DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the application filed on 10/12/2020. Claims 1-20 are currently pending.
Suggestions on how to overcome any objection(s) and rejection(s) raised in this office action are found at the end of such sections. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/14/2021, 02/11/2021, 07/19/2021, 01/06/2022, 01/27/2022 and 05/26/2022 was filed before the mailing date of the office action on 07/12/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-6, 8-15, and 17-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S PGPub. No. 20030110391 to Wolff et al. (hereinafter Wolff).

Regarding claim 1, Wolff discloses a method implemented by a forward proxy server (Fig. 5, Proxy AV scanner 100) comprising: 
      receiving a request from a client device to initiate a first session with the forward proxy server (Fig. 5 client 10), and (¶0038 “…when one of the client devices 10 issues a file access request using the SMB protocol, this will be received by the proxy AV scanner 100…”); 
      responsive to receiving the request, initiating the first session with the client device and establishing a second session with a server device (Fig. 5, File storage device 110, ¶0049 “Hence, if the first client device 10 wishes to issue a file access request to the file storage device 110, it in fact issues a file access request over path 102 to the proxy AV scanner 100, which then communicates over path 104 to the file storage device 110”), on behalf of the client device (¶0039 “The processing logic 160 within the proxy AV scanner 100 will then extract at step 205 predetermined attributes from the file access request, and cause them to be sent via the interface 120 over path 125 to the file storage device 110 for validation”); 
detecting a transfer of a file between the client device and the server device via at least one of the first session or the second session (¶0042 “The process then proceeds to step 225, where the processing logic 160 is arranged to determine whether the file access request relates to a read of a file, or a write to a file…” wherein a write (upload) to a file uses the first session and read (download) of a file uses the second session for file transfer); 
responsive to detecting the transfer, obtaining a copy of the file (¶0043 “the file is retrieved at step 235 from the file storage device 110 via the interface 120”); 
determining that the copy of the file is compromised with malware (¶0046 “where it is determined whether the file is infected by a virus, this being indicated by the output from the anti-virus engine 170”);
 and responsive to determining that the copy of the file is compromised with malware, performing an action to mitigate the malware (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”)  
Regarding claim 2, Wolff discloses the method of claim 1wherein the action comprises one or more of providing a notification that indicates that the transfer is compromised with malware; or preventing the transfer from being completed (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”).  

Regarding claim 3, Wolff discloses the method of claim 1, wherein determining that the copy of the file is compromised with malware comprises: 
       providing the copy of the file to at least one malware identification service of a plurality of malware identification services that are each configured to analyze the copy of the file for malware (¶0052 “Between the file access request redirector 300 and the file storage device 110 are located a plurality of proxy AV scanners 100 which are each capable of performing anti-virus scanning of files being accessed. In such embodiments, the job of the file access request redirector 300 is to receive each access request issued by the client devices, and to perform some load balancing techniques to determine which proxy AV scanner 100 should service a particular file access request”); 
       receiving an indication from the at least one malware identification service, the indication indicating whether the copy of the file has been compromised with malware (¶0046 “The process then proceeds to step 250, where it is determined whether the file is infected by a virus, this being indicated by the output from the anti-virus engine 170”); 
       and based on the indication indicating that the copy of the file has been compromised with malware, determining that the copy of the file is compromised with malware (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”).  
Regarding claim 4, Wolff discloses the method of claim 3, wherein the at least one malware identification service executes on a server device other than the forward proxy server (¶0054 “upon receipt of an access request, the file access request redirector 300 may be arranged to poll each of the plurality of proxy AV scanners 100 in order to seek an indication as to which, if any, of the proxy AV scanners 100 are currently available to handle the file access request”).  

Regarding claim 5, Wolff discloses the method of claim 3, wherein the at least one malware identification service to which the file is provided is selected based on a file type of the file (¶0005 “the anti-virus scanner 40 can be configured to determine when scanning is performed (i.e. when files are read, when files are written, both, etc.), what type of files are scanned…”).  

Regarding claim 6, Wolff discloses the method of claim 1, wherein the transfer comprises a file download operation from the server device (¶0020 “upon receipt of an access request identifying a file to be read from the file storage device”-wherein read is interpreted as a download operation), and wherein detecting the transfer via at least one of the first session or the second session comprises (¶0042 “The process then proceeds to step 225, where the processing logic 160 is arranged to determine whether the file access request relates to a read of a file, or a write to a file…”): 
analyzing a header of a response that is associated with the file download operation and that is received via the second session from the server device (¶0020 “the processing logic being arranged to determine whether the file identified by the access request is stored in the file cache and if so to return the file to the client device without communicating with the file storage device via the second interface”); 
and determining that the header identifies a filename for the file (¶0039 “The processing logic 160 within the proxy AV scanner 100 will then extract at step 205 predetermined attributes from the file access request, and cause them to be sent via the interface 120 over path 125 to the file storage device 110 for validation…”).  

