DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Applicant’s amendment filed 11 March 2021 amends claims 5 and 20. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “On pages 3-4 of the current Office Action, the Examiner fails to address these ‘software update’ aspects of Claim 1. Indeed, none of the cited references used in rejecting Claim 1 describe ‘software updates’ or a method of verifying the authenticity of ‘software updates’, as claimed.” In response, the office action dated 10 February 2021 (“Non-Final”) makes it quite clear (See Page 3) that the claimed name of the software represents non-functional descriptive material that does not receive patentable weight (See MPEP 2111.05). Therefore, the Non-Final did fully address the notion of “software updates”. Claim 1 merely requires the hashing of an executable, updating a behavior profile, and digitally signing the hash and updated executable. This functionality operates in the exact same manner irregardless of the type of software executable. The name of the software executable does not define any structure, nor does the name of the 
Applicant argues, “Notably, there is no mention of signing a hash of an ‘update behavior profile’.” In response, Applicant has failed to fully consider the disclosure of Albornoz as modified by Stewart. Albornoz discloses an executable monitoring system wherein a software package includes the actual software along with a behavior profile ([0037]) that it utilized to detect proper execution of the software in the software package ([0057]). Therefore, Albornoz specifically discloses that the software package includes both the software executable and the behavior profile for the executable. As stated in the Non-Final (See Page 4), Albornoz does not specify that the software package is cryptographically hashed and digitally signed. However, Stewart discloses cryptographically hashing each item of a software package and then additionally digitally signing the cryptographic hashes using the private key ([0027]). The proposed modification to Albornoz, as presented on page 4 of the Non-Final, is “for the contents of the software package of Albornoz to have cryptographically hashed and digitally signed in the manner described in Stewart”. The Non-Final (See Page 4), specified to one of ordinary skill in the art before the effective filing date of the claimed 
As modified the software package of Albornoz would be hashed and digitally signed. As shown above, the software package of Albornoz includes the actual software along with a behavior profile ([0037]). Therefore, the actual software and the behavior profile of Albornoz would be hashed and digitally signed as claimed.
Applicant argues, “There, Stewart describes recipients can decode a ‘digital signature’. This ‘digital signature’ is not described as being ‘hashed’ – and therefore this description of decoding a ‘digital signature’ using a key does not describe a ‘hashed updated digital signature’…” In response, the claims do not require the digital signature to be hashed as claimed. Instead, the claims clearly specify that the claimed “hashed updated digital signature” created by hashing the executable and the profile, and then digitally signing the hash of the executable and the profile “to form a hashed updated digital signature”. Therefore, it is clear from Applicant’s claim, that the claimed “hashed updated digital signature” is formed by digitally signing a hash and not hashing a digital signature as alleged by Applicant.
Applicant argues, “On pages 6-7 of the current Office Action, the Examiner fails to address these verifying-based aspects of Claim 4 and has therefore failed to establish (or allege) prima facie obviousness.” This argument is not persuasive because the Non-Final (see Pages 6-7) clearly explains that Stewart discloses that recipients of the digital signature can verify the digital signature by decoding the digital signature with the public key corresponding with the private key used to create the digital signature ([0027]). Therefore, the claim limitations in question were fully addressed in the Non-Final.
Applicant argues, “On pages 4-6 of the current Office Action, the Examiner fails to address these ‘first processor/second processor’ based aspects of dependent claim 14 in combination with its independent Claim 13.” This argument is not persuasive because the Non-Final (See Pages 3-4) specifically discloses that the Albornoz system includes multiple processors (Figure 8, 804 & [0063]). Additionally, Albornoz specifies that the functionality of the computer system is performed by the processor 804 and since Albornoz specifies in paragraph [0063] that the system can include multiple processors, that functionality could be performed by any of the multiple processors which would include a second processor as claimed.
Applicant argues, “Applicant responds by showing that the Albornoz ‘behavior profile’ is not described as being an ‘executable’…” In response, the Non-Final (see Page 9) points to paragraph [0040] of Albornoz to teach the limitation in question. Paragraph [0040] of Albornoz specifically discloses that the behavior profile is created based on the monitoring of executing software in the secure environment. Therefore, Albornoz clearly shows an running of an executable in a secure environment ([0040]).
