DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-15 are pending.

Priority
Acknowledgement is made of applicant's claim for priority based on application EP18382692.4 filed on 09/28/2018.
Receipt is acknowledged of papers submitted under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file. 

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f): 

(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 

An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.


As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “a package analyzer module configured to analyze…”,  “a risk computation module configured to compute…”, “a hashing and decompression module configured to performing…and decompressing…”, and “a comparison module to determining… and performing…” in claims 10-12.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Objections
Claims 1-7, 10-13, and 15 are objected to because of the following informalities:  
“a software extension” in line 4 of claim 1, line 2 of claim 2, line 3 of claim 10 should read “the software extension”.
“a marketplace” in line 2 of claim 2 should read “the marketplace”.
“contents” in line 2 of claim 3 should read “the contents”.
“if” in line 5 of claim 3, line 7 of claim 5, line 6 of claim 12, line 16 of claim 13 should read “responsive to determining”.
“a previously-stored extension” in lines 5-6 of claim 3, line 6 of claim 12 should read “the previously-stored extension”.
 “the same extension” in line 8 of claim 3 should read “the same software extension”.
“contents” in line 2 of claims 4, 5, 6, 7 should read “the contents”.
“all the files” in line 6 of claims 4, 13 should read “all files”.
“code files” in line 8 of claim 5, line 17 of claim 13 should read “the code files”.
“its comments” in last line of claim 5, lines 17-18 of claim 13 should read “comments of the code files”.
“the extension acts if the extension” in line 6 of claim 6, line 13 of claim 13 should read “the software extension acts responsive to determining the software extension”.
“the content” in line 3 of claim 7, line 26 of claim 13 should read “the contents”.
“the obtained” in lines 5, 9 of claim 10, line 7 of claim 12 should read “the downloaded”.
“content” in line 9 of claim 10 should read “the contents”.
“previously-downloaded software extension” in line 10 of claim 10 should read “the previously-downloaded software extension”.
“performing” in line 3 of claim 11 should read “perform”.
“decompressing” in last line of claim 11 should read “decompress”.
“determining” in line 3 of claim 12 should read “determine”.
“a local database” in lines 4-5 of claim 12 should read “the local database”.
“the files” in line 7 of claim 12 should read “files”.
“to computer implemented method of claim 1” in last line of claim 15 appears to be a typographical error.
Appropriate correction is required.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.


The following is a quotation of pre-AIA  35 U.S.C. 112, fourth paragraph:
Subject to the following paragraph [i.e., the fifth paragraph of pre-AIA  35 U.S.C. 112], a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.


Claim 15 is rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends.  Claim 15 fails to further limit a preceding claim, fails to further limit the claim it depends from, or fails to include all of the limitations of the claim upon which it depends as one can possess the medium without executing the method.  Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 8-10, 14, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Li (US 20130212684) in view of Li (US 20140019456).

Claim 1, Li 684 discloses A computer implemented method for analysis of a software extension for installation and execution in a computing system, the method comprising: 
obtaining a software extension, analyzing contents of the obtained software extension; and (e.g. figs. 1-2, ¶22-23: FIG. 2 depicts a more detailed example of risk assessment manager 112 according to one embodiment. An analyzer manager 202 may analyze applications 108 to provide information to a security ratings manager 204, which uses the information to determine security ratings for applications 108.)
computing a risk index based on the analyzed software extension and on information related to previously-downloaded software extensions stored in a local database, (e.g. ¶25, 29:  Analyzer modules 206 receive samples of known malicious applications to identify patterns that are unique to these types of applications. Heuristic analyzer 206-6 then compares incoming applications with these patterns to identify any meaningful similarities that would identify an incoming application that is suspicious. A signature analyzer compares signatures of incoming applications with these patterns to identify any meaningful similarities…Depending on the analysis, security ratings manager 204 assigns a security rating to each application 108 and may store the security rating in an application database 210. The various security ratings include certified, malicious, high-risk, faked/cloned, and low-risk/noisy ratings and how mobile devices 104 uniquely use applications 108 in a mobile environment.)
wherein the risk index is computed before installing and executing the software extension in the computing system, and  (e.g. ¶16, 22: A user may then review the security ratings and decide whether to download an application)
wherein a high value of the risk index persuades a user to install and execute the software extension in the computing system. (e.g. ¶16, 30: the certified security rating is for secured and approved applications 108 from trusted providers that are determined to pose no threat to mobile devices 104) 
Although Li 684 discloses obtaining a software extension and a marketplace (see above), Li 684 does not appear to explicitly disclose but Li 456 discloses obtaining a software extension from a marketplace (e.g. ¶25: Back-end security system 102 includes a scan engine 202 that may crawl marketplaces 106-1-106-N. In crawling, scan engine 202 may retrieve instances of applications 108 from application marketplaces 106. For example, a download agent 204 of scan engine 202 downloads each application 108 from marketplaces 106.).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Li 456 into the invention of Li 684 for the purpose of scanning applications in martketplaces (Li 456, ¶25).

