Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-22 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-22 of U.S. Patent No. 10,949,533. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims are substantially a reversion to the claims filed 8 May 2020 in the conflicting patens prosecution history.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-22 is/are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No.: US 2015/0195336 A1 (Dunlap et al.) in view of United States Patent Application Publication No.: US 2018/0198821 A1 (Gopalakrishna) in further view of United States Patent No.: US 8,281,019 B1 (Woodard et al.).

As Per Claim 1: Dunlap et al. teaches: A computer network router, comprising:
- at least one processor; and
- at least one memory coupled to the at least one processor, wherein the at least one memory has computer-executable instructions stored thereon that, when executed by the at least one processor, cause the at least one processor to:
	(Dunlap et al., Abstract, “Systems, methods and computer program products download application packages to a mobile device from a traditional application store. The application package may include two applications, a first application executed on the mobile device (e.g., tablet computer, smartphone etc running an Android or iOS operating system) and a second application for execution on the router. When a user downloads and runs the first application on the mobile device, the first application determines if the router is present (e.g., determines if the mobile device is connected to the router) and if so, downloads the second application to the router. The second application may be the router application itself, or it may be an application that when executed on the router, downloads the router application to the router. Alternatively, the first application may issue a command that causes the router to download the router application.”).
	(Dunlap et al., Paragraph [0049], “Embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," "module" or "system." Furthermore, embodiments of the inventive subject matter may take the form of a computer program product embodied in any tangible medium of expression having computer usable program code embodied in the medium. The described embodiments may be provided as a computer program product, or software, that may include a machine-readable medium having stored thereon instructions, which may be used to program a computer system (or other electronic device(s)) to perform a process according to embodiments, whether presently described or not, since every conceivable variation is not enumerated herein. A machine readable medium includes any mechanism for storing or transmitting information in a form (e.g., software, processing application) readable by a machine (e.g., a computer). The machine-readable medium may include, but is not limited to, magnetic storage medium (e.g., floppy diskette); optical storage medium (e.g., CD-ROM); magneto-optical storage medium; read only memory (ROM); random access memory (RAM); erasable programmable memory (e.g., EPROM and EEPROM); flash memory; or other types of medium suitable for storing electronic instructions. In addition, embodiments may be embodied in an electrical, optical, acoustical or other form of propagated signal (e.g., carrier waves, infrared signals, digital signals, etc.), or wireline, wireless, or other communications medium.”).

- provide network routing services to network addressable devices operably connected to the gateway including a device located remotely from the gateway:
- provide Internet service to the device via the gateway from a communication system including a telecommunication channel;
- read one or more files stored on the device;
- cause the gateway to scan for computer viruses the one or more read files stored on a device located remotely from the gateway and to which the gateway provides network routing services 
	(Dunlap et al., Paragraph [0002], “As routers become more powerful, the ability to run third party networking applications is becoming more appealing. For example, applications such as parental control applications and virus scanning applications may be executed on a router. A router that is enhanced with such applications may be referred to as a "smart gateway" because it performs functions in addition to those traditionally performed by conventional routers. Applications for routers are typically obtained from the manufacturer or vendor of the router. For example, an application for a router may be obtained from an application store maintained by the router vendor. The proliferation of application stores can lead to confusion or other difficulties for a router owner that desires to obtain applications for their router.”).
	As established in Dunlap et al. the usage of the term gateway is considered an interchangeable variation of a router not changing the technical nature of the invention.
	(Dunlap et al., Paragraph [0028], “In some embodiments, before a router application is downloaded or installed, the authenticity and authorization of the device executing the device application may be checked to determine if the device application is authorized to cause the router application to be downloaded and installed on the router. The authentication and authorization may be determined using wireless network security parameters. In such embodiments, the fact that the device is successfully connected to a secured wireless network is considered sufficient to determine the authenticity and authorization for the device to cause a router application to be downloaded to the router. In alternative embodiments, other mechanisms such as a user name and password combination or security certificates may be used to determine that a device application is authentic and authorized to cause router applications to be downloaded to a router.”).
	(Dunlap et al., Paragraph [0029], “At block 310, in some embodiments, the device application presents a configuration interface that may be used to supply configuration parameters for the newly installed router application. For example, a virus scanning router application may utilize configuration parameters that specify a level of scanning to be performed, or configuration parameters that specify file types, packet types etc. that are to be scanned. The configuration interface presented by the device application may be used to provide such configuration parameters for the router application.”).

Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- provide television service to the device;
	(Gopalakrishna, Paragraph [0061], “The site network 104 is where the networking devices and users of the an organizations network may be found. The site network 104 may include network infrastructure devices, such as routers, switches hubs, repeaters, wireless base stations, and/or network controllers, among others. The site network 104 may also include computing systems, such as servers, desktop computers, laptop computers, tablet computers, personal digital assistants, and smart phones, among others. The site network 104 may also include other analog and digital electronics that have network interfaces, such as televisions, entertainment systems, thermostats, refrigerators, and so on.”).