Applicant argues, “…the Examiner alleges that Porat teaches all such ‘corresponding to’ aspects of Claim 3 in paragraphs [0056]-[0057]. Notably, there is no mention of any ‘corresponding to’ aspects/features, and therefore this cited passage does not describe ‘the updated executable corresponding to the software update’, as claimed.” In response, Applicant has failed to fully considered the proposed combination of the cited references. Specifically, Albornoz discloses that the behavior profile is created (by executing the software) in a secure environment ([0040]), which meets the limitation of running [multiple iterations of] the update executable corresponding to the software update in a secure environment. Albornoz, as modified by Stewart above, does not disclose that the behavior profile is generated by running multiple iterations of the executable. Porat discloses a malicious threat prevention system wherein multiple monitoring modules are used to perform event monitoring procedures on executing software iteratively ([0056]-[0057]), which meets the limitation of running multiple iterations of the update executable corresponding to the software update in a secure environment. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the behavior profiles of Albornoz to have been generated using the iterative monitoring/updating process of Porat in order to provide real-time malware threat detection as suggested by Porat ([0057]).
Applicant argues, “Applicant notes that Broberg does not describe ‘the software upgrade’, and therefore Broberg cannot describe particular characteristics/feature pertaining to such (non-taught) ‘the software upgrade’, as is provided by the features of Claim 12…” In response, Applicant has failed to fully considered the proposed combination of the cited prior art. Specifically, Albornoz discloses that the software application can allow for user access to photo sharing and banking functionality ([0041]) and that the software profiles can include resource permissions ([0030]). Albornoz, as modified by Stewart above, does not specify that the software application can allow for adding users and corresponding privileges. Broberg discloses a software testing system wherein new user accounts are created that include a variety of permission levels such that the software tests the permissions for the user account ([0021]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the software application verification procedures of Albornoz to have include the permissions testing described in Broberg in order to ensure that users of the software application will have sufficient permissions as suggested by Broberg ([0002]).
Therefore, as modified the software application of Albornoz would have included the permission testing of Broberg that included the ability to create new user accounts with corresponding permissions. Therefore, as modified, Albornoz discloses the claimed “wherein the software update creates a set of new user identities with certain privileges on a host data processing system”.
Applicant argues, “To the extent that Broberg is alleged to teach the claimed verification of identities and privileges, such verification is not described as being included as part of a ‘software upgrade’ behavior verification, as claimed.” In response, Applicant has failed to fully considered the proposed combination of the cited prior art. Specifically, Albornoz discloses an executable monitoring system wherein a software package includes the actual software along with a behavior profile ([0037]) that it utilized to detect proper execution of the software in the software package ([0057]). This detection of proper execution would read on the claimed verification. As stated above, Albornoz does not specify that the software application can allow for adding users and corresponding privileges. Broberg discloses a software testing system wherein new user accounts are created that include a variety of permission levels such that the software tests the permissions for the user account ([0021]).
As modified the software application of Albornoz would have included the permission testing of Broberg that included the ability to create new user accounts with corresponding permissions such that when the detection of proper execution is performed in Albornoz ([0057]), that detection would be specific to operations of the software that includes the creation of new user accounts with corresponding permissions as claimed.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 4, 6, 8-10, 13, 14, 16, 17, 19 are rejected under 35 U.S.C. 103 as being unpatentable over Albornoz, U.S. Publication No. 2005/0086500, in view of Stewart, U.S. Publication No. 2010/0274755. Referring to claims 1, 13, 16, Albornoz discloses an executable monitoring system wherein a software package includes the actual software along with a behavior profile ([0037]) that it utilized to detect proper execution of the software in the software package ([0057]), which meets the limitation of [hashing] an update executable and an update behavior profile corresponding to the software update [using a cryptographic hash function]. Examiner notes that the name of the software (i.e., update executable) represents non-functional descriptive material that does not receive patentable weight (See MPEP 2111.05). Albornoz discloses that the system includes a communication infrastructure bus (Figure 8, 802), which meets the limitation of a bus system. Albornoz discloses that the system includes memory connected to the infrastructure bus (Figure 8, 812) and stores computer programs and other instructions ([0065]), which meets the limitation of a storage device connected to the bus system, wherein the storage device stores program instructions. Albornoz discloses that the system includes multiple processors connected to the infrastructure bus (Figure 8, 804 & [0063]: one or more processors), which meets the limitation of a set of processors connected to the bus system, wherein the first processor in the set of processors executes the program instructions.