Regarding claim 8, Wolff discloses the method of claim 1, wherein detecting the transfer between the client device and the server device comprises: receiving a message from code executing on the client device via the first session that indicates that the code executing on the client device has detected that a file upload operation from the client device to the server device is occurring (¶0047 “then the process proceeds to step 290, where the file to be written is added to the file cache 140, the process the proceeding to step 295 where that file is then stored to the file storage device 110 via the interface 120, where after an acknowledgement is returned to the client at step 297 via the interface 110 to inform the client device that the write access request has been performed”).  

Regarding claim 9, Wolff discloses the method of claim 1, wherein detecting the transfer between the client device and the server device comprises: 408915-US-NP- 35 - receiving a message from code executing on the client device via the first session that indicates that the code executing on the client device has detected that a file download operation from the client device to the server device is occurring (¶0042 “…Assuming the file access request specifies a read of a file, then the process branches to step 230, where the file cache 140 is checked to determine whether the file being requested is stored within the file cache 140. If it is, then the process proceeds directly to step 265, where the file is returned via the interface 110 to the client device 10”).  

Regarding claim 10, Wolff discloses a forward proxy server (Fig. 5, Proxy AV scanner 100), comprising: at least one processor circuit: and at least one memory that stores program code configured to be executed by the at least one processor circuit, the program code comprising: (¶0025 “ and the computer program product comprising: (a) reception code operable to receive an access request issued by one of said client devices to said file storage device using the dedicated file access protocol”) a session establisher configured to:             
       receive a request from a client device to initiate a first session with the forward proxy server (Fig. 5 client 10), and (¶0038 “…when one of the client devices 10 issues a file access request using the SMB protocol, this will be received by the proxy AV scanner 100…”): 
       responsive to receiving the request, initiate the first session with the client device and establish a second session with a server device (Fig. 5, File storage device 110, ¶0049 “Hence, if the first client device 10 wishes to issue a file access request to the file storage device 110, it in fact issues a file access request over path 102 to the proxy AV scanner 100, which then communicates over path 104 to the file storage device 110”), on behalf of the client device (¶0039 “The processing logic 160 within the proxy AV scanner 100 will then extract at step 205 predetermined attributes from the file access request, and cause them to be sent via the interface 120 over path 125 to the file storage device 110 for validation”): 
and a malware mitigator configured to: detect a transfer of a file between the client device and the server device via at least one of the first session or the second session (¶0042 “The process then proceeds to step 225, where the processing logic 160 is arranged to determine whether the file access request relates to a read of a file, or a write to a file…” wherein a write (upload) to a file uses the first session and read (download) of a file uses the second session for file transfer):  
       responsive to detecting the transfer, obtain a copy of the file (¶0043 “the file is retrieved at step 235 from the file storage device 110 via the interface 120”): 
        determine that the copy of the file is compromised with malware (¶0046 “where it is determined whether the file is infected by a virus, this being indicated by the output from the anti-virus engine 170”):
 	and responsive to determining that the copy of the file is compromised with malware, perform an action to mitigate the malware (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”).  

Regarding claim 11, Wolff discloses the forward proxy server of claim 10, wherein the action comprises one or more of: providing a notification that indicates that the transfer is compromised with malware; or preventing the transfer from being completed (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”).  
 
Regarding claim 12, Wolff discloses the forward proxy server of claim 10, wherein malware mitigator determines that the copy of the file is compromised with malware by: 408915-US-NP- 36 – 
       providing the copy of the file to at least one malware identification service of a plurality of malware identification services that are each configured to analyze the copy of the file for malware (¶0052 “Between the file access request redirector 300 and the file storage device 110 are located a plurality of proxy AV scanners 100 which are each capable of performing anti-virus scanning of files being accessed. In such embodiments, the job of the file access request redirector 300 is to receive each access request issued by the client devices, and to perform some load balancing techniques to determine which proxy AV scanner 100 should service a particular file access request”); 
        receiving an indication from the at least one malware identification service, the indication indicating whether the copy of the file has been compromised with malware (¶0046 “The process then proceeds to step 250, where it is determined whether the file is infected by a virus, this being indicated by the output from the anti-virus engine 170”);
        and based on the indication indicating that the copy of the file has been compromised with malware, determining that the copy of the file is compromised with malware (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”).  


