DETAILED ACTION 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Claims 1, 9, 17, and 21-23 have been amended. Claims 6, 14, and 20 have been canceled. The following claims 1-5, 7-13, 15-19, and 21-23 have been examined and are pending.	
Response to Arguments
Applicant's amendments and arguments see pages 9-11 of remarks have been fully considered and are persuasive. In response to applicant’s arguments regarding the claims 1-5, 7-13, 15-19, and 21-23 after a complete search of the entire relevant prior art the examiner has determined the claims are in condition for allowance. The previous 103 rejections of claims 1-5, 7-13, 15-19, and 21-23 have been withdrawn.
Examiner’s Comments
The claims are now in condition for allowance.
Allowable Subject Matter
Applicant's arguments have been considered and are determined to be persuasive. Accordingly, the previously presented rejections are withdrawn.
Claims 1-5, 7-13, 15-19, and 21-23 are allowed.
The following is an examiner's statement of reasons for allowance:
The closest prior art, as previously recited, Sridhar 2020/0052986 A1, Roundy 10169584 B1, Brennan 20070028304 A1, Gopalakrishna 20180198821 teaches a computer-implemented method, the method comprising; a computer program product comprising: one or more computer-readable storage media and program instructions stored on the one or more computer-readable storage media, the stored program instructions comprising; and a computer system, the computer system comprising: one or more computer processors; one or more computer readable storage medium; and program instructions stored on the computer readable storage medium for execution by at least one of the one or more processors, the stored program instructions comprising: [Sridhar, Figs. 16 & 17 and ¶0119: implements invention using instructions, code, or other software and/or firmware, etc. stored on a computer-readable medium that, when executed by, for example, a processor system]; identifying, by one or more processors, transfers of a digital file between respective source devices and destination devices in a given group of devices; [Sridhar, ¶¶0022, 0029-0030, and 0079-0080: method/system herein to generate and/or update service level criteria (SLC) use to monitor data transfers details of one or more files transferred between two network entities (e.g. computer terminals, nodes, etc.) such as: file transfer events by a network monitor 102, within a network or across different networks. The network monitor 102 may be configured to selectively monitor and ensure a process or data/file transfer event between a specific source network entity and a specific destination network entity based on source and destination addresses/data or file transfer metadata, provided in SLC. File transfer metadata may include: source and destination network entities performing the transfer, etc. The granularity criterion 908 may be used to indicate a level of detail to be monitored for the transfer event. The source criterion 910 and the destination criterion 912 enable the monitoring criteria generator 202 to selectively monitor process or file transfers between specific source network entities and destination network entities. The source criterion 910 and destination criterion 912 may be used to indicate the source ID, network address, network entity ID of the network entity (e.g., one of the network entities 104 a-i of FIG. 1) configured to receive the file or files during a transfer event. Examiner broadly interprets that the network entity ID is analogous to the given group of network devices to which a network belongs to and allows communication to occur.]; generating, by one or more processors, for each identified transfer, a unique identifier (UID) of the digital file; [Sridhar, Fig. 3 and ¶¶0048 and 0051: Each of the file transfer metadata is associated with a particular characteristic of each process or file transfer. The process name and process ID columns 310 and 312 may be used to identify particular processes. FIG. 4, the example analyses configuration screen 400 includes a plurality of configuration parameters. The process ID parameter field 402 may be used to specify an identification value or code that corresponds to a selected process or file transfer event. In some cases, a user may want to use the same analyses configuration to monitor or analyze a plurality of process or file transfer events, each having a unique or different process ID. Examiner broadly interprets that unique process ID associated for each file transfer event of file(s) processed.]; identifying, by one or more processors, that the digital file has been contaminated; [Roundy et al 10169584 B1, Col 11, lines 26-28 and 45-48: in the event that traditional malware scan of file 208 indicates file 208 is malicious;  where malicious file compromises integrity/security of computing device]; identifying, by one or more processors, a contaminated UID corresponding to the digital file responsive to identifying that said digital file has been contaminated;  [Brennan 20070028304 A1, ¶0057: List hosts with infected or banned files]; and notifying, by one or more processors, the one or more potentially contaminated devices that the digital file has been contaminated [Gopalakrishna 20180198821, ¶0067-0068:  determine topology of site network 104, configuration of each network device to determine deceptive security mechanisms. See also ¶¶0276-0277].