- wherein performing the action based on the result of the gateway scanning the one or more read filed of the remote device for computer viruses includes
- in response to the gateway finding that the one or more files stored on the remote device scanned by the gateway contains a computer virus, isolating the remote device from a network that the gateway manages and to which the remote device is connected.
	(Gopalakrishna, Paragraph [0050], “Once malware has been detected, a typical incident response is to manually isolate the compromised computing system. For example, the computing system can be shut down or the computing system's network access can be disabled. By isolating the compromised computing system, network administrators can attempt to prevent or limit the spread of the malware to other devices in the network. Such manual intervention, however, relies on the vigilance, speed, and skill of human operators, who may not be able to keep up with the sheer volume of malware attacks. Isolation of compromised computing systems can be accomplished in an automated fashion, but automated isolation relies on the ability of tools that can detect that the system has been compromised. Such tools may have varying degrees of capability.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

Dunlap et al. and Gopalakrishna do not explicitly teach the following limitation however Woodard et al. in analogous art does teach the following limitation:
- perform an action based on the results of the gateway scanning the one or more read files of the remote device for computer viruses,
	(Woodard et al., Column 7, Lines 42-61, “In some embodiments, the scanning module 135 quarantines (or enables quarantining of) software on the first network device 110. For example, if the scanning module 135 locates a particular virus within a program on the first network device 110, the scanning module 135 may quarantine the program having the virus or the first network device 110. The scanning module 135 can quarantine the program to enable subsequent analysis of the program, such as to enable the disinfecting of the program, in a "closed" environment (i.e., not connected to a network). Moreover, the quarantining of the software program having a virus bolsters security by further ensuring that the virus does not affect other network devices (e.g., the second network device 110') or other programs executing or loaded onto the first network device 110 (e.g., other user's software executing on the first network device 110). The scanning module 135 can also quarantine the first network device 110 that failed a scan by turning off the router port for the first network device 110 (e.g., at the switch). The scanning module 135 may also perform security functions for the first network device 110.”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Woodard et al. into the method of Dunlap et al. and Gopalakrishna in order to be able to ensure application of an antivirus scanning solution to a network independent of the local agent software that may or may not be active on particular computers in the network.

As Per Claim 2: The rejection of claim 1 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- in response to the gateway finding that the one or more files stored on the remote device scanned by the gateway contains a computer virus, performing one or more computer virus quarantine actions over a network that the gateway manages and to which the remote device is connected. 
	(Gopalakrishna, Paragraph [0050], “Once malware has been detected, a typical incident response is to manually isolate the compromised computing system. For example, the computing system can be shut down or the computing system's network access can be disabled. By isolating the compromised computing system, network administrators can attempt to prevent or limit the spread of the malware to other devices in the network. Such manual intervention, however, relies on the vigilance, speed, and skill of human operators, who may not be able to keep up with the sheer volume of malware attacks. Isolation of compromised computing systems can be accomplished in an automated fashion, but automated isolation relies on the ability of tools that can detect that the system has been compromised. Such tools may have varying degrees of capability.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 3: The rejection of claim 1 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- in response to the gateway finding that the one or more files stored on the remote device scanned by the gateway contains a computer virus, performing one or more computer virus recovery or repair actions over a network that the gateway manages and to which the remote device is connected. 
	(Gopalakrishna, Paragraph [0073], “In various implementations, the threat analysis engine 160 may also send threat indicators 162, or similar data, to a behavioral analytics engine 170. The behavioral analytics engine 170 may be configured to use the indicators 162 to probe 118 the site network 104, and see whether the site network 104 has been exposed to the attack, or is vulnerable to the attack. For example, the behavioral analytics engine 170 may search the site network 104 for computing systems that resemble emulated computing systems in the emulated network 116 that were affected by the attack. In some implementations, the behavioral analytics engine 170 can also repair systems affected by the attack, or identify these systems to a network administrator. In some implementations, the behavioral analytics engine 170 can also reconfigure the site network's 104 security infrastructure to defend against the attack.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 4: The rejection of claim 1 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- in response to the gateway finding that the one or more files stored on the remote device scanned by the gateway contains a computer virus, sending an alert to one or more other devices over a network that the gateway manages and to which the remote device and the one or more other devices are connected or to one or more devices over an external network that the gateway does not manage. 
	(Gopalakrishna, Paragraph [0182], “Once the security device 760 has confirmed that the network 700 has been infiltrated, the security device 760 may alert the business owner. For example, the security device 760 may sound an audible alarm, email or send text messages to the computers 730 and/or handheld devices 734, 736, send a message to the business's cars 746, 748, flash lights, or trigger the security system's 724 alarm. In some implementations, the security device 760 may also take preventive measures. For example, the security device 760 may disconnect the network 700 from the Internet 750, may disconnect specific devices from the network 700 (e.g., the server 732 or the manufacturing machines 704), may turn some network-connected devices off, and/or may lock the building.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 5: The rejection of claim 1 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- causing the gateway to compare data read from the one or more files with known signatures of computer viruses. 
	(Gopalakrishna, Paragraph [0046], “Sandbox techniques and similar techniques are frequently used to analyze newly discovered malware. A malware program can be released into the sandbox, where the malware program can be studied and/or reverse engineered by security experts. Reverse engineering the malware can include determining the manner in which the malware operates, the harm intended by the malware, the manner in which the malware replicates itself, and/or identifying the point of entry of the malware into a network or computing system. Security engineers can generate a digital signature for the malware, for example by executing a program or function on data associated with the malware (e.g., a file, a file name, a process, a network packets, etc.). For example, the digital signature can be generated by executing a hash function on an executable file from which the malware program was launched. As used herein, the digital signature is typically a unique identifier for a specific malware program and can be used to identify the malware when, for example, anti -virus tools scan computer data.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 6: Claim 8 is substantially a restatement of the computer network gateway of claim 1 as a method and is rejected under substantially the same reasoning.

