DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 17319638 filed on 05/13/2021. Claims 1, 9 and 17 are independent claims. Claims 1-20 have been examined and are pending in this application. This Office Action is made Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/13/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  

Claims 1, 5 and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 9 and 17 of the application 17/319,831 and claims 1, 9 and 17 of the application 17/319,299.  Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1, 5 and 17 -5 of the instant application are encompassed by the limitations recited in claims 1, 9 and 17 of the application 17/319,831 and 17/319,299; (refer to the comparison table below for detail).
Instant Application 17/319,638
US 20220366042 (Application 17/319,831)
US 20220366038
 (application 17/319,299)
Claim 1: A method comprising: 

receiving, via a computing network, a signal indicating storage of a file a software distribution point (SDP) computing system, wherein the signal is automatically generated by the SDP computing system based on saving of at least one file;
enumerating, by a known deployed file metadata analysis engine, available files stored on the SDP computing system;




retrieving, based on a comparison of enumerated files to logical paths associated with the SDP computing system to identify one or more new files and by the known deployed file metadata analysis engine from the SDP computing system via a network, the one or more new files;

extracting, by the known deployed file metadata analysis engine, metadata from each of the one or more new files; 

recursively extracting, based on an indication that a file of the one or more new files is a container file and by the known deployed file metadata analysis engine, metadata from each file stored in the container file of the one or more new files;

identifying, by the known deployed file metadata analysis engine, a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of “known-good” files;

updating, by the known deployed file metadata analysis engine, the matched metadata with an indication that the file is “known-deployed”; and





triggering, by the known deployed file metadata analysis engine, synchronization of stored metadata to an external computing system based on the update of the matched metadata.
Claim 1: A method comprising:

receiving, via a computing network, a signal indicating storage of a file a software distribution point (SDP) computing system, wherein the signal is automatically generated by the SDP computing system based on saving of at least one file;

enumerating, by a known deployed file metadata analysis engine, available files stored on the SDP computing system; 




retrieving, based on a comparison of enumerated files to logical paths associated with the SDP computing system to identify one or more new files and by the known deployed file metadata analysis engine from the SDP computing system via a network, the one or more new files; 


extracting, by the known deployed file metadata analysis engine, metadata from each of the one or more new files; 

recursively extracting, based on an indication that a file of the one or more new files is a container file and by the known deployed file metadata analysis engine, metadata from each file stored in the container file of the one or more new files;


identifying, by the known deployed file metadata analysis engine, a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of “known-good” files;



updating, by the known deployed file metadata analysis engine, the matched metadata with an indication that the file is “known-deployed”; communicating, via the network and to a security sandbox computing device, files acquired from the SDP computing system;

triggering, by the known deployed file metadata analysis engine, detonation of the files; and 
generating, by the known deployed file metadata analysis engine based on metadata received from the security sandbox computing device, deployed file artifacts associated with the files acquired from the SDP computing system.
Claim 1: A method comprising: 











enumerating, by a known deployed file metadata analysis engine, available files stored on a software distribution point (SDP) computing system;

comparing, by the known deployed file metadata analysis engine, enumerated files to logical paths associated with the SDP computing system to identify one or more new files;

retrieving, by the known deployed file metadata analysis engine from the SDP computing system via a network, the one or more new files; 

extracting, by the known deployed file metadata analysis engine, metadata from each of the one or more new files; 

recursively extracting, based on an indication that a file of the one or more new files is a container file and by the known deployed file metadata analysis engine, metadata from each file stored in the container file of the one or more new files;


identifying, by the known deployed file metadata analysis engine, a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of "known-good" files;



updating, by the known deployed file metadata analysis engine, the matched metadata with an indication that the file is "known-deployed"; and 





triggering, by the known deployed file metadata analysis engine, deployment of one or more files by the SDP, wherein the one or more files are associated with metadata indicating the file is "known-deployed".
Claim 9: A system comprising: a software distribution point (SDP) computing system comprising memory storing a plurality of files; a known-deployed file metadata analysis server comprising: a processor; and non-transitory memory storing instructions that, when executed by the processor, causes the known-deployed file metadata analysis server to: 

enumerate, based on an indication received from the
SDP computing system that indicates at least one file has been created, available files stored on the SDP computing system; 
compare enumerated files to logical paths associated with the SDP computing system to identify one or more new files;

 retrieve, from the SDP computing system via a network, the one or more new files; 

extract metadata from each of the one or more new files;

