DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to RCE
This action is responsive to the response filed on 07/07/2022. Claims 1-20 are pending and being considered. Claims 1, 10 and 17 are independent. Claims 1-2, 10-11 and 17-18 are amended. Thus, claims 1-20 are rejected.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 07/07/2022 for application number 16/822,821 has been entered.

Response to Arguments/Remarks
Applicant’s arguments/remarks, filed on 06/07/2022, have been fully considered and are rendered moot in view of new grounds of rejections outlined below. The argument(s) do not apply to the current art(s) being used. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding independent claims 1, 10 and 17, the claims recite an indefinite language “determining, by the remote device in response to determining that the target file is in a protected folder, that the process is an authorized process”. This limitation is unclear because it refers to determining not previously performed, without providing any indication how previously the function “determining” is performed. So, it is unclear whether the function “determining” requires some other structure or is simply a result of a system and/or a computing device comprising a processor for protecting a folder from unauthorized file modification. Therefore, examiner suggests the applicant to further amend the claim to specify how the determining is performed and whether some structure such as a processor is required to perform the “response to determining” function.
Dependent claims 2-9, 11-16 and 18-20 are likewise rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph as being indefinite since they depend on and/or carries the deficiencies of the parent claims.

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4, 7-8, 10-11, 13 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Ramakrishnappa; Dhananjay et al. (US 2020/0110892 A1), hereinafter (Rama), in view of LU, Zhou (WO 2011/137743 A1), hereinafter (LU), and further in view of Kai et al. (US 2007/0250547 A1), hereinafter (Kai).

Regarding claim 1, Rama teaches a computer-implemented method for protecting a folder from unauthorized file modification (Rama, Para. [0101], discloses a computer implemented method, and as disclosed in Para. [0056], wherein the file modification (manipulation) request is blocked (at block 242), if it is determined that the requesting process/user is not authorized (at block 250), as illustrated in Fig. 4), at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising (Rama, Para. [0034], wherein the server kernel includes one or more processors 166): 
receiving, by the computing device from a process on a remote device that the remote device has determined is authorized to access a target file in a local folder of the computing device, a modify request for the target file in the local folder (Rama, Fig. 2 and Para. [0035-0036], discloses that a requesting (or calling) process/user 150 (associated with a user device, as depicted in Fig. 1) may generate I/O request as a file modification request of any type (e.g., a request that would perform any modification on the data (file) for which access is being requested), and as disclosed in Para. [0058], if the requesting process or user (associated with a user device, as depicted in Fig. 1) is on a whitelist that is attached to a particular device, volume or file system, then that requesting process and/or user (associated with a user device, as depicted in Fig. 1) is authorized to perform data manipulations or other operations on that device or in that volume or file system (wherein the data stores can be local to the systems accessing them, as disclosed in Para. [0062]), and as disclosed in Para. [0055-0056], wherein authorizing the requesting process/user (associated with a user device, as depicted in Fig. 1) to access the protected volume 158, 200 can be done by whitelist accessing logic 184, or by a mini-filter driver 214-216 or another filter driver 218), wherein the remote device sends the modify request in response to (Rama, Fig. 2 and associated Para. [0035], discloses that the requesting (or calling) process/user 150 (associated with user device, as shown in Fig. 1) may generate I/O requests 152 […] that may be issued to access information on data storage device 142): 
determining, locally by the computing device, whether the local folder is the protected folder (Rama, Para. [0038], discloses that the logic 182 determines whether that volume is a protected volume 158 where whitelist 162 or customer data 160 (or both) reside); 
determining, by the computing device, in response to determining the local folder is the protected folder, whether the remote device is a trusted host (Rama, Para. [0038], discloses that the logic 182 determines whether that volume is a protected volume 158 where whitelist 162 or customer data 160 (or both) reside. If so, then process/user identification logic 185 parses request 152 to identify the calling process and/or user 150 (associated with a user device, as depicted in Fig. 1)); and 
allowing, by the computing device in response to determining that the remote device is the trusted host, the modify request for the target file (Rama, Para. [0038], discloses a whitelist accessing logic 184 that accesses whitelist 162 and whitelist comparison logic 186 that determines whether the calling process/user 150 (associated with a user device, as depicted in Fig. 1) is on the whitelist (or is authorized to perform a data manipulation or modification operation in protected volume 158, based upon the entries in whitelist 162), and as disclosed in Para. [0056], if the requesting process/user (associated with a user device, as depicted in Fig. 1) is authorized by the whitelist, then the processing continues at block 238 (as illustrated in Fig. 4) where the request is passed on for further execution).  
Rama fails to explicitly disclose but LU teaches detecting, by the remote device, the modify request for the target file in a protected folder from the process on the remote device (LU, PDF Page 8 (4th-6th Paragraph), discloses that an application (hereinafter, process) receives an instruction issued by the user to operate the protected file, and the instruction for operating the protected file includes opening, reading, or an instruction to write or close the protected file (e.g., modify request). After receiving the instruction to open the protected file, the application calls an upper layer interface of the operating system, and the upper layer interface issues an instruction to open the protected file to the file system. Wherein, the filter driver intercepts an instruction issued by the upper layer interface to the file system to open the protected file); and determining, by the remote device LU, PDF Page 8 (6th Paragraph), discloses that the filter driver intercepts an instruction issued by the upper layer interface to the file system to open the protected file, and determines whether the application is a legitimate application);
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘LU’ into the teachings of ‘Rama’, with a motivation to determine that the process is an authorized process, as taught by LU, in order for a legal application (or process) to perform opening, reading, writing, and closing (modify) operations on the protected file; LU, PDF Page 3-4.
Rama as modified by LU, as disclosed above, teaches to determine that the process is an authorized process, wherein Rama as modified by LU fails to explicitly disclose but Kai teaches determining, by the remote device in response to determining that the target file is in a protected folder, that the process is an authorized process (Kai, Para. [0085], discloses, in a step 903, a judgment is made as to whether or not a file to be written exists under a folder to be protected specified by the folder-to-be-protected table 810, and as disclosed in Para. [0086], if it is judged, in the step 903, that the file to be written exists under the folder to be protected, in a subsequent step 904, a judgment is made as to whether or not a write request has been received from an authorized program that is permitted to write); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Kai’ into the teachings of ‘Rama’ as modified by ‘LU’, with a motivation to determine that the process is an authorized process in response to determining that the target file is in a protected folder, as taught by Kai, in order to control an access to the storage device that prohibits and/or prevents an access from programs other than the authorized program (or process) to the log file from being updated; Kai, Para. [Abstract and 0080/0089].