As Per Claim 7: The rejection of claim 6 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- managing, by at least one processor of the gateway, a network to which the gateway and the plurality of devices are connected. 
	(Gopalakrishna, Paragraph [0085], “In the example of FIG. 2D, the deception center 208 can also optionally be connected to an outside security services provider 206. The security services provider 206 can manage the deception center 208, including providing updated security data, sending firmware upgrades, and/or coordinating different deception centers 208 for different site networks 204 belonging to the same customer network 202. In some implementations, the deception center 208 can operate without the assistances of an outside security services provider 206.”).
	(Gopalakrishna, Paragraph [0105], “In this example, a server 420 is connected to the additional switch 406b. The server 420 may manage network access for a number of network devices or client devices. For example, the server 420 may provide network authentication, arbitration, prioritization, load balancing, and other management services as needed to manage multiple network devices accessing the enterprise network 400. The server 420 may be connected to a hub 422. The hub 422 may include multiple ports, each of which may provide a wired connection for a network or client device. A hub is typically a simpler device than a switch, and may be used when connecting a small number of network devices together. In some cases, a switch can be substituted for the hub 422. In this example, the hub 422 connects desktop computers 424 and laptop computers 426 to the enterprise network 400. In this example, each of the desktop computers 424 and laptop computers 426 are connected to the hub 422 using a physical cable.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 8: The rejection of claim 7 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- managing, by at least one processor of the gateway, computer virus scanning by the gateway of files of the plurality of devices located remotely from the gateway. 
	(Gopalakrishna, Paragraph [0085], “In the example of FIG. 2D, the deception center 208 can also optionally be connected to an outside security services provider 206. The security services provider 206 can manage the deception center 208, including providing updated security data, sending firmware upgrades, and/or coordinating different deception centers 208 for different site networks 204 belonging to the same customer network 202. In some implementations, the deception center 208 can operate without the assistances of an outside security services provider 206.”).
	(Gopalakrishna, Paragraph [0105], “In this example, a server 420 is connected to the additional switch 406b. The server 420 may manage network access for a number of network devices or client devices. For example, the server 420 may provide network authentication, arbitration, prioritization, load balancing, and other management services as needed to manage multiple network devices accessing the enterprise network 400. The server 420 may be connected to a hub 422. The hub 422 may include multiple ports, each of which may provide a wired connection for a network or client device. A hub is typically a simpler device than a switch, and may be used when connecting a small number of network devices together. In some cases, a switch can be substituted for the hub 422. In this example, the hub 422 connects desktop computers 424 and laptop computers 426 to the enterprise network 400. In this example, each of the desktop computers 424 and laptop computers 426 are connected to the hub 422 using a physical cable.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 9: The rejection of claim 7 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- scheduling, by at least one processor of the gateway, files of the plurality of devices located remotely from the gateway for scanning by the router at different times. 
	(Gopalakrishna, Paragraph [0005], “In some implementations, determining the marker includes determining a change in a system registry of the network device. In some implementations, determining the marker includes determining a change in a file system of the network device. In some implementations, determining the marker includes identifying a process running on the network device. In some implementations, determining the marker includes identifying a user logged in to the network device. In some implementations, determining the marker includes determining a change in a system memory of the network device. In some implementations, determining the marker includes identifying an open port of the network device.”).
	(Gopalakrishna, Paragraph [0068], “To provide the site network 104, the deception center 108 may include a deception profiler 130. In various implementations, the deception profiler may 130 derive information 114 from the site network 104, and determine, for example, the topology of the site network 104, the network devices included in the site network 104, the software and/or hardware configuration of each network device, and/or how the network is used at any given time. Using this information, the deception profiler 130 may determine one or more deceptive security mechanisms to deploy into the site network 104.”).
	(Gopalakrishna, Paragraph [0144], “In various implementations, the security device 660 may scan the network 600 to determine which devices are present in the network 600. Alternatively or additionally, the security device 660 may communicate with a central controller in the network 600 (or multiple central controllers, when there are sub-networks, each with their own central controller) to learn which devices are connected to the network 600. In some implementations, the security device 660 may undergo a learning period, during which the security device 660 learns the normal activity of the network 600, such as what time of day appliances and electronics are used, what they are used for, and/or what data is transferred to and from these devices. During the learning period, the security device 660 may alert the homeowner to any unusual or suspicious activity. The homeowner may indicate that this activity is acceptable, or may indicate that the activity is an intrusion. As described below, the security device 660 may subsequently take preventive action against the intrusion.”).
	(Gopalakrishna, Paragraph [0174], “Once connected to the network 700, the security device 760 may begin monitoring the network 700 for suspect activity. In some implementations, the security device 760 may scan the network 700 to learn which devices are connected to the network 700. In some cases, the security device 760 may learn the normal activity of the network 700, such as what time the various devices are used, for how long, by whom, for what purpose, and what data is transferred to and from each device, among other things.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 10: The rejection of claim 9 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- scheduling files on the plurality of devices located remotely from the gateway for scanning by the gateway at different times includes scheduling files on the plurality of devices located remotely from the gateway for scanning by the gateway at different times based on network traffic conditions. 
	(Gopalakrishna, Paragraph [0005], “In some implementations, determining the marker includes determining a change in a system registry of the network device. In some implementations, determining the marker includes determining a change in a file system of the network device. In some implementations, determining the marker includes identifying a process running on the network device. In some implementations, determining the marker includes identifying a user logged in to the network device. In some implementations, determining the marker includes determining a change in a system memory of the network device. In some implementations, determining the marker includes identifying an open port of the network device.”).
	(Gopalakrishna, Paragraph [0068], “To provide the site network 104, the deception center 108 may include a deception profiler 130. In various implementations, the deception profiler may 130 derive information 114 from the site network 104, and determine, for example, the topology of the site network 104, the network devices included in the site network 104, the software and/or hardware configuration of each network device, and/or how the network is used at any given time. Using this information, the deception profiler 130 may determine one or more deceptive security mechanisms to deploy into the site network 104.”).
	(Gopalakrishna, Paragraph [0144], “In various implementations, the security device 660 may scan the network 600 to determine which devices are present in the network 600. Alternatively or additionally, the security device 660 may communicate with a central controller in the network 600 (or multiple central controllers, when there are sub-networks, each with their own central controller) to learn which devices are connected to the network 600. In some implementations, the security device 660 may undergo a learning period, during which the security device 660 learns the normal activity of the network 600, such as what time of day appliances and electronics are used, what they are used for, and/or what data is transferred to and from these devices. During the learning period, the security device 660 may alert the homeowner to any unusual or suspicious activity. The homeowner may indicate that this activity is acceptable, or may indicate that the activity is an intrusion. As described below, the security device 660 may subsequently take preventive action against the intrusion.”).
	(Gopalakrishna, Paragraph [0174], “Once connected to the network 700, the security device 760 may begin monitoring the network 700 for suspect activity. In some implementations, the security device 760 may scan the network 700 to learn which devices are connected to the network 700. In some cases, the security device 760 may learn the normal activity of the network 700, such as what time the various devices are used, for how long, by whom, for what purpose, and what data is transferred to and from each device, among other things.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 11: The rejection of claim 9 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- scheduling files of the plurality of devices located remotely from the gateway for scanning by the gateway at different times includes scheduling files of the plurality of devices located remotely from the gateway for scanning by the gateway at different times based on different levels of use of the plurality of devices. 
	(Gopalakrishna, Paragraph [0005], “In some implementations, determining the marker includes determining a change in a system registry of the network device. In some implementations, determining the marker includes determining a change in a file system of the network device. In some implementations, determining the marker includes identifying a process running on the network device. In some implementations, determining the marker includes identifying a user logged in to the network device. In some implementations, determining the marker includes determining a change in a system memory of the network device. In some implementations, determining the marker includes identifying an open port of the network device.”).