recursively extract, based on an indication that a file of the one or more new files is a container file, metadata from each file stored in the container file of the one or more new files; 

identify a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of “known-good” files;
update the matched metadata with an indication that the file is “known-deployed”; and

trigger synchronization of stored metadata to an external computing system based on the update of the matched metadata.
Claim 9: A system comprising: a software distribution point (SDP) computing system comprising memory storing a plurality of files; a known-deployed file metadata analysis server comprising: a processor; and non-transitory memory storing instructions that, when executed by the processor, causes the known-deployed file metadata analysis server to:


enumerate, based on an indication received from the SDP computing system that indicates at least one file has been created, available files stored on the SDP computing system; 
compare enumerated files to logical paths associated with the SDP computing system to identify one or more new files; 

retrieve, from the SDP computing system via a network, the one or more new files; 

extract metadata from each of the one or more new files;

recursively extract, based on an indication that a file of the one or more new files is a container file, metadata from each file stored in the container file of the one or more new files; 


identify a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of “known-good” files;
update the matched metadata with an indication that the file is “known-deployed”; 


trigger synchronization of stored metadata to an external computing system based on the update of the matched metadata;
communicate, via the network and to a security sandbox computing device, files acquired from the SDP computing system; 
trigger detonation of the files; and 
generate, based on metadata received from the security sandbox computing device, deployed file artifacts associated with the files acquired from the SDP computing system.
Claim 9: An apparatus comprising: a processor; and non-transitory memory storing instructions that, when executed by the processor, causes the apparatus to: 









enumerate available files stored on a software distribution point (SDP) computing system; 



compare enumerated files to logical paths associated with the SDP computing system to identify one or more new files;

retrieve, from the SDP computing system via a network, the one or more new files; 

extract metadata from each of the one or more new files; 

recursively extract, based on an indication that a file of the one or more new files is a container file, metadata from each file stored in the container file of the one or more new files; 

identify a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of "known-good" files;
update the matched metadata with an indication that the file is "known-deployed"; and 


trigger deployment of one or more files by the SDP, wherein the one or more files are associated with metadata indicating the file has a "known-deployed" identifier.
Claim 17: Non-transitory computer-readable media storing instructions that, when executed by a computing device comprising at least one processor, memory, and a communication interface, cause the computing device to: 

enumerate, based on an indication received from the SDP computing system that indicates at least one file has been created, available files stored on the SDP computing system;

compare enumerated files to logical paths associated with the SDP computing system to identify one or more new files; 

retrieve, from the SDP computing system via a network, the one or more new files;

extract metadata from each of the one or more new files; 

recursively extract, based on an indication that a file of the one or more new files is a container file, metadata from each file stored in the container file of the one or more new files; 

identify a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of “known-good” files;

update the matched metadata with an indication that the file is “known-deployed”; and






trigger synchronization of stored metadata to an external computing system based on the update of the matched metadata.
Claim 17: Non-transitory computer-readable media storing instructions that, when executed by a computing device comprising at least one processor, memory, and a communication interface, cause the computing device to: 


enumerate, based on an indication received from the SDP computing system that indicates at least one file has been created, available files stored on the SDP computing system;

compare enumerated files to logical paths associated with the SDP computing system to identify one or more new files; 

retrieve, from the SDP computing system via a network, the one or more new files; 

extract metadata from each of the one or more new files; 


recursively extract, based on an indication that a file of the one or more new files is a container file, metadata from each file stored in the container file of the one or more new files; 

identify a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of “known-good” files;


update the matched metadata with an indication that the file is “known-deployed”; 
communicate, via the network and to a security sandbox computing device, files acquired from the SDP computing system; 

trigger detonation of the files; and 
generate, based on metadata received from the security sandbox computing device, deployed file artifacts associated with the files acquired from the SDP computing system.
Claim 17: Non-transitory computer-readable media storing instructions that, when executed by a computing device comprising at least one processor, memory, and a communication interface, cause the computing device to: 

enumerate available files stored on a software distribution point (SDP) computing system; 




compare enumerated files to logical paths associated with the SDP computing system to identify one or more new files; 

retrieve, from the SDP computing system via a network, the one or more new files; 

extract metadata from each of the one or more new files; 

recursively extract, based on an indication that a file of the one or more new files is a container file, metadata from each file stored in the container file of the one or more new files; 


identify a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of "known-good" files;


update the matched metadata with an indication that the file is "known-deployed"; and 






trigger deployment of one or more files by the SDP, wherein the one or more files are associated with metadata indicating the file has a "known-deployed" identifier.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3, 8-9, 11, 16-17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over MITKAR et al. (“MITKAR,” US 20180285199, published on 10/04/2018) in view of Gupta et al. (“Gupta,” US 9,886,443, published on 02/06/2018) and further in view of Odedra et al. (“Odedra,” US 9,922,033, published on 03/20/2018).