Regarding claim 13, Wolff discloses the forward proxy server of claim 12, wherein the at least one malware identification service executes on a server device other than the forward proxy server (¶0054 “upon receipt of an access request, the file access request redirector 300 may be arranged to poll each of the plurality of proxy AV scanners 100 in order to seek an indication as to which, if any, of the proxy AV scanners 100 are currently available to handle the file access request”).  

Regarding claim 14, Wolff discloses the forward proxy server of claim 12, wherein the at least one malware identification service to which the file is provided is selected based on a file type of the file (¶0005 “the anti-virus scanner 40 can be configured to determine when scanning is performed (i.e. when files are read, when files are written, both, etc.), what type of files are scanned…”).  

Regarding claim 15, Wolff discloses the forward proxy server of claim 10, wherein the transfer comprises a file download operation from the server device (¶0020 “upon receipt of an access request identifying a file to be read from the file storage device”-wherein read is interpreted as a download operation), and wherein the malware mitigator detects the transfer via at least one of the first session or the second session by (¶0042 “The process then proceeds to step 225, where the processing logic 160 is arranged to determine whether the file access request relates to a read of a file, or a write to a file…”): 
analyzing a header of a response that is associated with the file download operation and that is received via the second session from the server device (¶0020 “the processing logic being arranged to determine whether the file identified by the access request is stored in the file cache and if so to return the file to the client device without communicating with the file storage device via the second interface”);  
and determining that the header identifies a filename for the file (¶0039 “The processing logic 160 within the proxy AV scanner 100 will then extract at step 205 predetermined attributes from the file access request, and cause them to be sent via the interface 120 over path 125 to the file storage device 110 for validation…”).  

Regarding claim 17, Wolff discloses the forward proxy server of claim 10, wherein the malware mitigator detects the transfer between the client device and the server device by: receiving a message from code executing on the client device via the first session that indicates that the code executing on the client device has detected that a file upload operation from the client device to the server device is occurring (¶0047 “then the process proceeds to step 290, where the file to be written is added to the file cache 140, the process the proceeding to step 295 where that file is then stored to the file storage device 110 via the interface 120, where after an acknowledgement is returned to the client at step 297 via the interface 110 to inform the client device that the write access request has been performed”) .  

Regarding claim 18, Wolff discloses the forward proxy server of claim 10, wherein the malware mitigator detects the transfer between the client device and the server device by: receiving a message from code executing on the client device via the first session that indicates that the code executing on the client device has detected that a file download operation from the client device to the server device is occurring (¶0042 “…Assuming the file access request specifies a read of a file, then the process branches to step 230, where the file cache 140 is checked to determine whether the file being requested is stored within the file cache 140. If it is, then the process proceeds directly to step 265, where the file is returned via the interface 110 to the client device 10”).   

Regarding claim 19, Wolff discloses a computer-readable storage medium having program instructions recorded thereon that, when executed by at least one processor of a forward proxy server (Fig. 5, Proxy AV scanner 100), perform a method, the method comprising: 
 	receiving a request from a client device to initiate a first session with the forward proxy server (Fig. 5 client 10), and (¶0038 “…when one of the client devices 10 issues a file access request using the SMB protocol, this will be received by the proxy AV scanner 100…”); 
responsive to receiving the request, initiating the first session with the client device and establishing a second session with a server device (Fig. 5, File storage device 110, ¶0049 “Hence, if the first client device 10 wishes to issue a file access request to the file storage device 110, it in fact issues a file access request over path 102 to the proxy AV scanner 100, which then communicates over path 104 to the file storage device 110”) on behalf of the client device (¶0039 “The processing logic 160 within the proxy AV scanner 100 will then extract at step 205 predetermined attributes from the file access request, and cause them to be sent via the interface 120 over path 125 to the file storage device 110 for validation”);
 	detecting a transfer of a file between the client device and the server device via at least one of the first session or the second session (¶0042 “The process then proceeds to step 225, where the processing logic 160 is arranged to determine whether the file access request relates to a read of a file, or a write to a file…” wherein a write (upload) to a file uses the first session and read (download) of a file uses the second session for file transfer); 
responsive to detecting the transfer, obtaining a copy of the file (¶0043 “the file is retrieved at step 235 from the file storage device 110 via the interface 120”);
determining that the copy of the file is compromised with(¶0046 “where it is determined whether the file is infected by a virus, this being indicated by the output from the anti-virus engine 170”); 
and responsive to determining that the copy of the file is compromised with malware, performing an action to mitigate the malware (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”).