Regarding claim 2, Rama as modified by LU in view of Kai teaches the method of claim 1, wherein Rama further teaches the remote device sends the modify request in response to (Rama, Fig. 2 and associated Para. [0035], discloses that the requesting (or calling) process/user 150 (associated with user device, as shown in Fig. 1) may generate I/O requests 152 […] that may be issued to access information on data storage device 142): 
Rama fails to explicitly disclose but LU teaches sending, in response to determining that the process is the authorized process, the modify request (LU, PDF Page 8 (6th-7th Paragraph), discloses that the filter driver intercepts an instruction issued by the upper layer interface to the file system to open the protected file, and determines whether the application is a legitimate application. If legal, the filter driver issues an instruction to the file system).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘LU’ into the teachings of ‘Rama’, with a motivation to send the modify request in response to determining that the process is the authorized process, as taught by LU, in order for a legal application (or process) to perform opening, reading, writing, and closing (modify) operations on the protected file; LU, PDF Page 3-4.
Rama as modified by LU fails to explicitly disclose but Kai teaches determining, by the remote device after detecting the modify request, whether the target file is in the protected folder (Kai, Para. [0085], that, in a step 903, a judgment is made as to whether or not a file to be written exists under a folder to be protected specified by the folder-to-be-protected table 810); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Kai’ into the teachings of ‘Rama’ as modified by ‘LU’, with a motivation to determine whether the target file is in the protected folder, as taught by Kai, in order to control  an access to the storage device and prohibit an access from programs other than the authorized program (or process); Kai, Para. [Abstract and 0080/0089].