Regarding Claim 1; 
MITKAR discloses a method comprising: 
receiving, via a computing network, a signal indicating storage of a file a software distribution point (SDP) computing system, wherein the signal is automatically generated by the SDP computing system based on saving of at least one file (par 0244; the storage devices may be cloud storage devices, and the storage manager execute cloud service provider API over a network to classify data stored on cloud storage devices; par 0064; automatically create a client component the first time a data agent is installed on a client computing device. Because data generated by executable components is tracked by the associated data agent so that it may be properly protected in system, a client may be said to generate data and to store the generated data to primary storage); 
enumerating, by a known deployed file metadata analysis engine, available files stored on the SDP computing system (par 0264; fig. 8; client computing device reads from the designated NFS network path, and the read request is translated by data agent. The data agent then works with media agent to retrieve, re-process, and forward the requested data to client computing device using network file system; par 0324; listing available data packages stored at the secondary storage subsystem. The available data packages correspond to user data obtained from one or more client computing devices [According to specification par 29; server communicate with one or more external devices, such as the software distribution point]);
retrieving, based on a comparison of enumerated files to logical paths associated with the SDP computing system to identify one or more new files and by the known deployed file metadata analysis engine from the SDP computing system via a network, the one or more new files (par 0264; client computing device reads from the designated NFS network path; par 0126; retrieving data from the particular secondary storage device; par 0129; for each secondary copy, index include metadata such as a list of the data objects, a logical path to the secondary copy on the corresponding secondary storage device, location information indicating where the data objects are stored in the secondary storage device, when the data objects were created or modified; par 0162; new data is read [] compared with corresponding portions that are already in secondary storage, and only new/changed portions are stored; par 0075; secondary copies can be stored in the same storage device as primary data);
extracting, by the known deployed file metadata analysis engine, metadata from each of the one or more new files (par 0122; fig. 1H; data agent arrange or assemble the data and metadata into one or more files; par 0146; extracts the index data; par 0129; index include metadata such as a list of the data objects [] when the data objects were created; par 0181; data analysis operations involve processing or modification of already stored primary data and/or secondary copies);
extracting, based on an indication that a file of the one or more new files is a container file and by the known deployed file metadata analysis engine, metadata from each file stored in the container file of the one or more new files (par 0122; fig. 1H; data agent arrange or assemble the data and metadata into one or more files; par 0146; extracts the index data; par 0129; index include metadata such as a list of the data objects [] when the data objects were created; par 0303; receives a selection of an application to include in a container image [] separately select the desired configuration data or user data to include in a container image; par 0181; data analysis operations involve processing or modification of already stored primary data and/or secondary copies);  
identifying, by the known deployed file metadata analysis engine, a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of "known-good" files (par 0122; data agent arrange or assemble the data and metadata into one or more files; par 0183; identify files or other data objects based on content, and/or metadata; par 0184; provides storage manager or other components with an efficient mechanism for locating primary data and/or secondary copies of data objects that match particular criteria; par 0160; performed on replicated data that represents a recoverable state, or “known good state” of a particular application running on the source system);
triggering, by the known deployed file metadata analysis engine, synchronization of stored metadata to an external computing system (par 0159; where changes made to primary data are mirrored or substantially immediately copied to another location. By copying each write operation to the replication copy, two storage systems are kept synchronized or substantially synchronized so that they are virtually identical).
MITKAR discloses triggering, by the known deployed file metadata analysis engine, synchronization of stored metadata to an external computing system as recited above, but do not explicitly disclose updating, by the known deployed file metadata analysis engine, the matched metadata with an indication that the file is "known-deployed"; and triggering, by the known deployed file metadata analysis engine, based on the update of the matched metadata.  
However, in an analogous art, Gupta discloses distributed NFS metadata system/method that includes:
updating, by the known deployed file metadata analysis engine, the matched metadata with an indication that the file is "known-deployed" (Gupta: Col 3, lines 31-35; fig. 5; attempting to update the stored metadata comprises reading the metadata again and comparing it to the originally retrieved metadata, and performing the update only if the newly retrieved metadata matches the originally retrieved metadata; Col 9, lines 17-19; in order for the update to be performed, the server checks the parent inode stored in the metadata. Col 8, lines 32-49; the server reads metadata corresponding to a parent directory associated with the operation [] for example, parent directory "foo," at the time read by the server, has a version number [i.e., known-deployed]); and 
triggering, by the known deployed file metadata analysis engine, based on the update of the matched metadata (Gupta: Col 3, lines 31-35; fig. 5; performing the update only if the newly retrieved metadata matches the originally retrieved metadata; Col 5, lines 51-55; performing metadata update [] a call specifying an operation to be performed on the metadata is received; Col 6, lines 8- 14; the call was to create a new file [] updating the inode corresponding to the parent directory of the file in order to reflect the inclusion of the new file inode; Col 9, lines 17-19; in order for the update to be performed, the server checks the parent inode stored in the metadata; Col 8, lines 32-49; the server reads metadata corresponding to a parent directory associated with the operation [] for example, parent directory "foo," at the time read by the server, has a version number).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Gupta with the method/system of MITKAR to include updating, by the known deployed file metadata analysis engine, the matched metadata with an indication that the file is "known-deployed"; and triggering, by the known deployed file metadata analysis engine, based on the update of the matched metadata. One would have been motivated to performs one or more updates based upon the retrieved metadata, and attempts to update the corresponding stored metadata (Gupta: abstract).
The combination of the MITKAR and Gupta disclose extracting, based on an indication that a file of the one or more new files is a container file as recited above, but do not explicitly disclose recursively extracting, based on an indication that a file is a container file.
However, in an analogous art, Odedra discloses extracting contents of container files system/method that includes:
recursively extracting, based on an indication that a file is a container file (Odedra: Col 9, lines 49-54; recursively parse a container file to identify (1) the container file's constituent files, (2) metadata of the constituent files, and (3) the hierarchical location of the constituent files within the hierarchical structure of the container file and/or any container files nested within the container file; Col 12, lines 28-30; if a constituent file is located within one or more nested container files, creating module recursively extract the nested container files and then extract the constituent file).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Odedra with the method/system of MITKAR and Gupta to include recursively extracting, based on an indication that a file is a container file. One would have been motivated to include hierarchical metadata for each file contained within the first container file, and the content hierarchy completely created at the first stage of the file management system before any file is extracted at the second stage; produce data protected by, and/or communicate with one or more systems for information security (Odedra: Col 3, lines 13-18and Col 19, lines 4-6).

