DETAILED ACTION
This communication is in respond to applicant’s amendments filed on February 2, 2022. Claims 18-37 are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/02/2022 has been entered.

Response to Arguments
Applicant's arguments filed on 02/02/2022 with respect to amended claims have been fully considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 19 and 29-37 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 19 and 29 each recites the limitation “wherein the untrusted device is a Universal Serial Bus (USB)”, however, a USB is an interface standard for enabling communications between devices but not a device. For the following rejection, this limitation is read as the untrusted device is a Universal Serial Bus (USB) device. 
Claims 22, 23, 32 and 33 each recites the limitation “the trusted device” in line 1, it is not clear whether it’s referring to the “trusted PCN device” previously recited in parent claim.
Claims 22 and 33 each further recites the limitation “...exclusively used in a PCN”, it is not clear whether it is referring to the same as previously recited “a trusted Process Control Network(PCN). Further, the limitation contradicts the limitation “transferring designated files from the untrusted device to a trusted Process Control Network (PCN) device using a file manager; scanning the trusted PCN device using an air-gapped anti-malware (AGAM) device during an AGAM malware check” recited in parent claim as the trusted PCN device is used in enterprise computer file manager and AGAM device. For the following rejection, this limitation is read as the trusted device is not used in unprotected system.
Claims  29-37 each recites the limitation "The system of claim 18" in line 1.  There is insufficient antecedent basis for this limitation in the claim. Claim 18 recites a method, not a system. For the following rejection, this limitation is read as “The system of claim 28”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 18-19, 22, 24-26, 28-29, 32, and 34-36 are rejected under 35 U.S.C. 103(a) as being unpatentable over US PG-PUB No. 2015/0052365 A1 to Young et al. (hereinafter Young) in view of Applicant Admitted Prior Art (Background section of instant application, paragraph 0004-0009, hereinafter AAPA) and Pajari (USB Flash Storage Threats and Risk Mitigation in an Air-Gapped Network Environment, Cansecwest Vancouver 2014, NPL reference #1 listed on DIS filed on 07/15/2019, hereinafter Pajari).
As per claim 18, Young disclosed a method for malware detection, the method comprising: 
connecting an untrusted device connected to an enterprise computer; transferring designated files from the untrusted device to a trusted network device using a file manager (Young, Fig. 1, secure network 1 corresponds to a network containing claimed enterprise computer, secure network 2 corresponds to the claimed trusted process control network; network managed antivirus appliance 100 corresponds to the claimed trusted device; par 0003, air gap separates two computer networks, “any data transfer between the computer networks requires a manual step in which a user transfers files from the first computer network onto a portable storage media (e.g., a USB thumb drive, a read/writable CD or DVD, etc.). The portable storage media is then physical disconnected/removed from the first computer network, and physically connected to the second computer network to upload the transferred files. Thus, no direct communication link exists at any time between the computer networks, and all of the transferred data will reside on the portable media for a period of time during the transfer.  During this period of time, the data residing on the portable media may be virus scanned to assure that the transferred files are not corrupt and will not transmit a virus between the networks”, i.e., portable device is being used between first and second network, and air gapped  antivirus appliance 100 is used for virus scanning the portable device); 
scanning the trusted device using an air-gapped anti-malware (AGAM) device during an AGAM malware check (Young, par 0042, “In step 420, a user inserts one or more portable media into (or otherwise connects the portable media to) the network managed antivirus appliance 100.”, par 0043, “In step 430, the network managed antivirus appliance 100 scans the portable media for viruses or other types of malware.”), antivirus (AV) signatures being updated in association during the AGAM malware check (Young, par 0045, data generated from virus scanning including “the number and definitions of any viruses or other malware identified”, the definitions of viruses / malware identified correspond to virus signatures); 
Young does not explicitly disclose scanning the untrusted device using corporate anti-malware software, and further does not explicitly disclose the trusted network being a process control network, and scanning the trusted PCN device using AGAM software installed on a PCN workstation; however, AAPA disclosed scanning the untrusted device using a corporate anti-malware software; the second network being a process control network; and scanning the AGAM scanned PCN computer storage medium (AAPA,  par 0007, process control network PCN, par 0009, “Almost all facilities carry a high risk of malware delivery through USB media (e.g., memory stick, portable hard drive, cell phone, tablet, etc.). Most facilities use a two-step process to check USB media. Step one involves performing a virus scan using the corporate information technology (IT) systems. Step two involves performing a virus scan using the ICS anti-virus software.”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Young to incorporate the concept of two-step process anti-malware control applied to process control network as disclosed by AAPA, such implementation would provide increase system security by performing additional virus scanning processes; 
Young in view of AAPA does not explicitly disclose the PCN malware check following the AGAM malware check; however, in an analogous art in computer system security, Pajari disclosed AGAM malware check being performed prior to the protected USB drive is inserted into the protected network (i.e. trusted PCN workstation) (Pajari, page 5, section “C. Sheep Dip Procedure”, steps 3 and 4: “Step 3. Use the SDA to copy and scan files The two USB drives (one with the files to be transferred across the gap and the other an empty sanitized drive) are put into the SDA and the contents copied to the empty USB drive and then scanned using anti-virus software. Any files that the AV software considers malware are deleted and an error is displayed and logged. Step 4. Copy files to the protected system Finally the “protected” USB drive is inserted into the protected system.”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to implement the system of Young to implement the AGAM malware check prior to inserting the protected USB drive to the protected system as disclosed by Pajari, such implementation would provide improved security as suggested by Pajari (Pajari, page 6, section XII, “...disconnected computers that use a carefully crafted procedure that incorporates a sheep dip appliance for transfers across the gap (in both directions) can provide considerably more security”).