Regarding claim 4, Rama as modified by LU in view of Kai teaches the method of claim 2, wherein Rama fails to explicitly disclose but LU further teaches detecting the modify request comprises intercepting, by a minifilter of the remote device, the modify request (LU, PDF Page 8 (4th-6th Paragraph), discloses that an application (hereinafter, process) receives an instruction issued by the user to operate the protected file, and the instruction for operating the protected file includes opening, reading, or an instruction to write or close the protected file (e.g., modify request). After receiving the instruction to open the protected file, the application calls an upper layer interface of the operating system, and the upper layer interface issues an instruction to open the protected file to the file system. Wherein, the filter driver intercepts an instruction issued by the upper layer interface to the file system to open the protected file).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘LU’ into the teachings of ‘Rama’, with a motivation to wherein a minifilter of the remote device intercepts the modify request, as taught by LU, in order to determine whether the application (or process) is a legitimate application to perform opening, reading, writing, and closing (modify) operations on the protected file; LU, PDF Page 3-4 and 8.

Regarding claim 7, Rama as modified by LU in view of Kai teaches the method of claim 1, wherein Rama further teaches receiving the modify request further comprises intercepting, by a minifilter, the modify request (Rama, Para. [0044], discloses a filter manager logic 212 illustratively receives the I/O request 170 and provides it for operation by minifilter drivers 214-216, and/or as disclosed and shown in FIG. 3, minifilter drivers 214-216 can be provided to determine whether the I/O request 152 is a data manipulation (or data modification) request).  

Regarding claim 8, Rama as modified by LU in view of Kai teaches the method of claim 7, wherein Rama further teaches the minifilter communicates with a lockdown server to determine whether the remote device is the trusted host (Rama, Para. [0045], discloses that the minifilter driver (either the same one or a different one) can then determine whether the target of the data manipulation request is the master boot record 192, or a protected volume 158 […]. If the target is a protected volume 158, then one or more minifilter drivers can parse the I/O request 152 to identify the calling process and/or user (associated with a user device, as depicted in Fig. 1), access whitelist 162 and determine whether the calling process/user (associated with a user device, as depicted in Fig. 1) is authorized based on the entries in whitelist 162, and as disclosed in Para. [0039], wherein the whitelist 162 can be stored separately from customer data (i.e., on a server)).  