Regarding Claim 3; 
The combination of the MITKAR, Gupta and Odedra disclose the method of claim 1, comprising 
MITKAR discloses scheduling, by the known deployed file metadata analysis engine, analysis of the files stored on the SDP on a periodic basis (MITKAR: par 181; fig. 1E; data analysis operations  involve processing or modification of already stored primary data; par 0199; information management policy is a “scheduling policy,” which specifies when and how often to perform operations. Scheduling parameters may specify with what frequency (e.g., hourly, weekly, daily, event-based, etc.)).  
  
Regarding Claim 8; 
The combination of the MITKAR, Gupta and Odedra disclose the method of claim1,
MITKAR discloses enriching the file metadata stored in the data store with semantic labels to identify whether a file serves a specific purpose within the enterprise computing environment (MITKAR: par 0059; information management in a cloud computing environment; par 0185; files or other data objects can be associated with identifiers (e.g., tag entries, etc.) to facilitate searches of stored data objects. Among a number of other benefits, the metabase can also allow efficient, automatic identification of files or other data objects to associate with secondary copy or other information management operations).
  
Regarding Claim 9; 
MITKAR discloses a system comprising: a software distribution point (SDP) computing system comprising memory storing a plurality of files (par 0073; system includes one or more secondary storage computing devices and one or more secondary storage devices configured to create and store one or more secondary copies of primary data); a known-deployed file metadata analysis server comprising: a processor; and non-transitory memory storing instructions that, when executed by the processor, causes the known-deployed file metadata analysis server to (par 0058; computing device comprises one or more processors, as well as corresponding non transitory computer memory for storing computer programs which are to be executed by the one or more processors): 
enumerate, based on an indication received from the SDP computing system that indicates at least one file has been created, available files stored on the SDP computing system (par 0264; fig. 8; client computing device reads from the designated NFS network path, and the read request is translated by data agent. The data agent then works with media agent to retrieve, re-process, and forward the requested data to client computing device using network file system; par 0129; a list of the data objects, a logical path [] location information indicating where the data objects are stored in the secondary storage device, when the data objects were created; par 0324; listing available data packages stored at the secondary storage subsystem. The available data packages correspond to user data obtained from one or more client computing devices);
compare enumerated files to logical paths associated with the SDP computing system to identify one or more new files (par 0264; client computing device reads from the designated NFS network path, and the read request is translated by data agent; par 0129; for each secondary copy, index include metadata such as a list of the data objects, a logical path to the secondary copy on the corresponding secondary storage device, location information indicating where the data objects are stored in the secondary storage device, when the data objects were created or modified; par 0162; new data is read [] compared with corresponding portions that are already in secondary storage, and only new/changed portions are stored; par 0075; secondary copies can be stored in the same storage device as primary data);
retrieve, from the SDP computing system via a network, the one or more new files (par 0264; client computing device reads from the designated NFS network path, and the read request is translated by data agent; par 0126; retrieving data from the particular secondary storage device; par 0162; new data is read);
extract metadata from each of the one or more new files (par 0122; fig. 1H; data agent arrange or assemble the data and metadata into one or more files; par 0146; extracts the index data; par 0129; index include metadata such as a list of the data objects [] when the data objects were created; par 0181; data analysis operations involve processing or modification of already stored primary data and/or secondary copies);
extract, based on an indication that a file of the one or more new files is a container file, metadata from each file stored in the container file of the one or more new files (par 0122; fig. 1H; data agent arrange or assemble the data and metadata into one or more files; par 0146; extracts the index data; par 0129; index include metadata such as a list of the data objects [] when the data objects were created; par 0303; receives a selection of an application to include in a container image [] separately select the desired configuration data or user data to include in a container image; par 0181; data analysis operations involve processing or modification of already stored primary data and/or secondary copies);  
