DETAILED ACTION
This action is responsive to application filed on 03/18/2020. Claims 1-20 are pending and being considered. Claims 1, 10 and 17 are independent. Thus, claims 1-20 are rejected.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Abstract
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc. In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.

The abstract of the disclosure is objected to because the abstract recites phrases, “The disclosed computer-implemented method….” and later “… computer disclosed.” which should be avoided.  Correction is required.  See MPEP § 608.01(b).

Claim Rejections - 35 U.S.C. 102 

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) The claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 7-8, 10, 15-17 and 20 are rejected under 35 U.S.C. 102(a) (2) as being anticipated by Ramakrishnappa; Dhananjay et al. (US 2020/0110892 A1; Filed on Oct. 8, 2018), hereinafter (Rama):

Regarding claim 1, Rama teaches a computer-implemented method for protecting a folder from unauthorized file modification (Rama, Para. [0101], discloses a computer implemented method, and as disclosed in Para. [0056], wherein ), at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising (Rama, Para. [0102], discloses to receive, at a server kernel, a request, from a calling process to perform an operation on data stored on a data storage device, and/or as disclosed in Para. [0103], intercepting, with the server kernel, the request before the request is executed, and as disclosed in Para. [0034], wherein the server kernel includes one or more processors 166): 
receiving, from a remote device, a modify request for a target file in a folder (Rama, Fig. 2 and Para. [0035-0036], discloses that a requesting (or calling) process/user 150 (associated with a user device, as depicted in Fig. 1) may generate I/O request as a file modification request of any type (e.g., a request that would perform any modification on the data (file) for which access is being requested). Further discloses to identify the target volume (protected volume 158, Fig. 2) where the data (file) to be manipulated is stored); 
determining whether the folder is a protected folder (Rama, Para. [0038], discloses to determine whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside); 
determining, in response to determining the folder is the protected folder, whether the remote device is a trusted host (Rama, Para. [0038], discloses to determine whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside. If so, then process/user identification logic 185 parses request ); and 
allowing, in response to determining that the remote device is the trusted host, the modify request for the target file (Rama, Para. [0038], discloses a whitelist accessing logic 184 that accesses whitelist 162 and whitelist comparison logic 186 that determines whether the calling process/user 150 (associated with a user device, as depicted in Fig. 1) is on the whitelist (or is authorized to perform a data manipulation or modification operation in protected volume 158, based upon the entries in whitelist 162), and as disclosed in Para. [0056], if the requesting process/user (associated with a user device, as depicted in Fig. 1) is authorized by the whitelist, then the processing continues at block 238 (as illustrated in Fig. 4) where the request is passed on for further execution).  

Regarding claim 7, Rama teaches the method of claim 1, wherein Rama further teaches receiving the modify request further comprises intercepting, by a minifilter, the modify request (Rama, Para. [0044], discloses a filter manager logic 212 illustratively receives the I/O request 170 and provides it for operation by minifilter drivers 214-216, and/or as disclosed and shown in FIG. 3, minifilter drivers 214-216 can be provided to determine whether the I/O request 152 is a data manipulation (or data modification) request).  

Regarding claim 8, Rama teaches the method of claim 7, wherein Rama further teaches the minifilter communicates with a lockdown server to determine whether the remote device is the trusted host (Rama, Para. [0045], discloses that ).  