As per claim 19, Young-AAPA-Pajari disclosed the method of claim 18, wherein the untrusted device is a Universal Serial Bus (USB) (Young, par 0042, “In step 420, a user inserts one or more portable media into (or otherwise connects the portable media to) the network managed antivirus appliance 100. In the example of FIGS. 3A-3B, a portable media is connected using USB interface 115 or CD/DVD 110. In other embodiments, device 100 may also and/or alternatively include other types of interfaces (e.g., floppy disk drives, additional CD/DVD drives, CF drives, or any other USB connectable storage devices)”).

As per claim 22, Young-AAPA-Pajari disclosed the method of claim 18, wherein the trusted device is exclusively used in a PCN (Pajari, page 5, section C., steps 1-4, the “protected” USB drive is only used in protected system in the sense that the files are copied to the protected USB drive via the SDA, i.e., it’s not used in unprotected system).

As per claim 23, Young-AAPA-Pajari disclosed the method of claim 18, wherein the trusted device is formatted prior to transferring the designated files (Young, par 0003, air gap separates two computer networks, “any data transfer between the computer networks requires a manual step in which a user transfers files from the first computer network onto a portable storage media (e.g., a USB thumb drive, a read/writable CD or DVD, etc.). The portable storage media is then physical disconnected/removed from the first computer network, and physically connected to the second computer network to upload the transferred files. Thus, no direct communication link exists at any time between the computer networks, and all of the transferred data will reside on the portable media for a period of time during the transfer.  During this period of time, the data residing on the portable media may be virus scanned to assure that the transferred files are not corrupt and will not transmit a virus between the networks”, implicit, any storage device has to be formatted for initial use, therefore a formatting process must have been done prior to use of the USB device for file transfer).

As per claim 24, Young-AAPA-Pajari disclosed the method of claim 18, wherein the AV signatures are updated using a wireless connection (Young, par 0045, data generated from virus scanning including “the number and definitions of any viruses or other malware identified”, the definitions of viruses / malware identified correspond to virus signatures; and par 0040, antivirus appliance supports wireless communications).

As per claim 25, Young-AAPA-Pajari disclosed the method of claim 18, wherein scanning results are summarized upon completion (Young, par 0045, “In step 440, once the scan has been completed the scan results may be displayed to the user...”).