identify a match of metadata of a file of the one or more new files and metadata stored in a data store comprising information stored of "known-good" files (par 0122; data agent arrange or assemble the data and metadata into one or more files; par 0183; identify files or other data objects based on content, and/or metadata; par 0184; provides storage manager or other components with an efficient mechanism for locating primary data and/or secondary copies of data objects that match particular criteria; par 0160; performed on replicated data that represents a recoverable state, or “known good state” of a particular application running on the source system); 
trigger synchronization of stored metadata to an external computing system (par 0159; where changes made to primary data are mirrored or substantially immediately copied to another location (e.g., to secondary storage devices). By copying each write operation to the replication copy, two storage systems are kept synchronized or substantially synchronized so that they are virtually identical).
MITKAR discloses trigger synchronization of stored metadata to an external computing system as recited above, but do not explicitly disclose update the matched metadata with an indication that the file is "known- deployed"; and trigger based on the update of the matched metadata.  
However, in an analogous art, Gupta discloses distributed NFS metadata system/method that includes:
update the matched metadata with an indication that the file is "known- deployed" (Gupta: Col 3, lines 31-35; fig. 5; attempting to update the stored metadata comprises reading the metadata again and comparing it to the originally retrieved metadata, and performing the update only if the newly retrieved metadata matches the originally retrieved metadata; Col 9, lines 17-19; in order for the update to be performed, the server checks the parent inode stored in the metadata. Col 8, lines 32-49; the server reads metadata corresponding to a parent directory associated with the operation [] for example, parent directory "foo," at the time read by the server, has a version number); and 
trigger based on the update of the matched metadata (Gupta: Col 3, lines 31-35; fig. 5; performing the update only if the newly retrieved metadata matches the originally retrieved metadata; Col 5, lines 51-55; performing metadata update [] a call specifying an operation to be performed on the metadata is received; Col 6, lines 8- 14; if the call was to create a new file [] updating the inode corresponding to the parent directory of the file in order to reflect the inclusion of the new file inode; Col 9, lines 17-19; in order for the update to be performed, the server checks the parent inode stored in the metadata; Col 8, lines 32-49; the server reads metadata corresponding to a parent directory associated with the operation [] for example, parent directory "foo," at the time read by the server, has a version number).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Gupta with the method/system of MITKAR to include update the matched metadata with an indication that the file is "known- deployed"; and trigger based on the update of the matched metadata. One would have been motivated to performs one or more updates based upon the retrieved metadata, and attempts to update the corresponding stored metadata (Gupta: abstract).
The combination of the MITKAR and Gupta disclose extract, based on an indication that a file of the one or more new files is a container file as recited above, but do not explicitly disclose recursively extract, based on an indication that a files is a container file.
However, in an analogous art, Odedra discloses extracting contents of container files system/method that includes:
recursively extract, based on an indication that a files is a container file (Odedra: Col 9, lines 49-54; recursively parse a container file to identify (1) the container file's constituent files, (2) metadata of the constituent files, and (3) the hierarchical location of the constituent files within the hierarchical structure of the container file and/or any container files nested within the container file; Col 12, lines 28-30; if a constituent file is located within one or more nested container files, creating module recursively extract the nested container files and then extract the constituent file).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Odedra with the method/system of MITKAR and Gupta to include recursively extract, based on an indication that a files is a container file. One would have been motivated to include hierarchical metadata for each file contained within the first container file, and the content hierarchy completely created at the first stage of the file management system before any file is extracted at the second stage; produce data protected by, and/or communicate with one or more systems for information security (Odedra: Col 3, lines 13-18and Col 19, lines 4-6).