Albornoz does not specify that the software package is cryptographically hashed and digitally signed. Stewart discloses cryptographically hashing each item of a software package and then additionally digitally signing the cryptographic hashes using the private key ([0027]: “digital signature to also confirm” makes it clear that the signature is of the cryptographic hashes mentioned in the same paragraph), which meets the limitation of hashing an update executable and an update behavior profile corresponding to a software update using a cryptographic hash function, and signing a hash of the update executable and the update behavior profile using a private key to form a hashed update digital signature. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the contents of the software package of Albornoz to have cryptographically hashed and digitally signed in the manner described in Stewart in order to ensure that the software package contents are free from errors and to confirm the agency that generated the hashes as suggested by Stewart ([0027]).
	Referring to claims 2, 14, 17, Albornoz discloses that the software package can be distributed to the computer system over a communication network ([0066] & Figure 1), which meets the limitation of downloading the software update [including the hashed update digital signature]. The software application from the package is executed on the computer system such that the tasks performed by the executing software application are compared to the behavior profile to determine if the task is allowed according to the behavior profile ([0057]), which meets the limitation of detecting that a behavior of the software update does not match the update behavior profile. If the task is not allowed based on the behavior profile, the software application can be forcibly quit ([0058]), which meets the limitation of terminating execution of the software update in response to detecting that the behavior of the software update does not match the update behavior profile of the software update.
Albornoz does not specify that the software package is cryptographically hashed and digitally signed. Stewart discloses cryptographically hashing each item of a software package and then additionally digitally signing the cryptographic hashes ([0027]: “digital signature to also confirm” makes it clear that the signature is of the cryptographic hashes mentioned in the same paragraph), which meets the limitation of the software update including the hashed updated digital signature. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the contents of the software package of Albornoz to have cryptographically hashed and digitally signed in the manner described in Stewart in order to ensure that the software package contents are free from errors and to confirm the agency that generated the hashes as suggested by Stewart ([0027]).
Referring to claims 4, 19, Albornoz discloses that the software package can be distributed to the computer system over a communication network ([0066] & Figure 1), which meets the limitation of downloading the software update [including the hashed update digital signature]. The software application from the package is executed on the computer system such that the tasks performed by the executing software application are compared to the behavior profile to determine if the task is allowed according to the behavior profile ([0057]), which meets the limitation of verifying the behavior of the software update during execution matches the update behavior profile of the software update.
Albornoz does not specify that the software package is cryptographically hashed and digitally signed. Stewart discloses cryptographically hashing each item of a software package and then additionally digitally signing the cryptographic hashes ([0027]: “digital signature to also confirm” makes it clear that the signature is of the cryptographic hashes mentioned in the same paragraph), which meets the limitation of the software update including the hashed updated digital signature. Recipients of the digital signature can verify the digital signature by decoding the digital signature with the public key corresponding with the private key used to create the digital signature ([0027: “use a private encryption key allows recipients to decode the digital signature to also confirm” is understood mean that the decoding is performed using the public key since the corresponding private key is utilized in the creation of the digital signature), which meets the limitation of verifying the hashed update digital signature corresponding to the software update using a public key associated with the private key. The hash is included in the software package so that the computers can confirm the software in the package prior to execution ([0027]), which meets the limitation of executing the software update in response to verifying the hashed update digital signature of the software update. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the contents of the software package of Albornoz to have cryptographically hashed and digitally signed in the manner described in Stewart in order to ensure that the software package contents are free from errors and to confirm the agency that generated the hashes as suggested by Stewart ([0027]).
Referring to claim 6, Albornoz discloses that the monitoring includes system calls performed by the software ([0044]), which meets the limitation of wherein the collected metrics is system calls made.
Referring to claims 8, 9, Albornoz discloses the software application from the package is executed on the computer system such that the tasks performed by the executing software application are compared to the behavior profile to determine if the task is allowed according to the behavior profile ([0057]), which meets the limitation of comparing information in the update behavior profile with metrics collected during running of the update executable. If the task is not allowed based on the behavior profile, the software application can be forcibly quit ([0058]), which meets the limitation of determining whether anomalous behavior is detected in the update executable based on the comparing, and responsive to determining that anomalous behavior is detected in the update executable based on the comparing, performing a set of mitigation action steps, wherein the set of mitigation action steps is stop running the update executable.
Referring to claim 10, Albornoz discloses that a neural network can be initialized to utilize the behavior profiles ([0046]), which meets the limitation of wherein a classifier classifies the behavior of the software update, and wherein the classifier is an artificial neural network.
Referring to claim 11, Albornoz discloses that the application software could include functionality for photo sharing and banking ([0041]), which meets the limitation of wherein a set of operations within the software update does not verify integrity of external resources used.