Claim 8, Li 684-Li 456 discloses The computer implemented method according to claim 1, further comprising obtaining a plurality of software extensions by accessing known marketplaces given from a list of known marketplaces.  (Li  456, e.g. ¶25).  Same motivation as in claim 1 would apply.

Claim 9, Li 684-Li 456 discloses The computer implemented method according to claim 1, further comprising providing the risk index to a user of the computing system. (Li 684, e.g. ¶16, 34)

Claim 10, Li 684 discloses A system for analysis of a software extension for execution in a computing system, (e.g. figs. 1, 6, ¶63) the system comprising: 
an internet bot module; (e.g. ¶38, 41: example, a crawler may crawl through various application marketplaces 106)
a package analyzer module configured to analyze contents of the obtained software extension; (e.g. figs. 1-2, ¶22-23: FIG. 2 depicts a more detailed example of risk assessment manager 112 according to one embodiment. An analyzer manager 202 may analyze applications 108 to provide information to a security ratings manager 204, which uses the information to determine security ratings for applications 108.)
a local database storing previously-downloaded software extensions; and a risk computation module configured to compute a risk index based on the analyzed content of the obtained software extension and on information related to previously-downloaded software extensions in the local database, (e.g. ¶25, 29:  Analyzer modules 206 receive samples of known malicious applications to identify patterns that are unique to these types of applications. Heuristic analyzer 206-6 then compares incoming applications with these patterns to identify any meaningful similarities that would identify an incoming application that is suspicious. A signature analyzer compares signatures of incoming applications with these patterns to identify any meaningful similarities…Depending on the analysis, security ratings manager 204 assigns a security rating to each application 108 and may store the security rating in an application database 210. The various security ratings include certified, malicious, high-risk, faked/cloned, and low-risk/noisy ratings and how mobile devices 104 uniquely use applications 108 in a mobile environment.)
wherein the risk index is computed before installing and executing the software extension in the computing system, and (e.g. ¶16, 22: A user may then review the security ratings and decide whether to download an application)
wherein a high value of the risk index persuades a user to install and execute the software extension in the computing system. (e.g. ¶16, 30: the certified security rating is for secured and approved applications 108 from trusted providers that are determined to pose no threat to mobile devices 104) 
Although Li 684 discloses an internet bot module (see above), Li 684 does not appear to explicitly disclose but Li 456 discloses an internet bot module configured to download a software extension from a marketplace (e.g. ¶25: Back-end security system 102 includes a scan engine 202 that may crawl marketplaces 106-1-106-N. In crawling, scan engine 202 may retrieve instances of applications 108 from application marketplaces 106. For example, a download agent 204 of scan engine 202 downloads each application 108 from marketplaces 106.).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Li 456 into the invention of Li 684 for the purpose of scanning applications in martketplaces (Li 456, ¶25).

Claim 14, Li 684-Li 456 discloses The system for analysis of a software extension of claim 10, wherein the internet bot module is a web crawler.  (Li 456, e.g. ¶24-25).  Same motivation as in claim 10 would apply.

Claim 15, Li 684-Li 456 discloses A computer program encoded on a non-transitory digital data storage medium, the program comprising non-transitory computer readable instructions for causing one or more processors to perform operations to computer implemented method of claim 1. (Li 684, figs. 1, 6, ¶64, 66-67).

Claims 2 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Li (US 20130212684) in view of Li (US 20140019456) and further in view of Kay (US 8935755).

Claim 2, Li 684-Li 456 discloses The computer implemented method of claim 1, wherein obtaining a software extension from a marketplace comprises: downloading the software extension from the marketplace with a web crawler; (Li 456, e.g. ¶25) performing a hash function of the downloaded software extension for indexing the downloaded software extension; (Li 456, e.g. ¶30-31).  
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Li 456 into the invention of Li 684 for the purpose of scanning applications in martketplaces (Li 456, ¶25) and uniquely identifying an application (Li 456, ¶30).
Li 684-Li 456 does not appear to explicitly disclose but Kay discloses decompressing the downloaded software extension (e.g. col. 9, ll. 36-44).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Kay into the invention of Li 684-Li 456 for the purpose of un-packaging the application into a predetermined location (Kay, col. 9, ll. 42-44).