Regarding Claim 11;
This Claim recites a system that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Regarding Claim 16;
This Claim recites a system that perform the same steps as method of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.  

Regarding Claim 17;
This Claim recites a non-transitory computer readable media that perform the same steps as system of Claim 9, and has limitations that are similar to Claim 9, thus are rejected with the same rationale applied against claim 9.  
Regarding Claim 19;
This Claim recites a non-transitory computer readable media that perform the same steps as system of Claim 11, and has limitations that are similar to Claim 11, thus are rejected with the same rationale applied against claim 11.  

Claims 2, 6, 10 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over MITKAR et al. (US 20180285199) in view of Gupta et al. (US 9,886,443) and Odedra et al. (US 9,922,033) and further in view of NAKAMURA et al. (“NAKAMURA,” US 20150133106, published on 05/14/2015)

Regarding Claim 2; 
The combination of the MITKAR, Gupta and Odedra disclose method of claim 1, 
MITKAR discloses wherein extracting metadata from each file stored in the container file of the one or more new files comprises (MITKAR: par 0122; fig. 1H; data agent arrange or assemble the data and metadata into one or more files; par 0146; extracts the index data; par 0129; index include metadata such as a list of the data objects [] when the data objects were created; par 0303; receives a selection of an application to include in a container image [] separately select the desired configuration data or user data to include in a container image; par 0181; data analysis operations involve processing or modification of already stored primary data and/or secondary copies):
calculating a first cryptographic hash of a topmost container of the container file and a second cryptographic hash of an immediate second container adjacent the topmost container (MITKAR: par 0163; calculate and/or store signatures (e.g., hashes or cryptographically unique IDs) corresponding to the individual source data portions and compare the signatures to already-stored data signatures [i.e., second cryptographic hash]).
Odedra further discloses recursively extracting metadata (Odedra: Col 9, lines 49-54; recursively parse a container file to identify (1) the container file's constituent files, (2) metadata of the constituent files, and (3) the hierarchical location of the constituent files within the hierarchical structure of the container file and/or any container files nested within the container file; Col 12, lines 28-30; if a constituent file is located within one or more nested container files, creating module recursively extract the nested container files and then extract the constituent file).
One would have been motivated to include hierarchical metadata for each file contained within the first container file, and the content hierarchy completely created at the first stage of the file management system before any file is extracted at the second stage; produce data protected by, and/or communicate with one or more systems for information security (Odedra: Col 3, lines 13-18and Col 19, lines 4-6).
The combination of the MITKAR, Gupta and Odedra disclose all the limitations as recited above, but do not explicitly disclose halting, by the known deployed file metadata analysis engine, file extraction and metadata generation for the container file based on an indication of a match between the first cryptographic hash or the second cryptographic hash to metadata stored in the data store. 
However, in an analogous art, NAKAMURA discloses recording system/method that includes:
halting, by the known deployed file metadata analysis engine, file extraction and metadata generation for the container file based on an indication of a match between the first cryptographic hash or the second cryptographic hash to metadata stored in the data store (NAKAMURA: par 0065; verifies whether a hash value of the downloaded file matches a hash value included in the metadata of the identical version of the update data. When the hash value of the downloaded file matches the hash value of the metadata, the phone terminal will end the pre-download process).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of NAKAMURA with the method/system of MITKAR and Gupta and Odedra to include halting, by the known deployed file metadata analysis engine, file extraction and metadata generation for the container file based on an indication of a match between the first cryptographic hash or the second cryptographic hash to metadata stored in the data store. One would have been motivated to determine whether update data are changed based on the meta-information received by the receiver when the update data have already been downloaded (NAKAMURA: abstract).