Regarding claim 10, Rama teaches a system for protecting a folder from unauthorized file modification, the system comprising (Rama, Fig. 2 and associated Para. [0033], discloses a server kernel processing system 156 that processes the I/O request 152 and, if authorized, accesses data in one of the data storage devices (e.g., data storage device 142). The data can be stored in a file system or in another data volume as indicated by block 158. The data to be accessed can include sensitive customer data 160, whitelist 162, or a wide variety of other data 164): 
a receive module, stored in memory, for receiving, from a remote device, a modify request for a target file in a folder (Rama, Fig. 2 and associated Para. [0034], discloses that the server kernel processing system 156 illustratively includes data accessing logic 168, I/O manager 170, etc. Wherein the data accessing logic 168 can include I/O call type identifier logic 174, and as disclosed in Para. [0035-0036], the requesting (or calling) process/user 150 may generate I/O request 152 as a file open request, a file write request, a read request, a file create request, a file delete request or ); 
a folder module, stored in the memory, for determining whether the folder is a protected folder (Rama, Fig. 2 and associated Para. [0034 and 0038], discloses a target volume identifier logic 182 (stored within server kernel processing system 156) that determines whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside); 
a host validation module, stored in the memory, for determining, in response to determining the folder is the protected folder, whether the remote device is a trusted host (Rama, Fig. 2 and associated Para. [0034 and 0038], discloses a target volume identifier logic 182 (stored within server kernel processing system 156) that determines whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside. If so, then process/user identification logic 185 (stored within server kernel processing system 156) parses request 152 to identify the calling process and/or user 150); 
a modify module, stored in the memory, for allowing, in response to determining that the remote device is the trusted host, the modify request for the target file (Rama, Fig. 2 and associated Para. [0034 and 0038], discloses a whitelist comparison logic 186 (stored within server kernel processing system 156) that determines whether the calling process/user 150 is on the whitelist (or is authorized to perform a data manipulation or modification operation in protected volume 158, based upon the entries in whitelist 162)); and 
at least one physical processor that executes the receive module, the folder module, the host validation module, and the modify module (Rama, Fig. 2 and associated Para. [0034], discloses that the server kernel processing system 156 illustratively includes one or more processors 166, data accessing logic 168, I/O manager 170, and it can include a wide variety of other kernel functionality 172. Data accessing logic 168 can include I/O call type identifier logic 174, call interception logic 176, call blocking logic 178, and it can include other items 180. In the example illustrated, call interception logic 176 illustratively includes target volume identifier logic 182, target analysis logic 183 (which, itself, includes whitelist accessing logic 184, process/user identification logic 185, and whitelist comparison logic 186) and it can include a wide variety of other items 188. (herein, the I/O manager logic 170, target volume identifier logic 182, process/user identification logic 185 and whitelist comparison logic 186 represents claimed receive module, folder module, host validation module and modify module, respectively)).

Regarding claim 15, Rama teaches the system of claim 10, further comprising a minifilter, wherein Rama further teaches receiving the modify request further comprises intercepting, by the minifilter, the modify request (Rama, Para. [0044], discloses a filter manager logic 212 illustratively receives the I/O request 170 and provides it for operation by minifilter drivers 214-216, and/or as disclosed and shown in FIG. 3, minifilter drivers 214-216 can be provided to determine whether the I/O request 152 is a data manipulation (or data modification) request).  

Regarding claim 16, Rama teaches the system of claim 15, wherein Rama further teaches the minifilter communicates with a lockdown server to determine whether the remote device is the trusted host (Rama, Para. [0045], discloses that the minifilter driver (either the same one or a different one) can then determine whether the target of the data manipulation request is the master boot record 192, or a protected volume 158 […]. If the target is a protected volume 158, then one or more minifilter drivers can parse the I/O request 152 to identify the calling process and/or user (associated with a user device, as depicted in Fig. 1), access whitelist 162 and determine whether the calling process/user (associated with a user device, as depicted in Fig. 1) is authorized based on the entries in whitelist 162, and as disclosed in Para. [0039], wherein the whitelist 162 can be stored separately from customer data (i.e., on a server)).

