DETAILED ACTION
Claims 1-20 are pending and have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 11 recites the limitation " a plurality of files ".  There is insufficient antecedent basis for this limitation in the claim. 
It is indefinite if is intended to be the same “plurality of files” as introduced in claim 7.
This is not intended to be a complete list of such indefinite issues.
Double Patenting
Claims 1-20 are provisionally rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims of Patent Nos. 9292688, 9665713, and 11126720.  Although the conflicting claims are not identical, they are not patentably distinct from each other because 
“A method comprising: training, based on a first file-type associated with a plurality of files, a first classifier to determine whether files of the first file-type are at least malign or benign; training, based on a plurality of file-types associated with the plurality of files, a second classifier to determine whether files of the plurality of file-types are at least malign or benign; selecting, based on determining that a first file is associated with the first file-type, the first classifier; determining, via the first classifier, whether the first file is malign or benign; causing, based on the determining whether the first file is malign or benign, access to the first file to be blocked or permitted; selecting, based on determining that a second file is not associated with the first file-type, the second classifier; determining, via the second classifier, whether the second file is malign or benign; and causing, based on the determining whether the second file is malign or benign, access to the second file to be blocked or permitted” (claim 1, instant application) is analogous to 
“A computer-implemented method for improved zero-day malware detection comprising: receiving, at a computer that includes one or more processors and memory, a set of training files which are each known to be either malign or benign, wherein the training files comprise one or more types of computer files; analyzing, using the one or more computer processors, a training file from the set of training files to determine features of the training file, wherein the analyzing determines n-gram features; tagging, using the one or more computer processors, the determined features of the training file with qualified meta-features (QMF) tags, wherein the tagging includes: extracting one of the determined n-gram features from the training file; identifying a location of the extracted n-gram feature in the training file; determining an appropriate QMF tag of the extracted n-gram feature based on the identified location; applying the determined QMF tag to the extracted n-gram feature; and repeating the extracting, identifying, determining and applying for the remaining determined n-gram features of the training file; repeating the analyzing and tagging for remaining training files in the set of training files; and building, using the one or more computer processors, a model identifying n-gram features indicative of a malign file using the QMF-tagged n-gram features, wherein the model is capable of being used to detect malign files” (claim 1, patent 9292688) and analogous to 
“A computer-implemented method for improved zero-day malware detection comprising: receiving, at a computer that includes one or more processors and memory, a set of training files which are each known to be either malign or benign, wherein the training files comprise one or more types of computer files; partitioning, using the one or more computer processors, the set of training files into a plurality of categories wherein the categories are based on a type of file in each category; and training, using the one or more computer processors, category-specific classifiers that distinguish between malign and benign files in a category of files, wherein the training comprises: selecting one of the plurality of categories of training files, wherein each of the one or more categories corresponds to a type of file; identifying features present in the training files in the selected category of training files, wherein the identifying identifies n-gram features and the n-gram features include n-bytes of code; evaluating the identified features to determine the identified features most effective at distinguishing between malign and benign files; and building a category-specific classifier based on the evaluated features” (claim 1, patent 9665713) and analogous to
“A method comprising: determining at least a first file-type and a second file-type associated with a plurality of files; determining, via a first classifier of a plurality of classifiers that is trained to determine whether files of the first file-type are at least malign or benign, a first classification for a first file of the plurality of files, wherein the first file is of the first file-type; and determining, via a second classifier of the plurality of classifiers that is trained to determine whether files of a plurality of file-types are at least malign or benign and based on a second file of the plurality of files being of the second file-type that is different than the first file-type, a second classification for the second file” (claim 1, patent 11126720)
This is a provisional obviousness-type double patenting rejection because the conflicting claims of the instant application have not in fact been patented.
The claims of the conflicting patents and/or applications contain every element of claims 1-20 of the instant application and thus anticipate the claims of the instant application. Claims 1-20 of the instant application therefore are not patently distinct from the copending application claims and as such are unpatentable for obvious-type double patenting. A later patent/application claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species with that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
“Claim 12 and Claim 13 are generic to the species of invention covered by claim 3 of the patent. Thus, the generic invention is “anticipated” by the species of the patented invention. Cf., Titanium Metals Corp. v. Banner, 778 F.2d 775, 227 USPQ 773 (Fed. Cir. 1985) (holding that an earlier species disclosure in the prior art defeats any generic claim) 4. This court’s predecessor has held that, without a terminal disclaimer, the species claims preclude issuance of the generic claim. In re Van Ornum, 686 F.2d 937, 944, 214 USPQ 761, 767 (CCPA 1982); Schneller, 397 F.2d at 354. Accordingly, absent a terminal disclaimer, claims 12 and 13 were properly rejected under the doctrine of obviousness-type double patenting.” (In re Goodman (CA FC) 29 USPQ2d 2010 (12/3/1993).


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
The claimed invention is directed to file classification without significantly more. The claim(s) recite(s) training, selecting, determining, and causing. This judicial exception is not integrated into a practical application because they are broad enough to cover determining and classifying in the mind or with generic computer components. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claims do not recite any computer components. Anticipating that the claims may be amended to recite generic components, it is noted that mere instructions to apply an exception using generic components cannot provide an inventive concept. The claims are not patent eligible. 