Regarding Claim 6; 
The combination of the MITKAR, Gupta and Odedra disclose method of claim 1, 
The combination of the MITKAR, Gupta and Odedra disclose all the limitations as recited above, but do not explicitly disclose receiving, via the computing network, an electronic message comprising a hash value of a file; identifying, by the known deployed file metadata analysis engine based on receipt of the electronic message, metadata associated with files stored in a known-deployed file data store, wherein the files correspond to a match of the received hash value; sending, via the computing network by the known deployed file metadata analysis engine and based on an identified match, a first electronic response message comprising an indication of a confirmed match to the received hash value; and sending, via the computing network by the known deployed file metadata analysis engine and based on a failure to identify a match to the received hash value, a second electronic response message comprising an indication of a failure to match the received hash value.  
However, in an analogous art, NAKAMURA discloses recording system/method that includes:
receiving, via the computing network, an electronic message comprising a hash value of a file (NAKAMURA: par 0043; receive data from the update server via the communication network; par 0079; update process executed by the phone terminal, the phone terminal receives the metadata having a configuration and the file identification information is a hash value; identifying, by the known deployed file metadata analysis engine based on receipt of the electronic message, metadata associated with files stored in a known-deployed file data store, wherein the files correspond to a match of the received hash value (NAKAMURA: par 0065; verifies whether a hash value of the downloaded file matches a hash value included in the metadata of the identical version of the update data. When the hash value of the downloaded file matches the hash value of the metadata, the phone terminal will end the pre-download process); sending, via the computing network by the known deployed file metadata analysis engine and based on an identified match, a first electronic response message comprising an indication of a confirmed match to the received hash value (NAKAMURA: par 0043; transmit data to or receive data from the update server via the communication network; par 0084; determines whether the hash value computed from the pre-downloaded file matches the hash value included in the metadata by comparing the two hash values. When the two hash values match, the update part executes the update, and reports an update progress status to the user interface); and sending, via the computing network by the known deployed file metadata analysis engine and based on a failure to identify a match to the received hash value, a second electronic response message comprising an indication of a failure to match the received hash value (NAKAMURA: par 0043; transmit data to or receive data from the update server via the communication network; par 0084; determines whether the hash value computed from the pre-downloaded file matches the hash value included in the metadata by comparing the two hash values; par 0046; as a result of the comparison, when two of the file identification information items do not match, the data verifier determines that the update data have not been changed in the update server, transmits a report of the comparison result to the transmitter-receiver).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of NAKAMURA with the method/system of MITKAR and Gupta and Odedra to include receiving, via the computing network, an electronic message comprising a hash value of a file; identifying, by the known deployed file metadata analysis engine based on receipt of the electronic message, metadata associated with files stored in a known-deployed file data store, wherein the files correspond to a match of the received hash value; sending, via the computing network by the known deployed file metadata analysis engine and based on an identified match, a first electronic response message comprising an indication of a confirmed match to the received hash value; and sending, via the computing network by the known deployed file metadata analysis engine and based on a failure to identify a match to the received hash value, a second electronic response message comprising an indication of a failure to match the received hash value. One would have been motivated to determine whether update data are changed based on the meta-information received by the receiver when the update data have already been downloaded (NAKAMURA: abstract).

Regarding Claim 10;
This Claim recites a system that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  

Regarding Claim 18;
This Claim recites a non-transitory computer readable media that perform the same steps as system of Claim 10, and has limitations that are similar to Claim 10, thus are rejected with the same rationale applied against claim 10.  