As per claim 26, Young-AAPA-Pajari disclosed the method of claim 18, wherein the AGAM device includes a touchscreen interface (Young, par 0049, “The antivirus appliance 100 may display the menu options on an LCD or touch screen display 120 or 125, and users may select options using the touch screen or using buttons located near the LCD screen.”).

Claims 28-29 and 32-36 recite substantially the same limitations as claims 18-19 and 22-26, respectively, in the form of a system implementing the corresponding method, therefore, they are rejected under the same rationale.

Claims 20 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Young in view of AAPA and Pajari as applied to claim18 above, and further in view of US PG-PUB No. 2008/0288782 A1 to Iyer (hereinafter Iyer).
As per claim 20, Young-AAPA-Pajari disclosed the method of claim 18; Young does not explicitly disclose “prior to scanning the untrusted device, the untrusted device is decrypted to access the designated files from a partition”, however, in an analogous art in computer system security, Iyer disclosed a device is decrypted to access files from a partition (Iyer, par 0056, “...in process 410, the secured second partition of the SATA storage device is unsecured (e.g., decrypted) and the computing device is given access to the data stored in the second partition”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Young to further incorporate the decryption of storage device for access partition as disclosed by Iyer, such implementation would allow system access to encrypted data on the storage device as disclosed by Iyer (Iyer, par 0055-0056).

Claim 30 recites substantially the same limitations as claim 20, in the form of a system implementing the corresponding method, therefore, it is rejected under the same rationale.

Claims 21 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Young in view of AAPA and Pajari as applied to claim 18 above, and further in view of US PG-PUB No. 2016/0328579 A1 to Jois et al. (hereinafter Jois).
As per claim 21, Young-AAPA-Pajari disclosed the method of claim 18; Young does not explicitly disclose the untrusted device is automatically scanned after connecting to the enterprise computer; however, in an analogous art in computer system security, Jois disclosed automatically scanning untrusted device after connecting to computing device (Jois, par 0015, “...automatically enable scanning of all USB data storage devices as soon as the USB device is connected to a computing device (e.g., a desktop or laptop computer) that is part of or can be part of the computer network. In this manner, as soon as the USB device is connected to the desktop or laptop computing device, one or more antivirus programs are automatically initiated and an antivirus scan of the USB device is automatically performed”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Young to further incorporate the automatic scanning of USB device as soon as the USB device is connected to computing system as disclosed by Jois, in order to protect computer network infrastructure from untrusted USB device as suggested by Jois (Jois, par 0015).

Claim 31 recites substantially the same limitations as claim 21, in the form of a system implementing the corresponding method, therefore, it is rejected under the same rationale.

Claims 27 and 37 are rejected under 35 U.S.C. 103 as being unpatentable over Young in view of AAPA and Pajari as applied to claim 18 above, and further in view of US PG-PUB No. 2019/0220594 A1 to Tutika et al. (hereinafter Tutika).
As per claim 27, Young-AAPA-Pajari disclosed the method of claim 18; Young does not explicitly disclose the air-gapped anti-malware device being a single board computer or include a touchscreen, however, in an analogous art in computer system security, Tutika disclosed a method using single board computer with touch screen for scanning storage device for malware detection (Tutika, Abstract, “...An apparatus includes a single board computer comprising a processing device. The apparatus also includes a touch screen display coupled to the single board computer. The apparatus further includes at least one interface configured to be coupled to a storage device. The processing device is configured to detect the storage device, perform a check-in process for the storage device, and generate a result of the check-in process for display on the touch screen display. To perform the check-in process, the processing device is configured to scan the storage device to identify any malware contained on the storage device...”); it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Young to incorporate the use of single board computer with touch screen display for storage device malware detection as disclosed by Tutika, such modification would provide an inexpensive alternative for malware detection with more user friendly interface and thus more desirable.

Claim 37 recites substantially the same limitations as claim 27, in the form of a system implementing the corresponding method, therefore, it is rejected under the same rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Linglan Edwards whose telephone number is (571)270-5440. The examiner can normally be reached 9:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/LINGLAN EDWARDS/Primary Examiner, Art Unit 2491