Regarding claim 10, Rama teaches a system for protecting a folder from unauthorized file modification, the system comprising (Rama, Fig. 2 and associated Para. [0033], discloses a server kernel processing system 156 that processes the I/O request 152 and, if authorized, accesses data in one of the data storage devices (e.g., data storage device 142). The data can be stored in a file system or in another data volume as indicated by block 158. The data to be accessed can include sensitive customer data 160, whitelist 162, or a wide variety of other data 164): 
a receive module, stored in memory, for receiving, from a process on a remote device that the remote device has determined is authorized to access a target file in a local folder of the system, a modify request for the target file in the local folder (Rama, Fig. 2 and associated Para. [0034], discloses that the server kernel processing system 156 illustratively includes data accessing logic 168, I/O manager 170, etc. Wherein the data accessing logic 168 can include I/O call type identifier logic 174, and as disclosed in Para. [0035-0036], the requesting (or calling) process/user 150 may generate I/O request 152 as a file open request, a file write request, a read request, a file create request, a file delete request or a wide variety of other requests that may be issued to access information on data storage device 142 (see Para. [0062], wherein the data stores can be local to the systems accessing them). Front end functionality 130 illustratively exposes an interface to receive request 152 and provides the request to I/O manager logic 170 (stored within the server kernel processing system 156). Wherein, the I/O manager logic 170 routes the I/O request 152 to the proper set of data accessing logic 168 for processing. When data accessing logic 168 receives I/O request 152, then I/O call type identifier logic 174 (stored within server kernel processing system 156) identifies the type of the call (or I/O request) that is being made. For instance, as discussed above, it may be a file open request, a create request, a delete request, a read request, a write request, etc.), wherein the remote device sends the modify request in response to (Rama, Fig. 2 and associated Para. [0035], discloses that the requesting (or calling) process/user 150 (associated with user device, as shown in Fig. 1) may generate I/O requests 152 […] that may be issued to access information on data storage device 142): 4Application No.: 16/822,821Attorney's Docket No.: 007170.1221U1 
a folder module, stored in the memory, for determining locally whether the local folder is the protected folder (Rama, Fig. 2 and associated Para. [0034 and 0038], discloses a target volume identifier logic 182 (stored within server kernel processing system 156) that determines whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside); 
a host validation module, stored in the memory, for determining, in response to determining the local folder is the protected folder, whether the remote device is a trusted host (Rama, Fig. 2 and associated Para. [0034 and 0038], discloses a target volume identifier logic 182 (stored within server kernel processing system 156) that determines whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside. If so, then process/user identification logic 185 (stored within server kernel processing system 156) parses request 152 to identify the calling process and/or user 150); 
a modify module, stored in the memory, for allowing, in response to determining that the remote device is the trusted host, the modify request for the target file (Rama, Fig. 2 and associated Para. [0034 and 0038], discloses a whitelist comparison logic 186 (stored within server kernel processing system 156) that determines whether the calling process/user 150 is on the whitelist (or is authorized to perform a data manipulation or modification operation in protected volume 158, based upon the entries in whitelist 162)); and 
at least one physical processor that executes the receive module, the folder module, the host validation module, and the modify module (Rama, Fig. 2 and associated Para. [0034], discloses that the server kernel processing system 156 illustratively includes one or more processors 166, data accessing logic 168, I/O manager 170, and it can include a wide variety of other kernel functionality 172. Data accessing logic 168 can include I/O call type identifier logic 174, call interception logic 176, call blocking logic 178, and it can include other items 180. In the example illustrated, call interception logic 176 illustratively includes target volume identifier logic 182, target analysis logic 183 (which, itself, includes whitelist accessing logic 184, process/user identification logic 185, and whitelist comparison logic 186) and it can include a wide variety of other items 188. (herein, the I/O manager logic 170, target volume identifier logic 182, process/user identification logic 185 and whitelist comparison logic 186 represents claimed receive module, folder module, host validation module and modify module, respectively)).
Rama fails to explicitly disclose but LU teaches detecting, by the remote device, the modify request for the target file in a protected folder from the process on the remote device (LU, PDF Page 8 (4th-6th Paragraph), discloses that an application (hereinafter, process) receives an instruction issued by the user to operate the protected file, and the instruction for operating the protected file includes opening, reading, or an instruction to write or close the protected file (e.g., modify request). After receiving the instruction to open the protected file, the application calls an upper layer interface of the operating system, and the upper layer interface issues an instruction to open the protected file to the file system. Wherein, the filter driver intercepts an instruction issued by the upper layer interface to the file system to open the protected file); and determining, by the remote device LU, PDF Page 8 (6th Paragraph), discloses that the filter driver intercepts an instruction issued by the upper layer interface to the file system to open the protected file, and determines whether the application is a legitimate application);
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘LU’ into the teachings of ‘Rama’, with a motivation to determine that the process is an authorized process, as taught by LU, in order for a legal application (or process) to perform opening, reading, writing, and closing (modify) operations on the protected file; LU, PDF Page 3-4.
  Rama as modified by LU, as disclosed above, teaches to determine that the process is an authorized process, wherein Rama as modified by LU fails to explicitly disclose but Kai teaches determining, by the remote device in response to determining that the target file is in a protected folder, that the process is an authorized process (Kai, Para. [0085], discloses, in a step 903, a judgment is made as to whether or not a file to be written exists under a folder to be protected specified by the folder-to-be-protected table 810, and as disclosed in Para. [0086], if it is judged, in the step 903, that the file to be written exists under the folder to be protected, in a subsequent step 904, a judgment is made as to whether or not a write request has been received from an authorized program that is permitted to write); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Kai’ into the teachings of ‘Rama’ as modified by ‘LU’, with a motivation to determine that the process is an authorized process in response to determining that the target file is in a protected folder, as taught by Kai, in order to control an access to the storage device that prohibits and/or prevents an access from programs other than the authorized program (or process) to the log file from being updated; Kai, Para. [Abstract and 0080/0089].

Regarding claims 11 and 13, the claims are drawn to the system corresponding to the method of using same as claimed in claims 2 and 4, respectively. Therefore, the rejection set forth above with respect to the method claims 2 and 4 is equally applicable to the claims 11 and 13 of the system, respectively.

Regarding claim 15, Rama as modified by LU in view of Kai teaches the system of claim 10, further comprising a minifilter, wherein Rama further teaches receiving the modify request further comprises intercepting, by the minifilter, the modify request (Rama, Para. [0044], discloses a filter manager logic 212 illustratively receives the I/O request 170 and provides it for operation by minifilter drivers 214-216, and/or as disclosed and shown in FIG. 3, minifilter drivers 214-216 can be provided to determine whether the I/O request 152 is a data manipulation (or data modification) request).  