Claims 4 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over MITKAR et al. (US 20180285199) in view of Gupta et al. (US 9,886,443) and Odedra et al. (US 9,922,033) and further in view of MCCULLOUGH et al. (“MCCULLOUGH,” US 20200112557, published on 04/09/2020)

Regarding Claim 4; 
The combination of the MITKAR, Gupta and Odedra the method of claim 1, 
The combination of the MITKAR, Gupta and Odedra all the limitations as recited above, but do not explicitly triggering, by the known deployed file metadata analysis engine, analysis of the files stored on the SDP based on an indication that a modified file has been saved.  
However, in an analogous art, MCCULLOUGH discloses identity access management system/method that includes:
triggering, by the known deployed file metadata analysis engine, analysis of the files stored on the SDP based on an indication that a modified file has been saved (MCCULLOUGH: par 0074; When publicly stored files are added, updated , or removed, they will trigger an event that begins document analysis and digestion in the Document Analysis Pipeline).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of NAKAMURA with the method/system of MITKAR and Gupta and Odedra to include triggering, by the known deployed file metadata analysis engine, analysis of the files stored on the SDP based on an indication that a modified file has been saved. One would have been motivated to the security that enables the right individuals to access the right resources at the right times and for the right reasons (MCCULLOUGH: par 0010).

Regarding Claim 12;
This Claim recites a system that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  

Claims 5, 13-14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over MITKAR et al. (US 20180285199) in view of Gupta et al. (US 9,886,443) and Odedra et al. (US 9,922,033) and further in view of Fujiwara et al. ("Fujiwara,” US 20060206498, published on 09/14/2006)

Regarding Claim 5; 
The combination of the MITKAR, Gupta and Odedra disclose the method of claim 1, 
The combination of the MITKAR, Gupta and Odedra disclose all the limitations as recited above, but do not explicitly triggering, by the known deployed file metadata analysis engine, analysis of the files stored on the SDP based on an indication that a new file has been saved.  
However, in an analogous art, Fujiwara discloses information management system/method that includes:
triggering, by the known deployed file metadata analysis engine, analysis of the files stored on the SDP based on an indication that a new file has been saved (Fujiwara: par 0050; the use trend analysis module, being capable of giving a trigger to start the movement of metadata by monitoring a condition or situation such as the fact that a new document is stored or saved by an input device).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Fujiwara with the method/system of MITKAR and Gupta and Odedra to include triggering, by the known deployed file metadata analysis engine, analysis of the files stored on the SDP based on an indication that a new file has been saved. One would have been motivated to perform document information management that manages metadata described in the inside of a document instance thereby to manage document information, and which makes a computer to execute a metadata analysis step of analyzing and acquiring the metadata (Fujiwara: abstract).
  
Regarding Claim 13;
This Claim recites a system that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  

Regarding Claim 14; 
The combination of the MITKAR, Gupta, Odedra and Fujiwara disclose the system of claim 13,
Fujiwara discloses wherein the instructions further cause the known-deployed file metadata analysis server to trigger analysis of the new file based on the indication that the new file has been saved (Fujiwara: par 0050; the use trend analysis module, being capable of giving a trigger to start the movement of metadata by monitoring a condition or situation such as the fact that a new document is stored or saved by an input device).
One would have been motivated to perform document information management that manages metadata described in the inside of a document instance thereby to manage document information, and which makes a computer to execute a metadata analysis step of analyzing and acquiring the metadata (Fujiwara: abstract).
  
Regarding Claim 20;
This Claim recites a non-transitory computer readable media that perform the same steps as system of Claim 14, and has limitations that are similar to Claim 14, thus are rejected with the same rationale applied against claim 14.  

Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over MITKAR et al. (US 20180285199) in view of Gupta et al. (US 9,886,443) and Odedra et al. (US 9,922,033) and further in view of Das et al. (“Das,” US 20190114421, published on 04/18/2019)

Regarding Claim 7; 
The combination of the MITKAR, Gupta and Odedra the method of claim 1, 
The combination of the MITKAR, Gupta and Odedra all the limitations as recited above, but do not explicitly enriching the file metadata stored in the data store with semantic labels to identify whether a file is known to be used for adversary purposes.  
 However, in an analogous art, Das discloses malware detection system/method that includes:
enriching the file metadata stored in the data store with semantic labels to identify whether a file is known to be used for adversary purposes (Das: par 0036; adding the classification to metadata associated with the dataset; par 0037; by adding metadata information that identifies the data set as possibly being malicious).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Das with the method/system of MITKAR and Gupta and Odedra to include enriching the file metadata stored in the data store with semantic labels to identify whether a file is known to be used for adversary purposes. One would have been motivated to identifying whether computer data includes malicious content and identifying whether malware is included in one or more data packets transmitted from a first computer to a second computer or is included computer data stored in a memory (Das: par 0001).

Regarding Claim 15;
This Claim recites a system that perform the same steps as method of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. 



Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.W./Examiner, Art Unit 2439  



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439