Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION

Notice to Applicants
This communication is in response to the Amendment filed on 11/17/2021.
Claims 1-21 are under examination.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such amendment, it MUST be submit no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone conversation with Applicant’s representative Matthew T Byrne on 12/15/2021, and followed by Email confirmation dated 12/17/2021.

Please replace the current listing of claims with the following:




(Currently Amended) A method for protecting computer systems from user-created objects, comprising:
detecting, at a second user device, that an object has been accessed on the second user device;
determining whether an exception has occurred by scanning the object on the second user device;
in response to determining that the exception has occurred, transmitting, from the second user device to a server, a request for a security policy to be applied by the second user device in connection with the object, wherein the request includes an identifier of the object;
receiving, from the server, the security policy, wherein the security policy was selected by the server in response to receiving the request based on at least one attribute of the object including information about security software running on a first user device at a time at which the object was created by the first user device;
determining, based on the security policy, that the object was created by the first user device associated with an organization the second user device is also associated with;
determining whether to allow the object to be accessed by the second user device based on the security policy;
in response to determining that the object is allowed to be accessed, allowing the object to be accessed on the second user device; and
assigning the object a trust level on the second user device based on the security policy.

(Original) The method of claim 1, further comprising:
determining whether to allow a second object to be accessed by the second user device based on a second security policy to be applied by the second user device in connection with the second object; and
in response to determining that the second object is not to be allowed, blocking the second object from being accessed by the second user device in response to determining that the second object is not to be allowed.

(Cancelled).

(Currently Amended) The method of claim [[3]] 1, wherein the trust level indicates a type of directory allowed to be accessed on the second user device.

(Original) The method of claim 1, wherein the object is received from the first user device that created the object.

(Previously Presented) The method of claim 1, wherein the security policy is identified by the server based on a plurality of attributes of the first user device that created the object.

(Previously Presented) The method of claim 6, wherein the plurality of attributes of the first user device include version information of software executing on the first user device during creation of the object

(Currently Amended) A system for protecting computer systems from user-created objects, the system comprising:
a memory; and
a hardware processor coupled to the memory that is programmed to:
detect, at a second user device, that an object has been accessed on the second user device;
determine whether an exception has occurred by scanning the object on the second user device;
in response to determining that the exception has occurred, transmit, from the second user device to a server, a request for a security policy to be applied by the second user device in connection with the object, wherein the request includes an identifier of the object;
receive, from the server, the security policy, wherein the security policy was selected by the server in response to receiving the request based on at least one attribute of the object including information about security software running on a first user device at a time at which the object was created by the first user device;
determine, based on the security policy, that the object was created by the first user device associated with an organization the second user device is also associated with;
determine whether to allow the object to be accessed by the second user device based on the security policy;
; and
assign the object a trust level on the second user device based on the security policy.

(Original) The system of claim 8, wherein the hardware processor is further programmed to:
determine whether to allow a second object to be accessed by the second user device based on a second security policy to be applied by the second user device in connection with the second object; and
in response to determining that the second object is not to be allowed, block the second object from being accessed by the second user device in response to determining that the second object is not to be allowed.

(Cancelled).

(Currently Amended) The system of claim [[10]] 8, wherein the trust level indicates a type of directory allowed to be accessed on the second user device.

(Currently Amended) The system of claim [[10]] 8, wherein the object is received from the first user device that created the object.

(Previously Presented) The system of claim 8, wherein the security policy is identified by the server based on a plurality of attributes of the first user device that created the object.

(Previously Presented) The system of claim 13, wherein the plurality of attributes of the first user device include version information of software executing on the first user device during creation of the object.

(Currently Amended) A non-transitory computer-readable medium containing computer executable instructions that, when executed by a processor, cause the processor to perform a method for protecting computer systems from user-created objects, the method comprising:
detecting, at a second user device, that an object has been accessed on the second user device;
determining whether an exception has occurred by scanning the object on the second user device;
in response to determining that the exception has occurred, transmitting, from the second user device to a server, a request for a security policy to be applied by the second user device in connection with the object, wherein the request includes an identifier of the object;
receiving, from the server, the security policy, wherein the security policy was selected by the server in response to receiving the request based on at least one attribute of the object including information about security software running on a first user device at a time at which the object was created by the first user device;

determining whether to allow the object to be accessed by the second user device based on the security policy;
in response to determining that the object is allowed to be accessed, allowing the object to be accessed on the second user device; and
assigning the object a trust level on the second user device based on the security policy.

(Original) The non-transitory computer-readable medium of claim 15, wherein the method further comprises:
determining whether to allow a second object to be accessed by the second user device based on a second security policy to be applied by the second user device in connection with the second object; and
in response to determining that the second object is not to be allowed, blocking the second object from being accessed by the second user device in response to determining that the second object is not to be allowed.

(Cancelled).

(Currently Amended) The non-transitory computer-readable medium of claim [[17]] 15, wherein the trust level indicates a type of directory allowed to be accessed on the second user device.

(Original) The non-transitory computer-readable medium of claim 15, wherein the object is received from the first user device that created the object.

(Previously Presented) The non-transitory computer-readable medium of claim 15, wherein the security policy is identified by the server based on a plurality of attributes of the first user device that created the object.

(Previously Presented) The non-transitory computer-readable medium of claim 20, wherein the plurality of attributes of the first user device include version information of software executing on the first user device during creation of the object.



Allowable Subject Matter
Claims 1-2, 4-9, 11-16 and 18-21 are allowed.
The following is an examiner's statement of reasons for allowance: The following is an examiner's statement of reasons for allowance: This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, applicant’s amendments and arguments filed on 11/17/2021 and Examiner’s amendment make the record clear as to the reasons for allowance for this application, as such the reasons for allowance are in all 
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the Issue Fees. Such submission should be clearly labeled "Comments on Statement of Reasons for Allowance". In event of any post-allowance papers (e.g. IDS, 312 amendment, petition, etc.), Applicant is exhorted to mail papers to the Production Control branch in Publications or faxed to post-allowance papers correspondence branch at (703) 308-5864 to expedite issuing process or call PUB's Customer Service if any questions at (703) 305-8497.



Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure: 
US 8499152 B1		Data positioning and alerting system
US 20200201995 A1		IDENTIFICATION AND CONTROL OF MALICIOUS USERS ON A DATA STORAGE SYSTEM
US 20200076835 A1		ENTERPRISE NETWORK THREAT DETECTION
US 20070156670 A1		TECHNIQUES OF OPTIMIZING POLICIES IN AN INFORMATION MANAGEMENT SYSTEM

US 20050154885 A1		Electronic data security system and method
US 20040123153 A1		Administration of protection of data accessible by a mobile device

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.