Since the determining is based on a sequence (i.e. characters, bits), the comparison to make the determination can be made in the mind, looking at a file, make a benign/malign determination.
Regarding Prong One, the determining steps, as drafted, is a process that under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components.
That is, nothing in the claim element precludes the step from practically being performed in the human mind. For example, the claim encompasses the user looking at the sequence and making a determination as benign/malign. Additionally, mere nominal recitation of a generic processor would not take the claim limitation out of the mental processes grouping. Thus, the claim recites a mental process.
Regarding Prong Two, there are no additional element(s) or a combination of elements in the claim that apply, rely on, or use the judicial exception in a manner that imposes a meaningful limit on the judicial exception, such that it is more than a drafting effort designed to monopolize the exception.
The claims are further drawn to the Well-Understood, Routine, Conventional Activity of training classifiers as evidenced by the cited art.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-3, 5, 7-10, 12, 14-17, and 19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Radinsky (20120084859).
Regarding claims 1, 7, and 14, Radinsky teaches
training, based on a first file-type associated with a plurality of files, a first classifier to determine whether files of the first file-type are at least malign or benign; training, based on a plurality of file-types associated with the plurality of files, a second classifier to determine whether files of the plurality of file-types are at least malign or benign (par.27-35, different classifiers to different known entities/files and to unknown entities/files); 
selecting, based on determining that a first file is associated with the first file-type, the first classifier; determining, via the first classifier, whether the first file is malign or benign; causing, based on the determining whether the first file is malign or benign, access to the first file to be blocked or permitted (par.14-17, 34-37, determine is filetype, extension, etc, use corresponding engine); 
selecting, based on determining that a second file is not associated with the first file-type, the second classifier; determining, via the second classifier, whether the second file is malign or benign; and causing, based on the determining whether the second file is malign or benign, access to the second file to be blocked or permitted (par.86-88, 93-98, determine it is unknown use different engine).
Regarding claims 2, 8, and 15, Radinsky teaches wherein the determining, via the first classifier, whether the first file is malign or benign comprises sending, to the first classifier, the first file, and wherein the determining, via the second classifier, whether the second file is malign or benign comprises sending, to the second classifier, the second file (par.32-36).
Regarding claims 3 and 10, Radinsky teaches wherein the determining that the first file is associated with the first file-type comprises determining, based on at least one byte sequence, that an internal structure of the first file matches an expected internal structure associated with the first file-type, and the determining that the second file is not associated with the first file-type comprises determining, based on at least one byte sequence, that an internal structure of the second file does not match an expected internal structure associated first file-type (par.34-40, 56-64).
Regarding claims 5, 12, and 19, Radinsky teaches determining, based on a file-type of a third file not being determined, and via the second classifier, that the third file is at least malign or benign / determining, based on a file-type of a second file not being determined, and via the second classifier, that the second file is at least malign or benign (par.34-40, 56-64).
Regarding claim 9, Radinsky teaches selecting, based on determining that a second file is not associated with the first file-type, the second classifier; and determining, via the second classifier, whether the second file is malign or benign (par.86-88, 93-98).
Regarding claim 16, Radinsky teaches selecting, based on determining that a second file is associated with the first file-type, the first classifier; and determining, via the first classifier, whether the second file is malign or benign (par.14-17, 34-37).
Regarding claim 17, Radinsky teaches wherein the determining that the file is not associated with the first file-type comprises: determining, based on at least one byte sequence, that an internal structure of the file does not match an expected internal structure associated with the first file-type (par.34-40, 56-64).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Radinsky, and further in view of Beveridge (20130067579).
Regarding claims 4, 11, and 18, Radinsky does not expressly disclose, however, Beveridge teaches wherein the training the first classifier or the second classifier comprises: determining, based on at least one feature from each file of the plurality of files, that the at least one feature is indicative of whether content is malign, wherein the determining that the at least one feature is indicative of whether content is malign comprises comparing entropy of the at least one feature to a threshold; and generating, based on the at least one feature, at least one feature vector representation of each file of the plurality of files indicating whether the malign at least one feature is present in each file of the plurality of files (abstract, par.30-41, 85-90).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Radinsky to use entropy comparison during classification of suspect files as taught by Beveridge.
One of ordinary skill in the art would have been motivated to perform such a modification to provide additional means of detecting malware (Beveridge, par.39-74).
Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Radinsky, and further in view of Malanov (20110083187).
Regarding claims 6, 13, and 20, Radinsky does not expressly disclose, however, Malanov teaches wherein the file-type of the third file not being determined is based on the third file being a truncated file / wherein the file-type of the second file not being determined is based on the second file being a truncated file (par.67-71).
Therefore, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify Radinsky to use determine truncated files and use appropriate classification as taught by Malanov.
One of ordinary skill in the art would have been motivated to perform such a modification to further protect resources from potentially malicious code (Malanov, par.60-75).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to David Garcia Cervetti whose telephone number is (571)272-5861. The examiner can normally be reached Monday-Friday 8AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, HADI ARMOUCHE can be reached on (571)270-3618. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/David Garcia Cervetti/Primary Examiner, Art Unit 2419