Regarding claim 17, Rama teaches a non-transitory computer-readable medium comprising one or more computer- executable instructions that, when executed by at least one processor of a computing device, cause the computing device to (Rama, Para. [0071], discloses a Computer readable media that … that can be accessed by computer 810… and is different from, and does not include, a ): 
receive, from a remote device, a modify request for a target file in a folder (Rama, Fig. 2 and Para. [0035-0036], discloses that a requesting (or calling) process/user 150 (associated with a user device, as depicted in Fig. 1) may generate I/O request as a file modification request of any type (e.g., a request that would perform any modification on the data (file) for which access is being requested). Further discloses to identify the target volume (protected volume 158, Fig. 2) where the data (file) to be manipulated is stored); 
determine whether the folder is a protected folder (Rama, Para. [0038], discloses to determine whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside); 
determine, in response to determining the folder is the protected folder, whether the remote device is a trusted host (Rama, Para. [0038], discloses to determine whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside. If so, then process/user identification logic 185 parses request 152 to identify the calling process and/or user 150 (associated with a user device, as depicted in Fig. 1)); and 
allow, in response to determining that the remote device is the trusted host, the modify request for the target file (Rama, Para. [0038], discloses a whitelist accessing logic 184 that accesses whitelist 162 and whitelist comparison logic 186 that determines whether the calling process/user 150 (associated with a user device, as depicted in Fig. 1) is on the whitelist (or is authorized to perform a data manipulation or modification operation in protected volume 158, based upon the entries in whitelist 162), and as disclosed in Para. [0056], if the requesting process/user (associated with a user device, as depicted in Fig. 1) is authorized by the whitelist, then the processing continues at block 238 (as illustrated in Fig. 4) where the request is passed on for further execution).  

Regarding claim 20, Rama teaches the non-transitory computer-readable medium of claim 17, wherein Rama further teaches receiving the modify request further comprises intercepting, by a minifilter, the modify request (Rama, Para. [0044], discloses a filter manager logic 212 illustratively receives the I/O request 170 and provides it for operation by minifilter drivers 214-216, and/or as disclosed and shown in FIG. 3, minifilter drivers 214-216 can be provided to determine whether the I/O request 152 is a data manipulation (or data modification) request).

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-4, 11-13 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ramakrishnappa; Dhananjay et al. (US 2020/0110892 A1; Filed on Oct. 8, 2018), hereinafter (Rama), in view of NISHIDE, TAKASHI et al. (JP 2008/085448 A; Published on April, 10, 2008), hereinafter (Nishide), and further in view of Dhuse; Greg R. et al. (US 2018/0349223 A1; Filed on June 1, 2017), hereinafter (Dhuse).

Regarding claim 2, Rama teaches the method of claim 1, wherein Rama further teaches the remote device sends the modify request in response to (Rama, Fig. 2 and associated Para. [0035], discloses that the requesting (or calling) process/user 150 (associated with user device, as shown in Fig. 1) may generate I/O requests 152 as a file open request, a file write request, a read request, a file create ): 
However Rama fails to explicitly disclose but Nishide teaches detecting the modify request from a process on the remote device (Nishide, PDF Page 3 (Second Paragraph), discloses a client computer 1 includes an arbitrary application 11 such as a document creation program, a filter driver (file access control program) 12 and an operating system (OS) 13, and as disclosed in PDF Page 4 (Second Paragraph), an outline of shared encrypted file access processing by the filter driver 12. First, in response to an access request (read request or write request) for a shared encrypted file from the application 11, the access request is temporarily captured);
determining whether the target file is in the protected folder (Nishide, PDF Page 4 (Third Paragraph), discloses the shared encryption folder (for example, 31a) in which the shared encryption file of the access request destination is stored is accessed); 
determining, in response to determining that the target file is in the protected folder, whether the process is an authorized process (Nishide, PDF Page 4 (Third Paragraph), discloses the shared encryption folder (for example, 31a) in which the shared encryption file of the access request destination is stored is accessed, and the encryption marker file 31aa created corresponding to the shared encryption folder 31a exists. If it exists, the key ID used for encryption / decryption of the shared encryption file in the shared encryption folder 31a is obtained from the encryption marker file 31aa (step 508), and the key ID It is determined whether a matching key ID exists in the key list 14); and 
Nishide, PDF Page 4 (Third Paragraph), discloses that if the key ID obtained from the encryption marker file 31aa matches with the key ID in the key list 14).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nishide’ into the teachings of ‘Rama’, with a motivation to determine, in response to determining that the target file is in the protected folder, whether the process is an authorized process, as taught by Nishide, based on assigned key (ID) to each shared encryption folder and all files stored under the shared encryption folder are encrypted with the key (ID), in order to share encrypted files to a plurality of (authenticated) clients without troublesome; Nishide, PDF Page 1 (Abstract).
However Rama as modified by Nishide fails to explicitly disclose but Dhuse teaches sending, in response to determining that the process is the authorized process, the modify request (Dhuse, Para. [0069], discloses when the operation is valid […], the computing device B executes the ensure operation (e.g., by sending finalize write requests to the set of storage units) to update data object B).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Dhuse’ into the teachings of ‘Rama’ as modified by ‘Nishide’, with a motivation for sending, in response to determining that the process is the authorized process, the modify request, as taught by Dhuse, in order to update data object; Dhuse, Para. [0069].