Claim 11, Li 684-Li 456 discloses The system for analysis of a software extension of claim 10, further comprising a hashing module configured to: performing a hash function of the downloaded software extension for indexing the downloaded software extension  (Li 456, e.g. ¶30-31).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Li 456 into the invention of Li 684 for the purpose of uniquely identifying an application (Li 456, ¶30).
Although Li 684-Li 456 discloses a hashing module (see above), Li 684-Li 456 does not appear to explicitly disclose but Kay discloses a decompressing module configured to decompressing the downloaded software extension (e.g. col. 9, ll. 36-44).
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Kay into the invention of Li 684-Li 456 for the purpose of un-packaging the application into a predetermined location (Kay, col. 9, ll. 42-44).

Claims 3, 7, and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Li (US 20130212684) in view of Li (US 20140019456) in view of Kay (US 8935755) and further in view of Mao (US 8869284).

Claim 3, Li 684-Li 456-Kay discloses The computer implemented method of claim 2, wherein analyzing contents of the obtained software extension comprises: determining if the software extension is a new extension or a new version of a previously-stored extension in the local database; and if the software extension is a new version of a previously-stored extension (Li 456, e.g. ¶25, 28-29, 31, 35, 37).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Li 456 into the invention of Li 684 for the purpose of certifying instances of applications (Li 456, ¶29).  Li 684-Li 456 does not appear to explicitly disclose but Kay discloses the software extension is decompressed (e.g. col. 9, ll. 36-44).  Same motivation as in claim 2 would apply.
Li 684-Li 456-Kay does not appear to explicitly disclose but Mao discloses performing a comparison of files in the software extension against previous versions of the same extension, stored in the local database.  (e.g. col. 8, ll. 33-37, col. 9, ll. 9-24)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Mao into the invention of Li 684-Li 456-Kay for the purpose of determining that the application is trustworthy and/or safe (Mao, col. 9, ll. 21-24).

Claim 7, Li 684-Li 456-Kay-Mao discloses The computer implemented method according to claim 3, wherein analyzing contents of the obtained software extension comprises parsing the content of the software extension against known malware located in an external database. (Li 684, e.g. ¶25)

Claim 12, Li 684-Li 456-Kay discloses The system for analysis of a software extension of claim 11, further comprising: a comparison module to determining if the software extension is a new extension or a new version of a previously-stored extension in a local database; and if the software extension is a new version of a previously-stored extension (Li 456, e.g. ¶25, 28-29, 31, 35, 37).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Li 456 into the invention of Li 684 for the purpose of certifying instances of applications (Li 456, ¶29).  Li 684-Li 456 does not appear to explicitly disclose but Kay discloses the software extension is decompressed (e.g. col. 9, ll. 36-44).  Same motivation as in claim 2 would apply.
 Li 684-Li 456-Kay does not appear to explicitly disclose but Mao discloses performing a comparison of the files of the obtained software extension and files of previously-downloaded extensions stored in the local database.  (e.g. col. 8, ll. 33-37, col. 9, ll. 9-24)
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features described by Mao into the invention of Li 684-Li 456-Kay for the purpose of determining that the application is trustworthy and/or safe (Mao, col. 9, ll. 21-24).

Allowable Subject Matter
Claims 4, 5, 6, and 13 would be allowable if rewritten (a) in independent form including all of the limitations of the base claim and any intervening claims and (b) to overcome the objections set forth above.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 

US 20170169223 discloses the module for comparing and classifying the revised application variance 130 can find a different code segment between the first decompiled code (such as a decompiled code of the new version of the application package file) and the second decompiled code (such as a decompiled code of the old version of the application package file) by comparing bytes, strings, function names, file names, etc.


US 20140289859 discloses The security or other attributes of mobile applications may be assessed and assigned a security score. In one implementation, a device may obtain information relating to the mobile applications, and may determine, for each of the mobile applications, a number of security scores. Each of the security scores may define a level of risk for a security category relating to a mobile application. The device may further combine the security scores, for each of the mobile applications, to obtain, for each of the mobile applications, a final security score. 


US 8386604 discloses method of assigning blame to web browser extensions and applications is described. The method gathers performance data about a web application, detects a problem with the web application based on the performance data, and displays, when the problem is detected, an indication of the problem adjacent an indicator representing the web application.

US 20120240236 discloses a crawler program collects and stores application programs including application binaries and associated metadata from any number of sources such as official application marketplaces and alternative application marketplaces. An analysis including comparisons and correlations are performed among the collected data in order to detect and warn users about pirated or maliciously modified applications. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRONG NGUYEN whose telephone number is (571)270-7312.  The examiner can normally be reached on Monday through Thursday 9:00 AM - 5:00 PM EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRONG H NGUYEN/Primary Examiner, Art Unit 2436