Regarding claim 16, Rama as modified by LU in view of Kai teaches the system of claim 15, wherein Rama further teaches the minifilter communicates with a lockdown server to determine whether the remote device is the trusted host (Rama, Para. [0045], discloses that the minifilter driver (either the same one or a different one) can then determine whether the target of the data manipulation request is the master boot record 192, or a protected volume 158 […]. If the target is a protected volume 158, then one or more minifilter drivers can parse the I/O request 152 to identify the calling process and/or user (associated with a user device, as depicted in Fig. 1), access whitelist 162 and determine whether the calling process/user (associated with a user device, as depicted in Fig. 1) is authorized based on the entries in whitelist 162, and as disclosed in Para. [0039], wherein the whitelist 162 can be stored separately from customer data (i.e., on a server)).

Claims 3 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Rama as modified by LU in view of Kai, as applied above, and further in view of NISHIDE, TAKASHI et al. (JP 2008/085448 A; Published on April, 10, 2008), hereinafter (Nishide).

Regarding claim 3, Rama as modified by LU in view of Kai teaches the method of claim 2, wherein Rama further teaches determining whether the target file is in the protected folder further comprises (Rama, Abstract, determines whether the request is for a target volume that is within a first or second protected volume): 
Rama as modified by LU in view of Kai fails to explicitly disclose but Nishide teaches determining whether the folder includes a marker file; and determining, in response to determining the folder includes the marker file, that the folder is the protected folder (Nishide, PDF Page 4 (First Paragraph), discloses that the filter driver 12 checks the presence of the encryption marker file of the shared encryption folder 31a, and as also disclosed in PDF Page 4 (Third Paragraph), wherein the encryption marker file 31a created corresponding to the shared encryption folder 31a exists).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nishide’ into the teachings of ‘Rama’ as modified by ‘LU’ in view of ‘Kai’, with a motivation for determining that the folder is the protected folder, as taught by Nishide, based on a marker file indicating that it is an encryption folder, wherein the marker file created under the folder describes an identifier for uniquely identifying the key used for encryption, in order to share encrypted files to a plurality of (authenticated) clients without troublesome; Nishide, PDF Page 1 (Abstract).

Regarding claim 12, the claim is drawn to the system corresponding to the method of using same as claimed in claim 3. Therefore, the rejection set forth above with respect to the method claim 3 is equally applicable to the claim 12 of the system.

Claims 5, 9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Rama as modified by LU in view of Kai, as applied above, and further in view of Little; Matthew J. et al. (US 2020/0302074 A1; Filed on March 22, 2019), hereinafter (Little).

Regarding claim 5, Rama as modified by LU in view of Kai teaches the method of claim 1, wherein Rama as modified by LU in view of Kai fails to explicitly disclose but Little teaches the modify request includes a network address of the remote device (Little, Para. [0036], discloses to perform the requested file access operation (e.g., delete, open, read, write, and/or rename) on the file, and as disclosed in Para. [0060-0061], the file access requests can be initiated by the users using client machines and can include or be supplemented to include information such as an IP address and geographical location of the access (client machine), time of the access, a user identifier of the accessor or user, the name of the file attempting to be accessed, and/or the likes) and determining whether the remote device is the trusted host is based on the network address (Little, Para. [0064], discloses that the observed data can include a current location of the user as determined based on an IP address contained in the file access request and a status indicative of whether the connection through which the user initiated the file access request is trusted or untrusted, and/or see also Fig. 3 and associated Para. [0070], wherein, at block 306, the permission server can cause the file access control module of the client machine to permit access to the file by returning a decryption key for the file by determining a risk score for the user associated with the file access request based on historical user behavior information, the file access request and observable data associated with the file access request).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Little’ into the teachings of ‘Rama’ as modified by ‘LU’ in view of ‘Kai’, with a motivation to determine, based on the network address of the remote device, whether the remote device is the trusted host, as taught by Little, in order to prevent access to data (files) without an on-access validation of a user's rights to access the data file; Little, Para. [0017].

