Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
2.	EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019.
3.	This communication is in response to Applicant’s amendment filed on 23 November 2020. The Examiner performed compact prosecution and proposed suggestions to the Applicant by incorporating the subject matter recited in dependent claims 3 and 4 into all independent claims to overcome the prior art of record, amend claim 15 to recite "when executed by a processor", and file a terminal disclaimer to overcome the previous double patenting rejection. The proposal was accepted and authorization was given for an Examiner’s Amendment on 25 February 2021. 
4.	Claims 17-20 have been added.  Claims 1-3, 12, and 15-16 have been amended. After the Examiner’s amendment was performed, claim 4 has been cancelled. Claims 1-3 and 5-20 remain pending. 

Terminal Disclaimer
5.	The terminal disclaimer filed on 26 January 2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of prior patent numbers 10,326,781, 9,560,056, 9,203,853 and 8,769,678 have been reviewed and is accepted.  The terminal disclaimer has been recorded.

Response to Arguments
6.	In response to Applicant’s arguments, as disclosed in the remarks, filed
on 23 November 2020, with respect to the prior art not expressly disclosing two separate devices, such as the Applicant’s gateway device and data center device that work cooperatively to initiate an evaluation associated with a request because the gateway can only perform various functions have been fully considered and are persuasive in view of applicant's arguments, see for example pages 9-12. Therefore, the 35 U.S.C. 102/103 rejection in view of Marinescu et al. and Fielding et al. for claims 1-16 has been withdrawn in addition to incorporating the features disclosed in dependent claims 3 and 4 into all independent claims placed the application in better condition for an allowance.

EXAMINER’S AMENDMENT
7.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Agent Robert J. Rapp, Reg. No. 65, 977 on 08 February 2021.
The application has been amended as follows: 
Please amend the following claims:
Claim 1. (Currently Amended) A method for blocking content from reaching computing devices in a computer network, the method comprising:

evaluating information associated with the request while the gateway device forwards a first portion of the requested data to the client device, the evaluation performed in accordance with a policy for blocking a specified content type from the computing devices in the computer network, wherein the evaluation includes:
receiving an initial portion of the requested data, the initial portion including one or more data packets,
scanning the received data packets with a deep packet inspection (DPI) scanner, and 
identifying that the scanned data packets include malware based on the DPI scanning; and
providing an evaluation result that indicates that the requested data corresponds to the content type specified by the policy, wherein at least one portion of the requested data is blocked from being sent to the client device based on the malware corresponding to the content type in accordance with the policy.

Claim 2. (Currently Amended) The method of claim 1, wherein the evaluation result is provided to the gateway device, and the gateway device blocks the at least one portion of the requested data from being sent to the client device. 
the initial portion of the requested data before the evaluation result causes the at least one portion to be blocked.  

Claim 4. (Cancelled) 

Claim 5. (Original) The method of claim 1, wherein evaluating the information associated with the request includes:
accessing a content rating database that stores information regarding the specified content type subject to blocking in accordance with the policy; and
identifying that a content rating in the content rating database corresponds to the information associated with the request and that the identified content rating matches the specified content type.

Claim 6. (Currently Amended) The method of claim 5, wherein the information associated with the request includes at least one of a uniform resource locator (URL), an internet protocol (IP) address, or a host name of the external source, and the identified content rating in the content database corresponds to the information associated with the request.

Claim 7. (Original) The method of claim 1, further comprising receiving security information from a security service provider, wherein evaluating the information associated with the request is based on the received security information. 


Claim 9. (Original) The method of claim 1, wherein evaluating the information associated with the request is based on information sent from the gateway device.

Claim 10. (Original) The method of claim 9, wherein the information sent from the gateway device includes an identification of the requested data. 

Claim 11. (Original) The method of claim 10, wherein the identification of the requested data corresponds to a file type. 

Claim 12. (Previously Presented) The method of claim 9, wherein the identification of the requested data does not indicate that the requested data corresponds to the content type specified by the policy.

Claim 13. (Original) The method of claim 9, wherein the information sent from the gateway device includes a partial hash of the requested data.

Claim 14. (Original) The method of claim 1, wherein evaluating the information associated with the request includes pattern matching to predetermined patterns associated with the content type specified by the policy.

that when executed by a processor [[that]] performs a method for blocking undesired content from reaching computing devices in a computer network, the method comprising:
receiving a request at a data center device concerning access by a client device to data from a source external to the computer network, the request having been forwarded to the data center device from a gateway device, wherein the gateway device begins receiving the requested data while the data center device initiates an evaluation associated with the request;
evaluating information associated with the request while the gateway device forwards a first portion of the requested data to the client device, the evaluation performed in accordance with a policy for blocking a specified content type from the computing devices in the computer network, wherein the evaluation includes:
receiving an initial portion of the requested data, the initial portion including one or more data packets,
scanning the received data packets with a deep packet inspection (DPI) scanner, and 
identifying that the scanned data packets include malware based on the DPI scanning; and
providing an evaluation result that indicates that the requested data corresponds to the content type specified by the policy, wherein at least one portion of the requested data is blocked from being sent to the client device based on the malware corresponding to the content type in accordance with the policy.

