Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 17/096,497 is presented for examination by the examiner.  Claims 1, 3, 5-8, 10, 12-15, 17, and 19-20 are amended. Claims 1-20 remain pending.

Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 8, and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-3, 8-10, and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over USP Application Publication 2015/0106936 to Rihn et al., hereinafter Rihn in view of USP Application Publication 2010/0205265 to Milliken et al., hereinafter Milliken.
As per claims 1 8, and 15, Rihn teaches a method of preventing unauthorized access to electronic mail attachment, comprising: 
receiving, by a computing system from a client device, an outgoing electronic message comprising an attached file (0020 and 0023); 
identifying, by the computing system, the attached file in the outgoing electronic message (0023); 
comparing, by the computing system, a file name string of the attached file to file name strings associated with known sensitive files (0024 and 0031); 
determining, by the computing system, that the file name string of the attached file is not within a predefined threshold of similarity with any file name strings associated with the known sensitive files [test in some embodiments generates a probability on a sliding scale, where an exact match leads to a probability of 1, and an inexact match receives a probability value that depends on the degree of similarity; 0023]; 
based on the determining, comparing, by the computing system, contents of the attached file to contents of the known sensitive files [tests analyze the intrinsic characteristics of the message and/or its attachments; known viruses; 0023; next tests look at the content within the attachment (0026 and 0027), 
 and based on the determining, blocking, by the computing system, the outgoing electronic message [the message is quarantined or deleted from the delivery queue; 0019].
Rihn is silent in explicitly teaching that the comparing comprises generating a plurality of variants of the attached file, and comparing each variant of the plurality of variants of the attached file to the contents of the known sensitive files; determining, by the computing system, that at least one variant of the plurality of variants the contents of the attached file matches at least a portion of content of at least one known sensitive file.  Rihn teaches a series of test to determine if an attachment is malicious or not including comparisons to known viruses (0023).  Milliken teaches generating a plurality of variants of the attached file (0070), and comparing each variant of the plurality of variants of the attached file to the contents of the known sensitive files 0071); determining, by the computing system, that at least one variant of the plurality of variants the contents of the attached file matches at least a portion of content of at least one known sensitive file (0072).  Milliken teaches a plurality of variants of the attached file in the form of both expanding files if they are compressed and multiples hashes taken over various portions of the file in order to find similarities to threats.  Rihn already teaches signatures matching and Milliken implements signature matching using variants of the file in the form of hashes.  This test could have obvious been combined with the list of tests already implemented by Rihn.  The claim is obvious because one of ordinary skill in the art can combine methods known before the effective filing date which do not produce unpredictable results.  
As per claims 2, 9, and 16, Rihn teaches uploading the contents of the attached file to a first database (“in combination with other tests”; 0032); uploading the contents of the known sensitive files to a second database [compared to previous stored suspicious message; 0029 and 0033]; and joining the first database and the second database [updates the model used for testing; 0033].
As per claims 3, 10, and 17, Rihn teaches determining that the first database is a subset of the second database [the message is similar to previous stored suspicious messages, information associated with the received message is also stored; 0033].   In other words, the new message is sent, deemed first database, and compared to the collection of suspicious and if matches a message in the collection it would be a subset of the collection, deemed second database.  Put another way, the malicious message was already in the known suspicious collection.  In 0034, Rihn explicitly teaches “information pertaining to the forwarded message is optionally stored in memory” and “characteristics of the suspicious messages are stored. When a similar fifth message is received, its characteristics are compared to the characteristics of the four previously noted messages. N-gram, PFSA or other appropriate techniques can be used in the comparison.” 

Allowable Subject Matter
Claims 4-7, 11-14, and 18-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.  Regarding claims 4, 11, and 18, the prior art is silent in explicitly teaching or rendering obvious the idea of converting the attached files to images and hashing them in combination with the steps of the parent claims as a detect known sensitive files.  The prior art hashes the attachments but does not explicitly teach first converting them to images.


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431