Regarding claim 20, Wolff discloses the computer-readable storage medium of claim 19, wherein the action comprises one or more of: 408915-US-NP- 38 - providing a notification that indicates that the transfer is compromised with malware; or preventing the transfer from being completed (¶0046 “If the file is infected, then the process proceeds to step 255, where reading of that file is blocked, and typically the client device 10 will then be informed that access to the file has been blocked”).  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over U.S.PGPub. No. 20030110391 to Wolff et al. (hereinafter Wolff) in view of U.S. Pat. No. 8813214 to McNair et al. (hereinafter McNair)

Regarding claim 7, Wolff discloses the method of claim 1, wherein the transfer comprises a file upload operation to the server device (¶0047 “If at step 225, it is determined that the file access request relates to a write of a file”- wherein write is interpreted as a upload operation), wherein detecting the transfer via at least one of the first session or the second session comprises (¶0042 “The process then proceeds to step 225, where the processing logic 160 is arranged to determine whether the file access request relates to a read of a file, or a write to a file…”):   
: analyzing a request received via the first session from the client device that is associated with the file upload operation (¶0047 “then the process branches to step 270, where it is determined whether virus scanning is required….”-wherein determining whether virus scanning is required or not is a form of analysis being performed on the access request); 
However, Wolff does not explicitly disclose the following limitation taught by McNair:
identifying a uniform resource identifier included in the request; 
and determining that the uniform resource identifier corresponds to a file upload path associated with the server device.  
McNair discloses the proxy server system that sends a message to the sending peer computing system through the IM system that includes the upload URL and directions for using the secure file transfer server for the file transfer (Col. 4, Lines 49-52 “In one embodiment, the proxy server system then sends a message to the sending peer computing system through the IM system that includes the upload URL and directions for using the secure file transfer server for the file transfer”).
McNair discloses the sending the sending peer selecting and uploading the selected file to the secure file transfer server through the upload URL, and the associated upload webpage (Col. 5, Lines 15-18 “In one embodiment, once the sending peer selects the file to be transferred, the upload of the selected file to the secure file transfer server is begun through the upload URL, and the associated upload webpage”) 
Thus, one of ordinary skill in the art would have found obvious before the effective filing date of the applicant’s claimed invention to modify the Wolff to include the concept of URL (most common form of URI) to upload files as disclosed by McNair and be motivated in doing so in order to provide adequate security for file transfer operation between the sending peer and the recipient peer-McNair summary in parts.

Regarding claim 16, Wolff discloses the forward proxy server of claim 10, wherein the transfer comprises a file upload operation to the server device (¶0047 “If at step 225, it is determined that the file access request relates to a write of a file”- wherein write is interpreted as a upload operation), wherein the malware mitigator detects the transfer via at least one of the first session or the second session by (¶0042 “The process then proceeds to step 225, where the processing logic 160 is arranged to determine whether the file access request relates to a read of a file, or a write to a file…”):  
analyzing a request received via the first session from the client device that is associated with the file upload operation (¶0047 “then the process branches to step 270, where it is determined whether virus scanning is required….”-wherein determining whether virus scanning is required or not is a form of analysis being performed on the access request); 
However, Wolff does not explicitly disclose the following limitation taught by McNair:
identifying a uniform resource identifier included in the request; 
and determining that the uniform resource identifier corresponds to a file upload path associated with the server device.  
McNair discloses the proxy server system that sends a message to the sending peer computing system through the IM system that includes the upload URL and directions for using the secure file transfer server for the file transfer (Col. 4, Lines 49-52 “In one embodiment, the proxy server system then sends a message to the sending peer computing system through the IM system that includes the upload URL and directions for using the secure file transfer server for the file transfer”).
McNair discloses the sending the sending peer selecting and uploading the selected file to the secure file transfer server through the upload URL, and the associated upload webpage (Col. 5, Lines 15-18 “In one embodiment, once the sending peer selects the file to be transferred, the upload of the selected file to the secure file transfer server is begun through the upload URL, and the associated upload webpage”). 
Thus, one of ordinary skill in the art would have found obvious before the effective filing date of the applicant’s claimed invention to modify the Wolff to include the concept of URL (most common form of URI) to upload files as disclosed by McNair and be motivated in doing so in order to provide adequate security for file transfer operation between the sending peer and the recipient peer-McNair summary in parts.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S.PGPub. No. (20030154399. 20070079379, and 20020188870) 
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495                                                                                                                                                                                                        
/PONNOREAY PICH/Primary Examiner, Art Unit 2495