SECURE PEER-TO-PEER FILE DISTRIBUTION IN AN ENTERPRISE ENVIRONMENT

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . The present Office Action is responsive to communications received 6/11/2026. Claims 1-4, 7-11, 14-18 and 20 are pending. Claims 5-6, 12-13 and 19 are cancelled. Response to Arguments Applicant’s arguments with respect to the independent claims have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Objection (Informalities) The claim listing filed on 6/11/2025 recites by mistake: claims 1-6, 2-13 canceled; the cancelled claims are 5-6 and 12-13. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-4, 8-11,15-18 are rejected under 35 U.S.C. 103 as being unpatentable over US 8627463 to Glick et al., hereinafter, Glick, in view of US 20220060498 to Head et al., hereinafter Head. Regarding claims 1, 8 and 15, Glick discloses a method, a system comprising at least one computing device; and at least one application executed by the at least one computing device, the at least one application causing the at least one computing device to at least, and a non-transitory computer-readable medium storing a plurality of plurality of computer instructions executable by a computing device, wherein the plurality of plurality of computer instructions cause the computing device to at least (Fig. 8, system memory storing modules executable by processor col 4:36-49); obtaining a file for distribution to a population of devices that are managed by a management service (col. 1:49-52, the metadata included within the torrent file may identify a torrent-tracking server capable of coordinating the torrent transaction (i.e., distribution of the target file) among a group of peers within a file-sharing network); determining a file risk designation for the file (col 10:4-7:, security module 108 may apply different magnitudes (or weights) to reputation scores in order to determine whether a particular torrent transaction (or target file associated with the same) represents a potential security risk); determining, via the management service, a respective security posture of the population of devices based upon an analysis of a set of device conditions associated with respective ones of the population of devices (col 5:28-43:, identify one entity involved in the transaction and obtain reputation of the entity based on trustworthiness of the entity); selecting at least one seed node from the population of devices based upon the file risk designation, the respective security posture (col. 4:50-67 to 5:1-5: identify seeder based on file type (malicious or not) and trustworthiness of node); and a seeder criteria (col.7:28-37: in order to identify the original seeder, the systems described herein may communicate with the torrent hosting site in order to identify a relationship between the original seeder and the torrent file. For example, identification module 104 may, as part of computing device 214 and/or reputation service 216 in FIG. 2, communicate with torrent hosting site 208 in order to identify a username or profile associated with the original seeder that uploaded torrent file 210 to torrent hosting site 208); selecting a remainder of the population of devices meeting a minimum threshold respective security posture as peer nodes (col 9:44-67, col 10:1-45:determine reputation scores of entities associated with a file; the systems described herein may determine whether any reputation scores identified within the reputation information are below a particular threshold. For example, security module 108 may analyze the reputation scores identified within reputation information 132 in order to determine whether any of the reputation scores are below 40% (on a scale of 0-100%). and initiating distribution of the file to the at least one seed node, wherein the at least one seed node facilitates further distribution of the file to the peer nodes (col 11:57-67 to col 12:1-5, Fig. 6 is an illustration of exemplary reporting information 134(1) that may be received from a peer upon completion of a torrent transaction. As illustrated in this figure, reputation information may include information that identifies the name of the target file obtained via the torrent transaction, a target file hash that uniquely identifies the target file, the name of the original seeder, the URL (or another identifier) of the torrent hosting site that hosted the torrent file, the IP address(es) of one or more of peers (seeders and/or leechers) that participated in the torrent transaction.) meeting the minimum threshold respective security posture based upon the file risk designation. (col 2:63-3:12], describes trustworthiness of peers participating in torrent transactions (such as original seeders, torrent hosting sites, torrent-tracking servers, peers, etc.) based at least in part on the types of files (e.g., malicious or non-malicious) commonly associated with such entities. Also col 10:23-49). Glick does not explicitly teach the remainder of the claim; however, in an analogous art, Head discloses continuously monitoring packet distribution in the network between nodes ([0014]; Head discloses continually reevaluating the security posture of the selected at least one seed node by the management service; determining, by the management service, that the security posture of the selected at least one seed node has changed such that the security posture no longer satisfies the seeder criteria ;and transmitting, by the management service, an instruction to the at least one seed node to cease distribution of the file to the peer nodes ([0014]: controller continuously monitor transfer of packet from a first to a second node and permitting the transfer under favorable criteria, or “selectively isolates the first node from the second node when the request for transferring has been received, and at least one of the following conditions have been met: 1) the at least one data packet is determined to be untrustworthy; 2) the first node is determined to be untrustworthy; and the second node is determined to be untrustworthy;”). Therefore, it would have been obvious to a skilled artisan before the instant application was effectively filed to continuously monitor file transfers to detect security posture that no longer satisfies the seeder criteria ; and ceasing distribution of the file to the peer nodes as substantially claimed because it would shield the network from malicious or unauthorized activity by preventing unauthorized access to the network and unauthorized transfer of data with respect thereto (Head [0014]). Regarding claims 2, 9 and 16, Glick in view of Head discloses the method of claim 1, system