Regarding claim 9, Rama as modified by LU in view of Kai the method of claim 1, wherein Rama as modified by LU in view of Kai fails to explicitly disclose but Little teaches determining whether the remote device is the trusted host further comprises confirming, by contacting the remote device, the modify request (Little, Para. [0062], a permission engine 210 (within Management server 102, as depicted in Fig. 2) can receive a file access request (e.g., perform a file operation, such as delete, open, read, write, and/or rename, as disclosed in Para. [0067]) initiated by a user, which can relate to a file stored within the enterprise network in encrypted form. The encrypted form can include the file being wrapped within a cryptographic wrapper in order to prevent direct access to the file without a proper on-access validation process having been performed by the file access control module, involving validating the file access request by the file access control module via management server 102 (or one or more of management server 102, permission server 104 and analytics server 106) explicit permission is provided for authenticated access. Cryptographic keys can be stored in database 216 and can be provided by permission engine 210 for authenticated access by the user).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Little’ into the teachings of Rama as modified by LU in view of Kai, with a motivation to confirm the modify request by contacting the remote device, as taught by Little, by performing an on-access validation process to seek confirmation or denial of the user's rights to perform the requested file access request (e.g., perform a file operation, such as delete, open, read, write, and/or rename) on the file; Little, Para. [0036].

Regarding claim 14, the claim is drawn to the system corresponding to the method of using same as claimed in claim 5. Therefore, the rejection set forth above with respect to the method claim 5 is equally applicable to the claim 14 of the system.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Rama as modified by LU in view of Kai, as applied above, and further in view of Nenov; Dejan et al. (US 10,181,948 B1; Filed on Jan. 25, 2018), hereinafter (Nenov).

Regarding claim 6, Rama as modified by LU in view of Kai teaches the method of claim 1, wherein Rama as modified by LU in view of Kai fails to explicitly disclose but Nenov teaches the modify request includes a hash of a key maintained by a lockdown server and determining whether the remote device is the trusted host is based on recognizing the hash (Nenov, Fig. 3 and associated Col. 10 (Lines 11-45, discloses to receive hash values for specified data ( e . g . a particular system file , library , user data file , configuration file , firmware , or other such data)  from one or more client computing devices. At step 314, the security device may retrieve hash value from the distributed ledger. At step 316, the security device may determine whether the hash value of the canonical data retrieved from the ledger and the hash received from a client device match, and at step 318, if the hashes match, then the security device may record the client device as a trusted device).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nenov’ into the teachings of ‘Rama’ as modified by ‘LU’ in view of ‘Kai’, with a motivation to determine, based on recognizing the hash maintained by a lockdown server, whether the remote device is the trusted host, as taught by Nenov, in order to safely exchange data with the device, execute or process data from the device if the hashes do match, and/or perform mitigation actions, such as preventing communications from said devices from being transmitted off the LAN or between the device and other devices on the LAN if the hashes do not match; Nenov, Col. 5 (Lines 48-62).

Claims 17 and 19- 20 are rejected under 35 U.S.C. 103 as being unpatentable over Ramakrishnappa; Dhananjay et al. (US 2020/0110892 A1), hereinafter (Rama), in view of Soman et al. (US 10,122,752 B1), hereinafter (Soman), and further in view of Kai et al. (US 2007/0250547 A1), hereinafter (Kai).