	(Gopalakrishna, Paragraph [0068], “To provide the site network 104, the deception center 108 may include a deception profiler 130. In various implementations, the deception profiler may 130 derive information 114 from the site network 104, and determine, for example, the topology of the site network 104, the network devices included in the site network 104, the software and/or hardware configuration of each network device, and/or how the network is used at any given time. Using this information, the deception profiler 130 may determine one or more deceptive security mechanisms to deploy into the site network 104.”).
	(Gopalakrishna, Paragraph [0144], “In various implementations, the security device 660 may scan the network 600 to determine which devices are present in the network 600. Alternatively or additionally, the security device 660 may communicate with a central controller in the network 600 (or multiple central controllers, when there are sub-networks, each with their own central controller) to learn which devices are connected to the network 600. In some implementations, the security device 660 may undergo a learning period, during which the security device 660 learns the normal activity of the network 600, such as what time of day appliances and electronics are used, what they are used for, and/or what data is transferred to and from these devices. During the learning period, the security device 660 may alert the homeowner to any unusual or suspicious activity. The homeowner may indicate that this activity is acceptable, or may indicate that the activity is an intrusion. As described below, the security device 660 may subsequently take preventive action against the intrusion.”).
	(Gopalakrishna, Paragraph [0174], “Once connected to the network 700, the security device 760 may begin monitoring the network 700 for suspect activity. In some implementations, the security device 760 may scan the network 700 to learn which devices are connected to the network 700. In some cases, the security device 760 may learn the normal activity of the network 700, such as what time the various devices are used, for how long, by whom, for what purpose, and what data is transferred to and from each device, among other things.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 12: The rejection of claim 9 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- scheduling files of the plurality of devices located remotely from the gateway for scanning by the gateway at different times includes scheduling files of the plurality of devices located remotely from the gateway for scanning by the gateway at different times based different types of use of the plurality of devices.
	(Gopalakrishna, Paragraph [0005], “In some implementations, determining the marker includes determining a change in a system registry of the network device. In some implementations, determining the marker includes determining a change in a file system of the network device. In some implementations, determining the marker includes identifying a process running on the network device. In some implementations, determining the marker includes identifying a user logged in to the network device. In some implementations, determining the marker includes determining a change in a system memory of the network device. In some implementations, determining the marker includes identifying an open port of the network device.”).
	(Gopalakrishna, Paragraph [0068], “To provide the site network 104, the deception center 108 may include a deception profiler 130. In various implementations, the deception profiler may 130 derive information 114 from the site network 104, and determine, for example, the topology of the site network 104, the network devices included in the site network 104, the software and/or hardware configuration of each network device, and/or how the network is used at any given time. Using this information, the deception profiler 130 may determine one or more deceptive security mechanisms to deploy into the site network 104.”).
	(Gopalakrishna, Paragraph [0144], “In various implementations, the security device 660 may scan the network 600 to determine which devices are present in the network 600. Alternatively or additionally, the security device 660 may communicate with a central controller in the network 600 (or multiple central controllers, when there are sub-networks, each with their own central controller) to learn which devices are connected to the network 600. In some implementations, the security device 660 may undergo a learning period, during which the security device 660 learns the normal activity of the network 600, such as what time of day appliances and electronics are used, what they are used for, and/or what data is transferred to and from these devices. During the learning period, the security device 660 may alert the homeowner to any unusual or suspicious activity. The homeowner may indicate that this activity is acceptable, or may indicate that the activity is an intrusion. As described below, the security device 660 may subsequently take preventive action against the intrusion.”).
	(Gopalakrishna, Paragraph [0174], “Once connected to the network 700, the security device 760 may begin monitoring the network 700 for suspect activity. In some implementations, the security device 760 may scan the network 700 to learn which devices are connected to the network 700. In some cases, the security device 760 may learn the normal activity of the network 700, such as what time the various devices are used, for how long, by whom, for what purpose, and what data is transferred to and from each device, among other things.”).
	(Gopalakrishna, Paragraph [0264], “As also noted above, the high-interaction network 1316 can closely monitor the behavior of the malware program 1390. For purposes of vaccinating the network 1300, however, the high-interaction network 1316 can be configured to quickly identify changes made to the user workstation 1378 by the malware program 1390, and locate a marker 1360 generated by the malware program 1390. For example, the high-interaction network 1316 can take a snapshot of the user workstation 1378 before the malware program 1390 is activated and take a snapshot after the malware program 1390 is activated. By comparing these snapshots, the high-interaction network 1316 can identify changes made to the user workstation 1378 by the malware program 1390. Changes such as file overwrites (such as, for example, overwrites caused by ransomware encrypting files), registry overwrites, and other changes related to the harm intended by the malware program 1390 can be ignored. Similarly, in some implementations, deletion of registry entries, changes to sensitive registry entries (such as those related to security, backup, restore, and/or anti -virus software), file system deletion or updates of application software such as anti -virus software, changes to operating system directory, loading of certain DLLs, changes to some environment variables, and/or new task schedulers may also be excluded.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 13: Dunlap et al. teaches A non-transitory computer-readable medium having computer-executable instructions stored thereon that, when executed by at least one processor, cause the at least one processor to:
	(Dunlap et al., Abstract, “Systems, methods and computer program products download application packages to a mobile device from a traditional application store. The application package may include two applications, a first application executed on the mobile device (e.g., tablet computer, smartphone etc running an Android or iOS operating system) and a second application for execution on the router. When a user downloads and runs the first application on the mobile device, the first application determines if the router is present (e.g., determines if the mobile device is connected to the router) and if so, downloads the second application to the router. The second application may be the router application itself, or it may be an application that when executed on the router, downloads the router application to the router. Alternatively, the first application may issue a command that causes the router to download the router application.”).
	(Dunlap et al., Paragraph [0049], “Embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," "module" or "system." Furthermore, embodiments of the inventive subject matter may take the form of a computer program product embodied in any tangible medium of expression having computer usable program code embodied in the medium. The described embodiments may be provided as a computer program product, or software, that may include a machine-readable medium having stored thereon instructions, which may be used to program a computer system (or other electronic device(s)) to perform a process according to embodiments, whether presently described or not, since every conceivable variation is not enumerated herein. A machine readable medium includes any mechanism for storing or transmitting information in a form (e.g., software, processing application) readable by a machine (e.g., a computer). The machine-readable medium may include, but is not limited to, magnetic storage medium (e.g., floppy diskette); optical storage medium (e.g., CD-ROM); magneto-optical storage medium; read only memory (ROM); random access memory (RAM); erasable programmable memory (e.g., EPROM and EEPROM); flash memory; or other types of medium suitable for storing electronic instructions. In addition, embodiments may be embodied in an electrical, optical, acoustical or other form of propagated signal (e.g., carrier waves, infrared signals, digital signals, etc.), or wireline, wireless, or other communications medium.”).
	(Dunlap et al., Paragraph [0029], “At block 310, in some embodiments, the device application presents a configuration interface that may be used to supply configuration parameters for the newly installed router application. For example, a virus scanning router application may utilize configuration parameters that specify a level of scanning to be performed, or configuration parameters that specify file types, packet types etc. that are to be scanned. The configuration interface presented by the device application may be used to provide such configuration parameters for the router application.”).
	(Dunlap et al., Paragraph [0002], “As routers become more powerful, the ability to run third party networking applications is becoming more appealing. For example, applications such as parental control applications and virus scanning applications may be executed on a router. A router that is enhanced with such applications may be referred to as a "smart gateway" because it performs functions in addition to those traditionally performed by conventional routers. Applications for routers are typically obtained from the manufacturer or vendor of the router. For example, an application for a router may be obtained from an application store maintained by the router vendor. The proliferation of application stores can lead to confusion or other difficulties for a router owner that desires to obtain applications for their router.”).