memory that stores a policy for blocking a specified content type from the computing devices in the computer network;
a communication interface that receives a request concerning access by a client device to data from a source external to the computer network, the request having been forwarded from a gateway device, wherein the gateway device begins receiving the requested data while the data center device initiates an evaluation associated with the request; and
a processor that executes instructions stored in memory, wherein execution of the instructions by the processor:
evaluates information associated with the request while the gateway device forwards a first portion of the requested data to the client device, the evaluation performed in accordance with the policy, the evaluation including the steps of:
receiving an initial portion of the requested data, the initial portion including one or more data packets,
scanning the received data packets with a deep packet inspection (DPI) scanner, and 
identifying that the scanned data packets include malware based on the DPI scanning; and
provides an evaluation result that indicates that the requested data corresponds to the content type specified by the policy, wherein at least one 

Claim 17. (Currently Amended) The apparatus of claim 16, further comprising a database that stores content ratings, including the steps of , wherein [[and]] the evaluation result includes the content rating.

Claim 18. (Currently Amended) The apparatus of claim 16, further comprising a database that stores signatures, wherein the processor executes instructions out of the memory to generate a signature and identify that the generated signature matches a signature 

Claim 19. (Currently Amended) The apparatus of claim 18, wherein the signature is generated by the deep packet inspection (DPI) scanner. 

Claim 20. (Previously Presented) The apparatus of claim 18, wherein additional signatures to store at the signature database are received via the communication interface and the processor executes further instructions to store the additional signatures at the signature database.



Allowable Subject Matter
8.	Claims 1-3 and 5-20 are allowed.
9.	The following is an examiner’s statement of reasons for allowance: The present invention is directed towards a method and system for providing cloud-based gateway security scanning. Claims 1, 15, and 16 identifies the uniquely distinct features “evaluating information associated with the request while the gateway device forwards a first portion of the requested data to the client device, the evaluation performed in accordance with a policy for blocking a specified content type from the computing devices in the computer network, wherein the evaluation includes: receiving an initial portion of the requested data, the initial portion including one or more data packets, scanning the received data packets with a deep packet inspection (DPI) scanner, and identifying that the scanned data packets include malware based on the DPI scanning; and providing an evaluation result that indicates that the requested data corresponds to the content type specified by the policy, wherein at least one portion of the requested data is blocked from being sent to the client device based on the malware corresponding to the content type in accordance with the policy”.
The closest prior art, Marinescu et al. (Pub No. 2006/0224724) discloses in accordance with the present invention, a system, method, and computer-readable medium for identifying malware at a network transit point such as a computer that serves as a gateway to an internal or private network is provided.  A network transmission is scanned for malware at a network transit point without introducing additional latency to the transmission of data over the network.  In accordance with one 
transmission are scanned for malware by an antivirus engine.  If malware is identified in the transmission, the target computer is notified that the transmission contains malware. 
However, either singularly or in combination, Marinescu et al. fail to anticipate or render obvious the claimed limitations of evaluating information associated with the request while the gateway device forwards a first portion of the requested data to the client device, the evaluation performed in accordance with a policy for blocking a specified content type from the computing devices in the computer network, wherein the evaluation includes: receiving an initial portion of the requested data, the initial portion including one or more data packets, scanning the received data packets with a deep packet inspection (DPI) scanner, and identifying that the scanned data packets include malware based on the DPI scanning; and providing an evaluation result that indicates that the requested data corresponds to the content type specified by the policy, wherein at least one portion of the requested data is blocked from being sent to the client device based on the malware corresponding to the content type in accordance with the policy.
The closest prior art, De Spiegeleer (Pub No. 2007/0150948) discloses a method and system for performing securing and controlling of a network using content identification of files in a network having a central infrastructure and local computing devices is presented.  The method comprises calculating a hash value of a new file created or received on a local computing device, transmitting the hash value to the 
	However, either singularly or in combination, De Spiegeleer fail to anticipate or render obvious the claimed limitations of evaluating information associated with the request while the gateway device forwards a first portion of the requested data to the client device, the evaluation performed in accordance with a policy for blocking a specified content type from the computing devices in the computer network, wherein the evaluation includes: receiving an initial portion of the requested data, the initial portion including one or more data packets, scanning the received data packets with a deep packet inspection (DPI) scanner, and identifying that the scanned data packets include malware based on the DPI scanning; and providing an evaluation result that indicates that the requested data corresponds to the content type specified by the policy, wherein at least one portion of the requested data is blocked from being sent to the client device based on the malware corresponding to the content type in accordance with the policy.
10.	Therefore, claims 1, 15, and 16 and the respective dependent claims 2-3, 5-14, and 17-20 are in condition for allowance.

Conclusion
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871.  The examiner can normally be reached on IFP M-F 8am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/COURTNEY D FIELDS/Examiner, Art Unit 2436                                                                                                                                                                                                        February 27, 2021

/KENDALL DOLLY/Primary Examiner, Art Unit 2436