Claims 3, 5, 15, 18, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Albornoz, U.S. Publication No. 2005/0086500, in view of Stewart, U.S. Publication No. 2010/0274755, and further in view of Porat, U.S. Publication No. 2015/0135262. Referring to claims 3, 15, 18, Albornoz discloses that the behavior profile is created in a secure environment ([0040]), which meets the limitation of running [multiple iterations of] the update executable corresponding to the software update in a secure environment.
Albornoz, as modified by Stewart above, does not disclose that the behavior profile is generated by running multiple iterations of the executable. Porat discloses a malicious threat prevention system wherein multiple monitoring modules are used to perform event monitoring procedures on executing software iteratively ([0056]-[0057]), which meets the limitation of running multiple iterations of the update executable corresponding to the software update in a secure environment. The monitored events are utilized to create profiles ([0057]), which meets the limitation of determining the behavior of the software update based on running the multiple iterations of the update executable. The profiling allows for an evolving system that updates the profiles with new information ([0116]), which meets the limitation of generating the update behavior profile based on the behavior of the software update during the running of the multiple iterations of the update executable. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the behavior profiles of Albornoz to have been generated using the iterative monitoring/updating process of Porat in order to provide real-time malware threat detection as suggested by Porat ([0057]).
Referring to claims 5, 20, Albornoz discloses that the behavior profiles are generated by monitoring live execution of the software such that the audit data from the monitored live execution is utilized to create the profiles ([0039]-[0040]) specific to the particular IDS behavioral profile format being generated ([0043]: many different formats allows for the system to generate a different profile for each different system), which meets the limitation of collecting metrics for each run of the update executable on a plurality of secure platforms, and generating the update behavior profile corresponding to the software update based on collected metrics for each run of the update executable on the plurality of secure platforms.
Claim 7 are rejected under 35 U.S.C. 103 as being unpatentable over Albornoz, U.S. Publication No. 2005/0086500, in view of Stewart, U.S. Publication No. 2010/0274755, and further in view of Xu, U.S. Publication No. 2013/0047149. Referring to claim 7, Albornoz discloses an executable monitoring system wherein a software package includes the actual software along with a behavior profile ([0037]) that it utilized to detect proper execution of the software in the software package ([0057]), which meets the limitation of generating an update package that includes the update executable and the update behavior profile [cryptographically signed using the private key corresponding to a provider of the software update]. Examiner notes that the name of the software (i.e., update executable) represents non-functional descriptive material that does not receive patentable weight (See MPEP 2111.05). Albornoz discloses that the software package can be distributed to the computer system over a communication network ([0066] & Figure 1), which meets the limitation of distributing the update package.
Albornoz does not specify that the software package is cryptographically hashed and digitally signed. Stewart discloses cryptographically hashing each item of a software package and then additionally digitally signing the cryptographic hashes using the private key ([0027]: “digital signature to also confirm” makes it clear that the signature is of the cryptographic hashes mentioned in the same paragraph), which meets the limitation of cryptographically signed using the private key corresponding to a provider of the software update. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the contents of the software package of Albornoz to have cryptographically hashed and digitally signed in the manner described in Stewart in order to ensure that the software package contents are free from errors and to confirm the agency that generated the hashes as suggested by Stewart ([0027]).
Albornoz, as modified by Stewart above, does not specify that the software package is uploaded for distribution. Xu discloses the creation of software packages that are uploaded to a server for distribution ([0056]), which meets the limitation uploading the update package to an update process for distribution. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed for the software packages of Albornoz to have been uploaded for distribution in order to allow for the software packages to be downloaded by other users as suggested by Xu ([0056]).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Albornoz, U.S. Publication No. 2005/0086500, in view of Stewart, U.S. Publication No. 2010/0274755, and further in view of Broberg, U.S. Publication No. 2007/0174899. Referring to claim 12, Albornoz discloses that the software application can allow for user access to photo sharing and banking functionality ([0041]) and that the software profiles can include resource permissions ([0030]).
Albornoz, as modified by Stewart above, does not specify that the software application can allow for adding users and corresponding privileges. Broberg discloses a software testing system wherein new user accounts are created that include a variety of permission levels such that the software tests the permissions for the user account ([0021]), which meets the limitation of wherein the software update creates a set of new user identities with certain privileges on a host data processing system, and wherein verifying the behavior of the software update includes verifying the created set of new user identities and corresponding privileges. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the software application verification procedures of Albornoz to have include the permissions testing described in Broberg in order to ensure that users of the software application will have sufficient permissions as suggested by Broberg ([0002]).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805.  The examiner can normally be reached on M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437