- provide network routing services to a plurality of network addressable devices operably connected to a computer network gateway including a device located remotely from the gateway:
- provide Internet service to the device via the gateway from a communication system including a telecommunication channel;
- read one or more files stored on the device;
- cause the gateway to scan for computer viruses the one or more read files stored on a device located remotely from the gateway and to which the gateway provides network routing services 
	(Dunlap et al., Paragraph [0002], “As routers become more powerful, the ability to run third party networking applications is becoming more appealing. For example, applications such as parental control applications and virus scanning applications may be executed on a router. A router that is enhanced with such applications may be referred to as a "smart gateway" because it performs functions in addition to those traditionally performed by conventional routers. Applications for routers are typically obtained from the manufacturer or vendor of the router. For example, an application for a router may be obtained from an application store maintained by the router vendor. The proliferation of application stores can lead to confusion or other difficulties for a router owner that desires to obtain applications for their router.”).
	As established in Dunlap et al. the usage of the term gateway is considered an interchangeable variation of a router not changing the technical nature of the invention.
	(Dunlap et al., Paragraph [0028], “In some embodiments, before a router application is downloaded or installed, the authenticity and authorization of the device executing the device application may be checked to determine if the device application is authorized to cause the router application to be downloaded and installed on the router. The authentication and authorization may be determined using wireless network security parameters. In such embodiments, the fact that the device is successfully connected to a secured wireless network is considered sufficient to determine the authenticity and authorization for the device to cause a router application to be downloaded to the router. In alternative embodiments, other mechanisms such as a user name and password combination or security certificates may be used to determine that a device application is authentic and authorized to cause router applications to be downloaded to a router.”).
	(Dunlap et al., Paragraph [0029], “At block 310, in some embodiments, the device application presents a configuration interface that may be used to supply configuration parameters for the newly installed router application. For example, a virus scanning router application may utilize configuration parameters that specify a level of scanning to be performed, or configuration parameters that specify file types, packet types etc. that are to be scanned. The configuration interface presented by the device application may be used to provide such configuration parameters for the router application.”).

Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- provide television service to the device;
	(Gopalakrishna, Paragraph [0061], “The site network 104 is where the networking devices and users of the an organizations network may be found. The site network 104 may include network infrastructure devices, such as routers, switches hubs, repeaters, wireless base stations, and/or network controllers, among others. The site network 104 may also include computing systems, such as servers, desktop computers, laptop computers, tablet computers, personal digital assistants, and smart phones, among others. The site network 104 may also include other analog and digital electronics that have network interfaces, such as televisions, entertainment systems, thermostats, refrigerators, and so on.”).

- store different sets of virus signatures the gateway for each device of the plurality of devices located remotely from the gateway on a network which is managed by the gateway;
- for each device of the plurality of devices, located remotely from the gateway causing the gateway to scan (for computer viruses one or more different files stored on the device and remotely located from the gateway) using a different set of virus signatures of the different sets of virus signatures stored on the gateway for each device of the plurality of devices located remotely from the gateway. 
	(Gopalakrishna, Paragraph [0046], “Sandbox techniques and similar techniques are frequently used to analyze newly discovered malware. A malware program can be released into the sandbox, where the malware program can be studied and/or reverse engineered by security experts. Reverse engineering the malware can include determining the manner in which the malware operates, the harm intended by the malware, the manner in which the malware replicates itself, and/or identifying the point of entry of the malware into a network or computing system. Security engineers can generate a digital signature for the malware, for example by executing a program or function on data associated with the malware (e.g., a file, a file name, a process, a network packets, etc.). For example, the digital signature can be generated by executing a hash function on an executable file from which the malware program was launched. As used herein, the digital signature is typically a unique identifier for a specific malware program and can be used to identify the malware when, for example, anti -virus tools scan computer data.”).
	(Gopalakrishna, Paragraph [0054], “Cyber-antibody techniques can be used to identify such network traffic. Once identified, this seemingly harmless network traffic can be deliberately "tainted" or made to carry a known malware signature. The network traffic thus appears to contain malware, and because known malware is used, a network's security infrastructure will block the network traffic from reaching the Internet. The malware's command and control channel can thus be cut off, possibly preventing the malware from doing harm. The cyber-antibody can further be distributed to the computing systems in a network, so that, should these systems become infected with the same malware, the malware will be unable to establish a command and control communication channel. These computing systems can thus be protected from this particular malware.”).

- for at least one of the plurality of devices located remotely from the gateway, in response to the gateway finding that the one or more files stored on the at least one device scanned by the gateway contains a computer virus, determining whether the computer virus contained in the one or more files stored on the at least one device affects a particular network zone, to which the at least one device and additional devices belong, on a network that the gateway manages and to which the additional devices are connected; and in response to the gateway determining that the computer virus contained in the one or more files stored on the at least one device affects the particular network zone, isolating the network zone on the network that the gateway manages.
	(Gopalakrishna, Paragraph [0050], “Once malware has been detected, a typical incident response is to manually isolate the compromised computing system. For example, the computing system can be shut down or the computing system's network access can be disabled. By isolating the compromised computing system, network administrators can attempt to prevent or limit the spread of the malware to other devices in the network. Such manual intervention, however, relies on the vigilance, speed, and skill of human operators, who may not be able to keep up with the sheer volume of malware attacks. Isolation of compromised computing systems can be accomplished in an automated fashion, but automated isolation relies on the ability of tools that can detect that the system has been compromised. Such tools may have varying degrees of capability.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