Regarding claim 17, Rama teaches a non-transitory computer-readable medium comprising one or more computer- executable instructions that, when executed by at least one processor of a computing device, cause the computing device to (Rama, Para. [0071], discloses a Computer readable media that … that can be accessed by computer 810… and is different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, and as disclosed in Fig. 6 and associated Para. [0070], wherein the computer 810 may include, but are not limited to, a processing unit 820 (which can comprise processors or servers from previous FIGS.) to perform operations, such as): 
receive, by the computing device from a process on a remote device that the remote device has determined is authorized to access a target file in a local folder of the computing device, a modify request for the target file in the local folder (Rama, Fig. 2 and Para. [0035-0036], discloses that a requesting (or calling) process/user 150 (associated with a user device, as depicted in Fig. 1) may generate I/O request as a file modification request of any type (e.g., a request that would perform any modification on the data (file) for which access is being requested), and as disclosed in Para. [0058], if the requesting process or user (associated with a user device, as depicted in Fig. 1) is on a whitelist that is attached to a particular device, volume or file system, then that requesting process and/or user (associated with a user device, as depicted in Fig. 1) is authorized to perform data manipulations or other operations on that device or in that volume or file system (see Para. [0062], wherein the data stores can be local to the systems accessing them), and as disclosed in Para. [0055-0056], wherein authorizing the requesting process/user (associated with a user device, as depicted in Fig. 1) to access the protected volume 158, 200 can be done by whitelist accessing logic 184, or by a mini-filter driver 214-216 or another filter driver 218), wherein the remote device sends the modify request in response to (Rama, Fig. 2 and associated Para. [0035], discloses that the requesting (or calling) process/user 150 (associated with user device, as shown in Fig. 1) may generate I/O requests 152 […] that may be issued to access information on data storage device 142): 
determine, locally by the computing device, whether the local folder is a protected folder (Rama, Para. [0038], discloses to determine whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside); 
determine, by the computing device in response to determining the local folder is the protected folder, whether the remote device is a trusted host (Rama, Para. [0038], discloses to determine whether that volume is protected volume 158 where whitelist 162 or customer data 160 (or both) reside. If so, then process/user identification logic 185 parses request 152 to identify the calling process and/or user 150 (associated with a user device, as depicted in Fig. 1)); and 
allow, by the computing device in response to determining that the remote device is the trusted host, the modify request for the target file (Rama, Para. [0038], discloses a whitelist accessing logic 184 that accesses whitelist 162 and whitelist comparison logic 186 that determines whether the calling process/user 150 (associated with a user device, as depicted in Fig. 1) is on the whitelist (or is authorized to perform a data manipulation or modification operation in protected volume 158, based upon the entries in whitelist 162), and as disclosed in Para. [0056], if the requesting process/user (associated with a user device, as depicted in Fig. 1) is authorized by the whitelist, then the processing continues at block 238 (as illustrated in Fig. 4) where the request is passed on for further execution).  
Rama fails to explicitly disclose but Soman teaches detecting, by the remote device, the modify request for the target file in a protected folder from the process on the remote device (Soman, Fig. 1 and Col. 3 (Lines 34-45), discloses various processes 108 that operate on the user space 102. The processes 108 correspond to, in some examples, user applications (such as illustrated in FIG. 9). As an example, a user operates a word processing application to make edits to a document. The word processing application, or any other related application, operating system (OS), or other component, calls functions, such as via an application programming interface (API) 112 implemented by the operating system (not illustrated), which in turn interface with the filter driver 110 (e.g. a file system filter driver). In this manner, processes 108 communicate from the user space 102 to the kernel space 104, and/or as disclosed in Fig. 5 and Col. 6 (Lines 65-67), At 502, the filter driver 110 intercepts a first request from the process 108 to access a target folder 210); and 
determining, by the remote device Soman, Fig. 5 and Col. 6 (Line 67)- Col. 7 (Lines 1-15), discloses that, at 504, the filter driver 110 evaluates whether the process 108 is an authorized process […]. The filter driver 108 compares the process 108 to the authorized process list to determine if the process 108 is included in the authorized process list. If the process 108 is on the authorized process list, the process 108 is designated as not hostile);
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Soman’ into the teachings of ‘Rama’, with a motivation to determine that the process is an authorized process, as taught by Soman, in order to detect and prevent attacks to a target folder by the hostile process; Soman, Col. 6 (Lines 64-65).
Rama as modified by Soman, as disclosed above, teaches to determine that the process is an authorized process, wherein Rama as modified by Soman fails to explicitly disclose but Kai teaches determining, by the remote device in response to determining that the target file is in a protected folder, that the process is an authorized process (Kai, Para. [0085], discloses, in a step 903, a judgment is made as to whether or not a file to be written exists under a folder to be protected specified by the folder-to-be-protected table 810, and as disclosed in Para. [0086], if it is judged, in the step 903, that the file to be written exists under the folder to be protected, in a subsequent step 904, a judgment is made as to whether or not a write request has been received from an authorized program that is permitted to write); 
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Kai’ into the teachings of ‘Rama’ as modified by ‘Soman’, with a motivation to determine that the process is an authorized process in response to determining that the target file is in a protected folder, as taught by Kai, in order to control an access to the storage device that prohibits and/or prevents an access from programs other than the authorized program (or process) to the log file from being updated; Kai, Para. [Abstract and 0080/0089].

