DETAILED ACTION
I.	Claims 1-20 have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
The current application claims foreign priority to 2018101764, filed 01/17/2018.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 01/09/2019; 01/30/2019; 06/03/2019; 10/09/2019; 10/17/2019; 10/23/2019; 11/06/2019; 12/10/2019; 01/08/2020; 04/07/2020; 05/15/2020; 06/02/2020; and 06/23/2020 have been considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No. US 20160029221 A1 to Suarez et al., hereinafter Suarez, and further in view of United States Patent Application Publication No. US 20190089740 A1 to Hastings, hereinafter Hastings.
Regarding claim 1, Suarez teaches a method of executing a distributed malware check, the method executable in a computer device having access to a distributed malware register and a transaction pool that are implemented in a peer-to-peer network, the peer-to-peer network having a plurality of networked computer devices (paragraphs 85 and 86), the method comprising: 
receiving input data identifying a potential malware (Figure 5, paragraphs 33, 51, 52, 54 and 55); 
checking the potential malware based on the input data (Figure 5, paragraphs 33, 51, 52, 54 and 55); 
adding check parameters and at least one result of the potential malware check into the transaction pool (Figure 5, paragraphs 33, 51, 52, 54 and 55); 
If a suitable response is not received from the mobile device within the expected response time, the network server may determine there has been a disruption to that device's behavioral monitoring and analysis system, which may indicate that that the system has been compromised, has been infected with malware, is experiencing an attack, or is otherwise not functioning correctly or as expected.”, and paragraphs 52, 54, and 55), 
determining a harmfulness parameter based on results of the distributed malware check of the potential malware (paragraphs 33, 51, 52, 54, 55 and 88); 

Suarez discloses the claimed invention, as cited above.  However, Suarez does not disclose the claim limitation of “storing the identified malware and associated data related to the identified malware in the distributed malware register”. Hastings discloses said claim limitation, as cited below. 
Further regarding claim 1, Hastings teaches storing the identified malware and associated data related to the identified malware in the distributed malware register (paragraph 32, “download and locally store latest virus signatures/test virus packages”). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Hastings with the teachings of Suarez in order to “enable file executions in a Sandbox and can download and locally store latest virus signatures/test virus packages, e.g., the European Institute for Computer Antivirus Research (EICAR) standard anti -malware test file or the like for testing against them without resorting to repeated downloading” (Suarez – paragraph 32).
In assessing whether a claim to a combination of prior art elements/steps would have been obvious, the question to be asked is whether the improvement of the claim is more than the predictable use of prior art elements or steps according to their established functions. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). “[T]he analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps 
The obviousness to combine for claim 1 also pertains to claims 15 and 20.
Regarding claim 2, Suarez teaches wherein the receiving the input data comprises receiving the input data from at least one sources selected from one of: a computer device in the peer-to-peer network, at least one client device, a pre-populated database, a remote server, and a computer-readable medium (paragraphs 29, 33, 38, and 39). 
Regarding claim 3, Suarez teaches wherein the input data contains at least one pointer of the potential malware (paragraphs 33 and 39). 
Regarding claim 4, Suarez teaches wherein the input data additionally contains at least one of: a malware signature; a malware attribution data (paragraphs 50, 51, and 56, “executable code or scripts that cause the mobile device to perform various operations associated with known malware and cyber attacks, or operations that are known cause a well-defined reaction in properly functioning behavioral monitoring/analysis systems”). 
Regarding claim 5, Suarez teaches wherein the receiving the input data comprises receiving the input data at least partially in a hashed form (paragraph 96). 
Regarding claim 6, Suarez teaches wherein the method further comprises hashing at least a portion of the input data in response to the at least the portion of the input data having been received in a non-hashed form (paragraph 96). 
Regarding claim 7, Suarez teaches wherein after receiving the input data, the method further comprises receiving, from at least one additional source accessible to the computer device, additional input data associated with the potential malware (paragraphs 29, 33, 38, and 39). 
Regarding claim 8, Suarez teaches wherein the receiving results of the distributed check of the potential malware is executed in response to a check of the potential malware taking into account the additional input data (Figure 5, paragraphs 33, 51, 52, 54 and 55). 
Regarding claim 9, Suarez teaches wherein receiving results of the distributed check of the potential malware is executed in response to a check of the potential malware using a machine-learning algorithm (Figure 2, paragraphs 29, 40, and 88). 
Regarding claim 10, Suarez teaches wherein the method further comprises updating a training sample of the machine-learning algorithm based on an outcome of the distributed check of the potential malware (Figure 2, paragraphs 29, 40, and 88). 
Regarding claim 11, Suarez teaches wherein the receiving results of the distributed check of the potential malware is executed in response to an automated check (Figure 5, paragraphs 33, 51, 52, 54 and 55).                 [Automating a manual activity is not a patently distinct feature.  Please refer to MPEP 2144.04: “In re Venner, 262 F.2d 91, 95, 120 USPQ 193, 194 (CCPA 1958)… The court held that broadly providing an automatic or mechanical means to replace a 
Regarding claim 12, Suarez teaches wherein the receiving results of the distributed check of the potential malware is executed in response to a manual check (Figure 5, paragraphs 33, 51, 52, 54 and 55). 