3, Rama as modified by Nishide in view of Dhuse teaches the method of claim 2, wherein Rama further teaches determining whether the target file is in the protected folder further comprises (Rama, Abstract, determines whether the request is for a target volume that is within a first or second protected volume): 
However Rama fails to explicitly disclose but Nishide teaches determining whether the folder includes a marker file; and determining, in response to determining the folder includes the marker file, that the folder is the protected folder (Nishide, PDF Page 4 (First Paragraph), discloses that the filter driver 12 checks the presence of the encryption marker file of the shared encryption folder 31a, and as also disclosed in PDF Page 4 (Third Paragraph), wherein the encryption marker file 31a created corresponding to the shared encryption folder 31a exists).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nishide’ into the teachings of ‘Rama’, with a motivation for determining that the folder is the protected folder, as taught by Nishide, based on a marker file indicating that it is an encryption folder, wherein the marker file created under the folder describes an identifier for uniquely identifying the key used for encryption, in order to share encrypted files to a plurality of (authenticated) clients without troublesome; Nishide, PDF Page 1 (Abstract).

Regarding claim 4, Rama as modified by Nishide in view of Dhuse teaches the method of claim 2, wherein Rama fails to explicitly disclose but Nishide teaches detecting the modify request comprises intercepting, by a minifilter of the remote device, the modify request (Nishide, PDF Page 3 (Second Paragraph), discloses a , or see also PDF Page 4 (Second Paragraph), wherein FIG. 5 is a flowchart showing an outline of shared encrypted file access processing by the filter driver 12 (within client computer 1). First, in response to an access request (read request or write request) for a shared encrypted file from the application 11 (within client computer 1), the access request is temporarily captured (by the filter driver 12)).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nishide’ into the teachings of ‘Rama’, with a motivation to provide a filter driver for temporarily capturing the access request, in order to verify the presence of the encryption marker file within the shared encryption folder; Nishide, PDF Page 3 (Last Paragraph) and PDF Page 4 (First Paragraph).

Regarding claims 11-13, the claims are drawn to the system corresponding to the method of using same as claimed in claims 2-4, respectively. Therefore, the rejection(s) set forth above with respect to the method claims 2-4 is equally applicable to the claims 11-13 of the system, respectively.

Regarding claims 18 and 19, the claims are drawn to the non-transitory computer-readable medium corresponding to the method of using same as claimed in claims 2 and 4, respectively. Therefore, the rejection(s) set forth above with respect to .

Claims 5, 9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Ramakrishnappa; Dhananjay et al. (US 2020/0110892 A1; Filed on Oct. 8, 2018), hereinafter (Rama), in view of Little; Matthew J. et al. (US 2020/0302074 A1; Filed on March 22, 2019), hereinafter (Little).

Regarding claim 5, Rama teaches the method of claim 1, wherein Rama fails to explicitly disclose but Little teaches the modify request includes a network address of the remote device (Little, Para. [0036], discloses to perform the requested file access operation (e.g., delete, open, read, write, and/or rename) on the file, and as disclosed in Para. [0060-0061], the file access requests can be initiated by the users using client machines and can include or be supplemented to include information such as an IP address and geographical location of the access (client machine), time of the access, a user identifier of the accessor or user, the name of the file attempting to be accessed, and/or the likes) and determining whether the remote device is the trusted host is based on the network address (Little, Para. [0064], discloses that the observed data can include a current location of the user as determined based on an IP address contained in the file access request and a status indicative of whether the connection through which the user initiated the file access request is trusted or untrusted, and/or see also Fig. 3 and associated Para. [0070], wherein, at block 306, the permission server can cause the file access control module of the client machine to permit access to the file by returning a decryption key for the file by determining a risk ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Little’ into the teachings of ‘Rama’, with a motivation to determine, based on the network address of the remote device, whether the remote device is the trusted host, as taught by Little, in order to prevent access to data (files) without an on-access validation of a user's rights to access the data file; Little, Para. [0017].