Dunlap et al. and Gopalakrishna do not explicitly teach the following limitation however Woodard et al. in analogous art does teach the following limitation:
- (for each device of the plurality of devices) located remotely from the gateway
- (for each device of the plurality of devices, causing the router to scan) for computer viruses one or more different files stored on the device and remotely located from the gateway
	(Woodard et al., Column 7, Lines 42-61, “In some embodiments, the scanning module 135 quarantines (or enables quarantining of) software on the first network device 110. For example, if the scanning module 135 locates a particular virus within a program on the first network device 110, the scanning module 135 may quarantine the program having the virus or the first network device 110. The scanning module 135 can quarantine the program to enable subsequent analysis of the program, such as to enable the disinfecting of the program, in a "closed" environment (i.e., not connected to a network). Moreover, the quarantining of the software program having a virus bolsters security by further ensuring that the virus does not affect other network devices (e.g., the second network device 110') or other programs executing or loaded onto the first network device 110 (e.g., other user's software executing on the first network device 110). The scanning module 135 can also quarantine the first network device 110 that failed a scan by turning off the router port for the first network device 110 (e.g., at the switch). The scanning module 135 may also perform security functions for the first network device 110.”).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Woodard et al. into the method of Dunlap et al. and Gopalakrishna in order to be able to ensure application of an antivirus scanning solution to a network independent of the local agent software that may or may not be active on particular computers in the network.

As Per Claim 14: The rejection of claim 13 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- the plurality of devices for which files stored on the plurality of devices are scanned by the gateway includes a home appliance. 
	(Gopalakrishna, Paragraph [0240], “The network nodes 1210a-1210f, 1280 can include a variety of devices. For example, the network nodes 1210a-1210f, 1280 can include computing systems, such as server computers, laptop computers, desktop computers, smart phones, personal digital assistants, tablet computers, and so on. As another example, the network nodes 1210a-1210f, 1280 can include peripheral devices, such as printers and monitors, among others. As another example, the network nodes 1210a-1210f, 1280 can include storage arrays and compute farms, among other things. As another example, the network nodes 1210a-1210f, 1280 can include other systems that can be connected to a network, such as entertainment systems, televisions, home appliances, factory machinery, and so on.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to implement known operations and protocols for computing devices with Internet of Things Infrastructure.

As Per Claim 15: The rejection of claim 13 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- the plurality of devices for which files stored on the plurality of devices are scanned by the gateway includes a home security device. 
	(Gopalakrishna, Paragraph [0135], “The network 600 may also include home safety and security devices, such as a smoke detector 616, an electronic door lock 624, and a home security system 626. Having these devices on the network may allow the homeowner to track the information monitored and/or sensed by these devices, both when the homeowner is at home and away from the house. For example, the homeowner may be able to view a video feed from a security camera 628. When the safety and security devices detect a problem, they may also inform the homeowner. For example, the smoke detector 616 may send an alert to the homeowner's smartphone when it detects smoke, or the electronic door lock 624 may alert the homeowner when there has been a forced entry. Furthermore, the homeowner may be able to remotely control these devices. For example, the homeowner may be able to remotely open the electronic door lock 624 for a family member who has been locked out. The safety and security devices may also use their connection to the network to call the fire department or police if necessary.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to implement known operations and protocols for computing devices with Internet of Things Infrastructure.

As Per Claim 16: The rejection of claim 13 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- the plurality of devices for which files stored on the plurality of devices are scanned by the gateway includes a computer. 
	(Gopalakrishna, Paragraph [0136], “Another non-traditional device that may be found in the network 600 is the family car 630. The car 630 is one of many devices, such as laptop computers 638, tablet computers 646, and smartphones 642, that connect to the network 600 when at home, and when not at home, may be able to connect to the network 600 over the Internet 650. Connecting to the network 600 over the Internet 650 may provide the homeowner with remote access to his network. The network 600 may be able to provide information to the car 630 and receive information from the car 630 while the car is away. For example, the network 600 may be able to track the location of the car 630 while the car 630 is away.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to implement known operations and protocols for computing devices with Internet of Things Infrastructure.

As Per Claim 17: The rejection of claim 13 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- the plurality of devices for which files stored on the plurality of devices are scanned by the gateway includes a smartphone. 
	(Gopalakrishna, Paragraph [0136], “Another non-traditional device that may be found in the network 600 is the family car 630. The car 630 is one of many devices, such as laptop computers 638, tablet computers 646, and smartphones 642, that connect to the network 600 when at home, and when not at home, may be able to connect to the network 600 over the Internet 650. Connecting to the network 600 over the Internet 650 may provide the homeowner with remote access to his network. The network 600 may be able to provide information to the car 630 and receive information from the car 630 while the car is away. For example, the network 600 may be able to track the location of the car 630 while the car 630 is away.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to implement known operations and protocols for computing devices with Internet of Things Infrastructure.

As Per Claim 18: The rejection of claim 13 is incorporated and further Dunlap et al.  and Gopalakrishna do not explicitly teach the following limitation:
- the plurality of devices for which files stored on the plurality of devices are scanned by the gateway includes a set-top box. 
	However Examiner is giving official notice that a set-top box is just a particular networked device in the Internet of Things (IoT). A particular device is merely nonfunctional descriptive material any networked device can be included as an intercagable alternative in the IoT without changing the nature of the invention. Gopalakrishna has already noted implementation with the IoT.
	(Gopalakrishna, Paragraph [0112], “FIG. 4 illustrates one example of what can be considered a "traditional" network, that is, a network that is based on the interconnection of computers. In various implementations, a network security system, such as the deception-based system discussed above, can also be used to defend "non-traditional" networks that include devices other than traditional computers, such as for example mechanical, electrical, or electromechanical devices, sensors, actuators, and control systems. Such "non-traditional" networks may be referred to as the Internet of Things (IoT). The Internet of Things encompasses newly-developed, every-day devices designed to be networked (e.g., drones, self-driving automobiles, etc.) as well as common and long-established machinery that has augmented to be connected to a network (e.g., home appliances, traffic signals, etc.).”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to implement known operations and protocols for computing devices with Internet of Things Infrastructure.

