predetermined delay, which is typically known to the gateway and receiver 30, between transmission of the packet and the key. Column 9, lines 7-20 and 32-35: Gateway 52 sends the encrypted data over link 54 to destination computer 58. To reduce transmission latency and memory requirements at gateway 52, the gateway may begin to encrypt and transmit the data as soon as it starts to receive the data stream from server 56).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Frenkel in the invention of Holostov in view of Brown to include the above limitations. The motivation to do so would be to protect a network (including computers on the network) from malicious data transmissions (Frenkel: column 1, lines 33-35).

As per claims 6 and 13, Holostov in view of Brown does not teach: further comprising at least one of: sending the another computing device information to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is valid; and preventing the information from being sent to the another computing device to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is invalid. However, Frenkel teaches:
further comprising at least one of: sending the another computing device information to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is valid; and preventing the information from being sent to the another computing device to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is invalid (Frenkel: column 7, lines 24-54: After encrypting the data packet, gateway 24 encapsulates the encrypted packet inside another packet for transmission over network 22 to receiver 30, at an encapsulation step 44. The gateway also transmits the decryption key to the receiver. The key may be transmitted separately, either before or after transmission of the encrypted packet. The gateway may wait for a predetermined delay, which is typically known to the gateway and receiver 30, between transmission of the packet and the key. Column 9, lines 7-20 and 32-35: Gateway 52 sends the encrypted data over link 54 to destination computer 58. To reduce transmission latency and memory requirements at gateway 52, the gateway may begin to encrypt and transmit the data as soon as it starts to receive the data stream from server 56).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Frenkel in the invention of Holostov in view of Brown to include the above limitations. The motivation to do so would be to protect a network (including computers on the network) from malicious data transmissions (Frenkel: column 1, lines 33-35).

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Holostov in view of Brown and Frenkel as applied to claims 6 and 13 above, and further in view of US 9027143 to Agrawal et al (hereinafter Agrawal).
As per claims 7 and 14, Holostov in view of Brown and Frenkel does not teach: wherein the information to decrypt the encrypted file segment of the file is different than the information to decrypt the encrypted second file segment of the file. However, Agrawal teaches: 
wherein the information to decrypt the encrypted file segment of the file is different than the information to decrypt the encrypted second file segment of the file (Agrawal: column 8, lines 60-67: the encrypted content 162 that is provided to the client system by content distributor 152 may include multiple distinct portions of content (e.g., distinct groups of one or more blocks). In various embodiments, one portion of the content may be decrypted with a first key and a second portion of the content may be decrypted with a second key).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Agrawal in the invention of Holostov in view of Brown and Frenkel to include the above limitations. The motivation to do so would be to ensure that decryption of the encrypted content may occur only if multiple components (e.g., the digital rights management component and the received authentication component) authenticate the runtime component (Agrawal: column 2, lines 1-7).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Holostov in view of Brown as applied to claim 29 above, and further in view of Frenkel and Agrawal.
As per claim 20, Holostov in view of Brown does not teach: wherein the processor is further configured to cause at least one of: sending the another computing device information to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is valid, wherein the information to decrypt the encrypted file segment of the file is different than the information to decrypt the encrypted second file segment of the file; and preventing the information from being sent to the another computing device to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is invalid. However, Frenkel teaches:
wherein the processor is further configured to cause at least one of: sending the another computing device information to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is valid; and preventing the information from being sent to the another computing device to decrypt the encrypted second file segment of the file in response to determining that the second file segment of the file is invalid (Frenkel: column 7, lines 24-54: After encrypting the data packet, gateway 24 encapsulates the encrypted packet inside another packet for transmission over network 22 to receiver 30, at an encapsulation step 44. The gateway also transmits the decryption key to the receiver. The key may be transmitted separately, either before or after transmission of the encrypted packet. The gateway may wait for a predetermined delay, which is typically known to the gateway and receiver 30, between transmission of the packet and the key. Column 9, lines 7-20 and 32-35: Gateway 52 sends the encrypted data over link 54 to destination computer 58. To reduce transmission latency and memory requirements at gateway 52, the gateway may begin to encrypt and transmit the data as soon as it starts to receive the data stream from server 56).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Frenkel in the invention of Holostov in view of Brown to include the above limitations. The motivation to do so would be to protect a network (including computers on the network) from malicious data transmissions (Frenkel: column 1, lines 33-35).
And, Agrawal teaches:
wherein the information to decrypt the encrypted file segment of the file is different than the information to decrypt the encrypted second file segment of the file (Agrawal: column 8, lines 60-67: the encrypted content 162 that is provided to the client system by content distributor 152 may include multiple distinct portions of content (e.g., distinct groups of one or more blocks). In various embodiments, one portion of the content may be decrypted with a first key and a second portion of the content may be decrypted with a second key).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Agrawal in the invention of Holostov in view of Brown and Frenkel to include the above limitations. The motivation to do so would be to ensure that decryption of the encrypted content may occur only if multiple components (e.g., the digital rights management component and the received authentication component) authenticate the runtime component (Agrawal: column 2, lines 1-7).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 8353037 to Franklin et al: A method and system for mitigating a propagation of a file that includes malicious code. Segments of the file are determined by a series of sizes determined by a function f. Signatures identifying segments of the file are determined by applying a hash function to each segment. A complete match between the file and a malicious file is determined by determining a first match between signature(s) identifying a first set of segment(s) of the file and signature(s) identifying corresponding segment(s) of the malicious file and by determining a second match between a signature identifying a final segment of the file and a signature identifying a last segment of the malicious file. Responsive to determining the complete match, the file is identified as the malicious file and a transfer of the final segment of the file is interdicted.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359.  The examiner can normally be reached on 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438