Regrading claim 19, Rama as modified by Soman in view of Kai teaches the non-transitory computer-readable medium of claim 18, wherein Rama fails to explicitly disclose but Soman further teaches detecting the modify request comprises intercepting, by a minifilter of the remote device, the modify request (Soman, Fig. 5 and Col. 6 (Lines 65-67), discloses that, at 502, the filter driver 110 intercepts a first request from the process 108 to access a target folder 210 ).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Soman’ into the teachings of ‘Rama’, with a motivation wherein a minifilter of the remote device intercepts the modify request, as taught by Soman, in order to detect and prevent attacks to a target folder by the hostile process; Soman, Col. 6 (Lines 64-65).

Regarding claim 20, Rama as modified by Soman in view of Kai teaches the non-transitory computer-readable medium of claim 17, wherein Rama further teaches receiving the modify request further comprises intercepting, by a minifilter, the modify request (Rama, Para. [0044], discloses a filter manager logic 212 illustratively receives the I/O request 170 and provides it for operation by minifilter drivers 214-216, and/or as disclosed and shown in FIG. 3, minifilter drivers 214-216 can be provided to determine whether the I/O request 152 is a data manipulation (or data modification) request).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Rama as modified by Soman in view of Kai, as applied above, and further in view of NISHIDE, TAKASHI et al. (JP 2008/085448 A; Published on April, 10, 2008), hereinafter (Nishide).

Regrading claim 18, Rama as modified by Soman in view of Kai teaches the non-transitory computer-readable medium of claim 17, wherein Rama further teaches the remote device sends the modify request in response to (Rama, Fig. 2 and associated Para. [0035], discloses that the requesting (or calling) process/user 150 (associated with user device, as shown in Fig. 1) may generate I/O requests 152 […] that may be issued to access information on data storage device 142): 
Rama fails to explicitly disclose but Soman further teaches sending, in response to determining that the process is the authorized process, the modify request (Soman, Col. 6 (Line 67)- Col. 7 (Lines 1-16), discloses that, at 504, the filter driver 110 evaluates whether the process 108 is an authorized process […]. The filter driver 108 compares the process 108 to the authorized process list to determine if the process 108 is included in the authorized process list. If the process 108 is on the authorized process list, the process 108 is designated as not hostile, and the requests from the process 108 are performed at 518).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Soman’ into the teachings of ‘Rama’, with a motivation to send the modify request in response to determining that the process is the authorized process, as taught by Soman, in order to perform the requests received from the process; Soman, Col. 7 (Lines 15-16).
Rama as modified by Soman fails to explicitly disclose but Kai teaches determining, by the remote device after detecting the modify request, whether the target file is in the protected folder Kai, Para. [0085], that, in a step 903, a judgment is made as to whether or not a file to be written exists under a folder to be protected specified by the folder-to-be-protected table 810); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Kai’ into the teachings of ‘Rama’ as modified by ‘Soman’, with a motivation to determine whether the target file is in the protected folder, as taught by Kai, in order to control  an access to the storage device and prohibit an access from programs other than the authorized program (or process); Kai, Para. [Abstract and 0080/0089].
Rama as modified by Soman in view of Kai fails to explicitly disclose but Nishide teaches determining, by the remote device after detecting the modify request, whether the target file is in the protected folder by determining whether the folder includes a marker file (Nishide, PDF Page 4 (First Paragraph), discloses that the filter driver 12 checks the presence of the encryption marker file of the shared encryption folder 31a, and as also disclosed in PDF Page 4 (Third Paragraph), wherein the encryption marker file 31a created corresponding to the shared encryption folder 31a exists); and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Nishide’ into the teachings of ‘Rama’ as modified by ‘Soman’ in view of ‘Kai’, with a motivation for determining that the folder is the protected folder, as taught by Nishide, based on a marker file indicating that it is an encryption folder, wherein the marker file created under the folder describes an identifier for uniquely identifying the key used for encryption, in order to share encrypted files to a plurality of (authenticated) clients without troublesome; Nishide, PDF Page 1 (Abstract).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Monday-Friday: 8:00AM – 4:00PM.
 If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ALI CHEEMA/
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496