However, none of Sridhar, Roundy, Brennan, and Gopalakrishna teach or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims, claims 1, 9, and 17.  For example, none of the cited prior art teaches or suggest instructing, by one or more processors, that information relating to each identified transfer be stored in a record associated with the digital file, wherein the  information includes: (i) an identification of the source device of the transfer, (ii) an identification of the destination device of the transfer; and (iii) the generated UID of the digital file for the transfer; identifying, by one or more processors, one or more potentially contaminated devices in the given group of devices for which the generated UID matches the contaminated UID based, at least in part, on the information relating to each identified transfer, in view of other limitations of claims 1, 9, and 17.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
The closest prior art made of record are:
Zhong et al (KR101484023 B1) teaches a computer network device receives the digital file and extracts a plurality of high-level features from the file. Multiple high-level features are evaluated using a classifier to determine whether the file is benign or malignant. This file is sent to the requesting computer if it is determined to be benign, and blocked if it is determined to be malicious (¶¶0013 and 0020-0023).
Code et al (20170134162 A1) teaches a system and process for securing digital media file content for persistence is disclosed. Aspects of the system and process protect content from being altered or embedded with malicious code during distribution through a network. A digital media file is embedded with a hash function. In some embodiments, successive frames may be hashed. A copy of the hash function may be retrieved from a trusted source which may be located within a distributed ledger network. Copies of the digital media file and hash function are checked at network member nodes to verify authenticity of the content. During verification, the media file may be checked to verify if successive frames (for example 2 or more) comply with the trusted hash function. Metadata for authenticated media files may provide trusted information about the original media file (¶¶0028-0035).
Kinder et al (20170244734 A1) teaches a system for collection and analysis of forensic and event data comprising a server and an endpoint agent operating on a remote system. The server is configured to receive event data including process creation data, persistent process data, thread injection data, network connection data, memory pattern data, or any combination thereof, and analyze the event data to detect compromises of a remote system. The endpoint agent is configured to acquire event data, and communicate the event data to the server (¶¶0044-0057).
Kotler et al (20180225461 A1) teaches a system for analyzing a computing system for potential breach points, the system comprising a memory device having executable instructions stored therein, and a processing device, in response to the executable instructions, configured to parse a breach scenario file, the breach scenario file comprising a graph including action component nodes connected by edges, determine a root node from the action component nodes, execute the root node with breach point data, generate a root node return value based on the execution of the root node, the root node return value including a modified copy of the breach point data, determine children nodes from the action component nodes connected to the root node, execute the children nodes wherein each execution of the children nodes produces children node return values for a subsequent one of the children nodes, and return a final return value from the execution of the children nodes (¶¶0010, 0030-0036, 0076-0078).
Varma (20160364707 A1) teaches a system and method for self-policed, authenticated, offline/online, viral marketing and distribution of content such as software, text, and multimedia with effective copyright and license enforcement and secure selling. The system is based on key and cryptography hiding techniques, using source-to-source transformation for efficient, holistic steganography that systematically inflates and hides critical code by: computation interleaving; flattening procedure calls and obfuscating stack by de-stacking arguments; obfuscating memory management; and encoding scalars as pointers to managed structures that may be distributed and migrated all over the heap using garbage collection. Multimedia/text content may be partitioned and sold with expiry dates for protection and updates for long life. Authenticity of software installed on a machine may be monitored and ensured, supporting even authentic software deployment in an unknown environment. The system can be implemented with commonplace networking or browser software, commonplace hardware and content provision over a secure website (https standard) (¶¶0354-0379).
Singhal (20170244637 A1) teaches systems and methods routing network packets between multi-core intermediaries. A processor of a plurality of processors on a client-side intermediary device may receive a packet from a client device. The processor may be identified by a core identifier. The processor may calculate a first set of source port addresses based on a first key and the core identifier. The processor may identify a target server-side intermediary device and a target processor based on data received with the packet or metadata received from the target server-side intermediary device. The processor may calculate a second set of port addresses based on a second key and the target core identifier. The processor may identify a port address common to both the first set and second set of port addresses. The processor may replace the original source port address in the packet with the identified port address (¶¶0156-0158, 0270, and 0272).
Onodera (8533850 B2) teaches a client computer detects a user operation for transmitting data to a server or a storage device, determines whether the detected user operation is a fraudulent manipulation, and, if the determination is a positive result, performs security processing which is processing related to security of data to be transmitted. If the data is data within a group to which the user belongs and a destination of the data is a server or a storage device outside the group, the determination is a positive result (Figs. 13A-B, 28; Col 12, lines 46-67 to Col 13, lines 1-20 and Col 5, lines 53-59).
Conclusion
                                                                                                                                                                                                     	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/Sakinah White Taylor/Primary Examiner, Art Unit 2497