Regarding claim 13, Suarez teaches wherein the method further comprises at least one of: determining harmfulness of the potential malware; validating a signature of the potential malware; determining attribution data associated with the potential malware (paragraph 33, “the network server may determine that there is a high probability that the behavior-based security system of the target device has been compromised or improperly modified, has been infected with malware, or is under attack in response to determining that the operations performed in the target device (or the behaviors of the target device) after the installation of the artificial attack software are not consistent with the operations/behaviors expected from a similarly equipped device under similar attack conditions”, and paragraph 51, “To identify, prevent, and/or respond to malware, attacks or other events compromising the behavioral monitoring and analysis system, the mobile device may be configured to work in conjunction with a network server (or another computing device, a component in the same computing device, etc.) to monitor the accuracy and performance of the behavioral monitoring and analysis system of the mobile device, and determine whether the system is working correctly, efficiently, or as expected. The network server may be configured to generate and send artificial attack software to the mobile device and listen for a response from the mobile device within an If a suitable response is not received from the mobile device within the expected response time, the network server may determine there has been a disruption to that device's behavioral monitoring and analysis system, which may indicate that that the system has been compromised, has been infected with malware, is experiencing an attack, or is otherwise not functioning correctly or as expected.”). 
Regarding claim 14, Suarez teaches wherein the determining the attribute data is based on the data associated with the potential malware, the data having been received from one of: the input data; the distributed malware register; a malicious resource database (Figure 5, paragraphs 33, 51, 52, 54, 55 and 65). 
Suarez teaches the claimed invention, as cited above.  However, Suarez does not teach the claim limitations pertaining to “wherein the storing further comprises: acquiring and storing additional data associated with the potential malware, the acquiring being from at least one additional source, accessible to the computer device”.  Hastings teaches said claim limitations, as cited below.
Regarding claim 15, Hastings teaches wherein the storing further comprises: acquiring and storing additional data associated with the potential malware, the acquiring being from at least one additional source, accessible to the computer device (paragraph 32, “download and locally store latest virus signatures/test virus packages”). 
Regarding claim 16, Suarez teaches wherein the determining the harmfulness at least one of: a number of the peer-to-peer network computer devices that downloaded data associated with the potential malware; a reputation of the peer-to-peer network computer devices that downloaded data associated with the potential malware; a number of the peer-to-peer network computer devices that confirmed the result of the check of the potential malware; a reputation of the peer-to-peer network computer devices that confirmed the result of the check of the potential malware (paragraphs 33, 51, 52, 54, 55 and 88). 
Regarding claim 17, Suarez teaches wherein the method further comprises, after the storing, charging tokens to the computer devices of the distributed peer-to-peer network where the check results were obtained, the tokens corresponding to the harmfulness parameter determined based on the results of the distributed check of the potential malware (paragraphs 33, 51, 52, 54, 55 and 88). 
Regarding claim 18, Suarez teaches wherein the method further comprises, after storing the indication of the malware and associated data in at least one malware database accessible to the computer device (Figure 5, paragraphs 33, 51, 52, 54, 55 and 65). 
Regarding claim 19, Suarez teaches wherein the method further comprises, after storing the indication of the malware and associated data into a training set of a machine-learning algorithm (Figure 2, paragraphs 29, 40, and 88). 
Regarding claim 20, Suarez discloses a computer device for distributed malware check, the computer device having access to a distributed register and a transaction pool that are implemented as part of a peer-to-peer network, the computer device comprising a communication interface and a processor functionally coupled to the communication interface (paragraphs 11, 15 and 46, “Such feedback communications between the observer and analyzer modules enable the computing device processor to recursively increase the granularity of the observations (i.e., make finer or more detailed observations) or change the features/behaviors that are observed until behavior is classified as either benign or non-benign, until a processing or battery consumption threshold is reached, or until the computing device processor determines that the source of the suspicious or performance-degrading computing device behavior cannot be identified from further increases in observation granularity.”), 
the processor configured to: 
receive input data identifying a potential malware (Figure 5, paragraphs 33, 51, 52, 54 and 55); 
check the potential malware based on the input data (Figure 5, paragraphs 33, 51, 52, 54 and 55); 
add check parameters and at least one result of the potential malware check into the transaction pool (Figure 5, paragraphs 33, 51, 52, 54 and 55); 
receive results of the distributed check of the potential malware from the plurality of networked computer devices (paragraph 33, “the network server may determine that there is a high probability that the behavior-based security system of the target device has been compromised or improperly modified, has been infected with malware, or is If a suitable response is not received from the mobile device within the expected response time, the network server may determine there has been a disruption to that device's behavioral monitoring and analysis system, which may indicate that that the system has been compromised, has been infected with malware, is experiencing an attack, or is otherwise not functioning correctly or as expected.”, and paragraphs 52, 54, and 55); 
determine a harmfulness parameter based on results of the distributed malware check of the potential malware (paragraphs 33, 51, 52, 54, 55 and 88);
 in response to the harmfulness parameter of the potential malware exceeds a predetermined threshold value, identify the potential malware as malware (Figure 5, paragraphs 33, 51, 52, 54 and 55).
Suarez discloses the claimed invention, as cited above.  However, Suarez does not disclose the claim limitation of “store the identified malware and associated data related to the identified malware in the distributed malware register”. Hastings discloses said claim limitation, as cited below. 
Further regarding claim 20, Hastings discloses store the identified malware and associated data related to the identified malware in the distributed malware register (paragraph 32, “download and locally store latest virus signatures/test virus packages”).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The references cited on form PTO-892 are cited to further show the state of the art with respect to malware detection.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMIAH L AVERY whose telephone number is (571)272-8627.  The examiner can normally be reached on M-F 8:30am -5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JEREMIAH L AVERY/Primary Examiner, Art Unit 2431