Regarding claim 9, Rama teaches the method of claim 1, wherein Rama fails to explicitly disclose but Little teaches determining whether the remote device is the trusted host further comprises confirming, by contacting the remote device, the modify request (Little, Para. [0062], a permission engine 210 (within Management server 102, as depicted in Fig. 2) can receive a file access request (e.g., perform a file operation, such as delete, open, read, write, and/or rename, as disclosed in Para. [0067]) initiated by a user, which can relate to a file stored within the enterprise network in encrypted form. The encrypted form can include the file being wrapped within a cryptographic wrapper in order to prevent direct access to the file without a proper on-access validation process having been performed by the file access control module, involving validating the file access request by the file access control module via management server 102 (or one or more of management server 102, permission server 104 and analytics server 106) explicit permission is provided for authenticated access. ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Little’ into the teachings of ‘Rama’, with a motivation to confirm the modify request by contacting the remote device, as taught by Little, by performing an on-access validation process to seek confirmation or denial of the user's rights to perform the requested file access request (e.g., perform a file operation, such as delete, open, read, write, and/or rename) on the file; Little, Para. [0036].

Regarding claim 14, the claim is drawn to the system corresponding to the method of using same as claimed in claim 5. Therefore, the rejection set forth above with respect to the method claim 5 is equally applicable to the claim 14 of the system.

Claim(s) 6 is rejected under 35 U.S.C. 103 as being unpatentable over Ramakrishnappa; Dhananjay et al. (US 2020/0110892 A1; Filed on Oct. 8, 2018), hereinafter (Rama), in view of Nenov; Dejan et al. (US 10,181,948 B1; Filed on Jan. 25, 2018), hereinafter (Nenov).

Regarding claim 6, Rama teaches the method of claim 1, wherein Rama fails to explicitly disclose but Nenov teaches the modify request includes a hash of a key maintained by a lockdown server and determining whether the remote device is the trusted host is based on recognizing the hash (Nenov, Fig. 3 and associated Col. 10 (Lines 11-45, discloses to receive hash values for specified data ( e . g . a particular system file , library , user data file , configuration file , firmware , or other such ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nenov’ into the teachings of ‘Rama’, with a motivation to determine, based on recognizing the hash maintained by a lockdown server, whether the remote device is the trusted host, as taught by Nenov, in order to safely exchange data with the device, execute or process data from the device if the hashes do match, and/or perform mitigation actions, such as preventing communications from said devices from being transmitted off the LAN or between the device and other devices on the LAN if the hashes do not match; Nenov, Col. 5 (Lines 48-62).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
1.	Gauda; Anthony (US 20170185790 A1), the present invention relates to a dynamic management of protected file access.
2.	Lin; Ming-Cheng et al. (US 20150319147 A1), the disclosure is related to a system and a method for file encrypting and decrypting, and in particular to a processing system and processing method for file encrypting and decrypting.

4.	Gauda; Anthony (US 20170187527 A1), the present disclosure relates generally to gain access to a protected file by utilizing access key specific to the protected file.
5.	Holtzman; Michael et al. (US 20080022413 A1), the present invention relates to control information supplied from memory device.
6.	Nordback; Kurt N. (US 20150379286 A1), the present invention relates to protect files by utilizing cryptographic keys.
7.	MASASHI KAWAI (CN 101112035 A; PUBLISHED ON 23-Jan-2008), this disclosure relates to perform confidential information management and to rapidly detect information leak.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM.
 If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status 

/ALI CHEEMA/
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496