of claim 8 and non-transitory computer-readable medium of claim 15, wherein determining the file risk designation for the file comprises obtaining, via a management user interface, a risk designation from an administrator of the management service. (Glick col. 11:11-14, security module 108 may alert a user of computing device 214 of the potential security risk by causing a dialog to be displayed on an output component (such as a monitor) of computing device 214.) Regarding claims 3, 10 and 17, Glick in view of Head discloses the method of claim 1, system of claim 8 and non-transitory computer-readable medium of claim 15, wherein determining the file risk designation for the file is based upon an automatic determination from an analysis of a file type of the file or a content of the file (Glick col. 10:27-38: security module 108 may input the reputation scores identified within reputation information 132 into a mathematical formula that applies different magnitudes or weights to the entities in order to make certain reputation scores more or less influential in determining whether target file 218 represents a potential security risk…). Regarding claims 4, 11 and 18, Glick in view of Head discloses the method of claim 1, system of claim 8 and non-transitory computer-readable medium of claim 15, wherein the file risk designation comprises a highest risk designation from a plurality of designations and selecting the at least one seed node comprises selecting only a highly secure device from the population of devices in response to the highest risk designation (Glick col. 8:43-48: reputation information includes reputation scores (where, for example, high reputation scores indicate that a file or entity is generally trusted within a community and low reputation scores indicate that a file or entity is generally untrusted within a community)). Claims 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Glick in view of Head and further in view of US 20100161752 to Collet et al., hereinafter, Collet. Regarding claims 7, 14 and 20, Glick in view of Head discloses the method of claim 1, system of claim 8 and non-transitory computer-readable medium of claim 15; however, Glick in view of Head does not teach but Collet discloses wherein the peer nodes facilitate distribution of the file to other peer nodes that also meet the minimum threshold respective security posture ([0038], a node can lose its community membership if its exchanging performances become too low (for example under a given threshold; or if abuse is reported, if other peers vote to exclude the node, etc); in this case, the ownership of the file is allocated again by the DCCN server to new incoming members or re-allocated to current members of the community. For a node, accepting the ownership of a particular file means that the node agrees and engages to keep (at least) one exemplary of the particular file. Performing backup operations, ensuring the security and the availability of the particular file to others member nodes is of the responsibility of the engaged node. The node benefits from a selection or performant peers and with a good guarantee to be able to get or restore particular files.) It would have been obvious to a skilled artisan before the effective filling date of the claimed invention to modify Glick in view of Head by Collet to include distribution of the file to other peer nodes that also meet the minimum threshold respective security posture, as taught by Collet, because it allows various thresholds to be implemented (number of copies, type of files, etc), and provide "Node control" by deciding whether a node is valid or invalid, have re-encode node events, or detecting a compromised or attacked node, etc.(Collet [0076]). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Roy et al. 20240250958 disclose protecting client devices from third-party content providers or content provider computing devices that expose the client devices to inappropriate or undesired content, data privacy violations, or cybersecurity threats among other risks, by maintaining the integrity of third-party content distribution, and enforcing policies, for example, by detecting violations of the policies or labels associated with the policies and preventing distribution of content associated with policy violators or some policy labels. Martin-Bale et al 20170163605 disclose a method for harmful file rating and screening in online file transfers, that promotes security of peer-to-peer file sharing. Quintas et al 10530813 disclose generating a device posture token corresponding to a client device. The device posture token can be used by a verification computing device to determine whether the client device complies with the security policies of a particular facility. Collet et al 8924460 disclose maintaining a reference associating a particular shared file with a seeder in a community of peers and a number of seeders in the community; and registering a second peer as a second seeder of the particular shared file, if a first seeder in the community of peers has informed the peers of a termination of the availability of a file seeding of the particular shared file. The system includes means for performing the steps of the method. The computer program product includes computer program instructions for carrying out the steps of the method. Cohen et al 8738778 discloses seeder self-monitoring and stopping seeding when the seeder determines when to reduce the number of files being seeded by monitoring its average upload rate per torrent. If its average rate falls below a threshold, then the peer stops seeding a file. Doganaksoy et al 20100121955 disclose: Early detection of high volume swarms in a peer-to-peer network, including a data feed of peer-to-peer swarm activity, and an analytics engine processing the data feed and identifying the high volume swarms that have parameters that exceed a threshold. The system can include a pre-processing section for conditioning the swarm data for the analytics section. There can also be a verification section that confirms that the peer download file matches the target file. The early detection provides for enhanced anti-piracy efforts, improved allocation of network resources, and better business decision-making. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to CATHERINE B THIAW whose telephone number is (571)270-1138. The examiner can normally be reached Monday-Thursday 7am-5pm with Flex. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. CATHERINE B. THIAW Supervisory Patent Examiner Art Unit 2407 /Catherine Thiaw/Supervisory Patent Examiner, Art Unit 2407 1/10/2026