As Per Claim 19: The rejection of claim 13 is incorporated and further Dunlap et al. teaches:
- the plurality of devices for which files stored on the plurality of devices are scanned by the gateway includes a device running a closed platform operating system. 
	(Gopalakrishna, Paragraph [0050], “Once malware has been detected, a typical incident response is to manually isolate the compromised computing system. For example, the computing system can be shut down or the computing system's network access can be disabled. By isolating the compromised computing system, network administrators can attempt to prevent or limit the spread of the malware to other devices in the network. Such manual intervention, however, relies on the vigilance, speed, and skill of human operators, who may not be able to keep up with the sheer volume of malware attacks. Isolation of compromised computing systems can be accomplished in an automated fashion, but automated isolation relies on the ability of tools that can detect that the system has been compromised. Such tools may have varying degrees of capability.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 20: The rejection of claim 13 is incorporated and further Dunlap et al. teaches:
- the gateway is a device running on a closed platform operating system. 
	(Gopalakrishna, Paragraph [0050], “Once malware has been detected, a typical incident response is to manually isolate the compromised computing system. For example, the computing system can be shut down or the computing system's network access can be disabled. By isolating the compromised computing system, network administrators can attempt to prevent or limit the spread of the malware to other devices in the network. Such manual intervention, however, relies on the vigilance, speed, and skill of human operators, who may not be able to keep up with the sheer volume of malware attacks. Isolation of compromised computing systems can be accomplished in an automated fashion, but automated isolation relies on the ability of tools that can detect that the system has been compromised. Such tools may have varying degrees of capability.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to expand on the implementation and utility of virus detection and prevention mechanisms as taught in Dunlap et al.

As Per Claim 21: The rejection of claim 13 is incorporated and further Dunlap et al. teaches:
- the gateway is a device trusted by the plurality of devices over the network. 
	(Dunlap et al., Paragraph [0028], “In some embodiments, before a router application is downloaded or installed, the authenticity and authorization of the device executing the device application may be checked to determine if the device application is authorized to cause the router application to be downloaded and installed on the router. The authentication and authorization may be determined using wireless network security parameters. In such embodiments, the fact that the device is successfully connected to a secured wireless network is considered sufficient to determine the authenticity and authorization for the device to cause a router application to be downloaded to the router. In alternative embodiments, other mechanisms such as a user name and password combination or security certificates may be used to determine that a device application is authentic and authorized to cause router applications to be downloaded to a router.”).
	(Dunlap et al., Paragraph [0029], “At block 310, in some embodiments, the device application presents a configuration interface that may be used to supply configuration parameters for the newly installed router application. For example, a virus scanning router application may utilize configuration parameters that specify a level of scanning to be performed, or configuration parameters that specify file types, packet types etc. that are to be scanned. The configuration interface presented by the device application may be used to provide such configuration parameters for the router application.”).
	(Dunlap et al., Paragraph [0030], “In embodiments where the device application is executed on a remote device and may communicate with the router via public networks such as the Internet, a secure network tunnel may be established between the remote device and the router. The secure network tunnel provides a secure mechanism for downloading a router application to the router. Additionally, the secure network tunnel provides for secure transmission of configuration parameters and password so that a malicious user may be prevented from intercepting such information. Examples of secure network tunneling protocols include Virtual Private Network (VPN) and Secure Shell (SSH) tunneling protocols.”).

As Per Claim 22: The rejection of claim 13 is incorporated and further Dunlap et al. does not teach the following limitation however Gopalakrishna in analogous art does teach the following limitation:
- the plurality of devices for which files stored on the plurality of devices are scanned by the gateway includes one or more of: a home security device, a door lock, a video camera, a baby monitor, a light switch, a thermostat, a garage door opener, a kitchen appliance, a washing machine and a dryer.
	(Gopalakrishna, Paragraph [0135], “The network 600 may also include home safety and security devices, such as a smoke detector 616, an electronic door lock 624, and a home security system 626. Having these devices on the network may allow the homeowner to track the information monitored and/or sensed by these devices, both when the homeowner is at home and away from the house. For example, the homeowner may be able to view a video feed from a security camera 628. When the safety and security devices detect a problem, they may also inform the homeowner. For example, the smoke detector 616 may send an alert to the homeowner's smartphone when it detects smoke, or the electronic door lock 624 may alert the homeowner when there has been a forced entry. Furthermore, the homeowner may be able to remotely control these devices. For example, the homeowner may be able to remotely open the electronic door lock 624 for a family member who has been locked out. The safety and security devices may also use their connection to the network to call the fire department or police if necessary.”).
	It would have been obvious to one of ordinary skill in that art before the effective filing date of the claimed invention to incorporate the teachings of Gopalakrishna into the method of Dunlap et al. to implement known operations and protocols for computing devices with Internet of Things Infrastructure.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN A KAPLAN whose telephone number is (571)270-3170.  The examiner can normally be reached on 9:00 a.m. - 5:00 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN A KAPLAN/Examiner, Art Unit 2434