DETAILED ACTION
This Office Action is in response to an application filed on April 24, 2019, in which claims 1 through 19 are pending, and ready for examination.  

Acknowledgement is made of Applicant’s claim for domestic benefit from Provisional Application No. 62/739,094, filed on September 28, 2018.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Information Disclosure Statement
The five (5) information disclosure statements (IDS) submitted between June 7, 2019 and September 28, 2020 were filed before the mailing date of a first Office Action on the merits.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.  

Claim Objections
Claims 1, 3, 10-12, 15, and 16 are objected to because of the following informalities:

Each of claims 1, 11, and 15 recite, at the end of the claim(s), “any of the privileged sources”.  
one or more privileged sources”.  
Appropriate correction is required.  

Claims 3, 10, 12, and 16 each recite, “disallowing modification one or more”.
It appears that each of the claims should recite, “disallowing modification of one or more”.  
Appropriate correction is required.  

Claim 10 does not end with a period.  
Appropriate correction is required.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:  
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.  


Claims 1-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Richardson, et al., U.S. Pub. No. 2018/0189478 (hereinafter referred to as Richardson).  

With regard to claim 1, Richardson discloses receiving and storing indications of one or more privileged sources that are each designated as providing Richardson, [0042]; disclosed “application identifiers” and/or “source identifiers” that are received are indications; disclosed white list/black list of trusted/untrusted source identifiers that are safe (privileged) or unsafe (not privileged) is storage of those indications); receiving an indication of a program (Richardson, [0042]; [0066]; [0728]; “authorized Google Play store or Apple App Store”, “trusted based on a prior history with that source”, and “prior copies of software may have been previously trusted” are all indications of a program); determining whether or not the program is provided by one of the one or more privileged sources (Richardson, [0079]; [0083]; disclosed “trusted sources” are privileged sources); and disallowing execution of the program, when the program is not provided by any of the privileged sources (Richardson, [0038]; [0074]; execution of the software is blocked when determined to be unsafe).  

With regard to claim 2, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses when the indicated program is provided by a network-accessible source, determining whether the network-accessible source is one of the one or more privileged sources (Richardson, [0042]; [0066]; [0728]; Google Play store and Apple App Store are network accessible sources); and when the network-accessible source is not one of the one or more privileged sources, disallowing execution of the program (Richardson, [0038]; [0074]; execution of the software is blocked when determined to be unsafe).  

Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses disallowing modification one or more directories that are identified by the one or more sources as providers of programs that are allowed to be executed by the computing system (Richardson, [0037]; [0066]; disclosed Apple App Store and Google Play store are “directories identified”).  

With regard to claim 4, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses wherein the disallowing execution of the program includes: terminating the program, suspending the program, and/or raising an exception (Richardson, [0622]; stopping of program components disclosed).  

With regard to claim 5, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses wherein the disallowing execution of the program includes: executing the program in an alternative execution environment (Richardson, [0080]; [0240]; [0652]).  

With regard to claim 6, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses receiving the indications of the one or more sources from a file (Richardson, [0072]; file or database disclosed); and disallowing modification of the file by non-privileged users (Richardson, [0072]; developer application disclosed, thus non- developer users cannot make modifications).  

With regard to claim 7, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses receiving the indication of the program in a Web browser, wherein the program is JavaScript code; and determining whether the program is provided by a server that is one or more of the privileged sources (Richardson, [0068]; [0349]; disclosed Android app coded in Java).  

With regard to claim 8, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses wherein the determining whether or not the program is provided by one of the one or more privileged sources includes looking up an identifier of the source in a white list (Richardson, [0039]).  

With regard to claim 9, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses disallowing installation of programs on the computing system (Richardson, [0038]; [0042]; [0066]; [0074]; [0728]; app not installed unless authorized by app store).  

With regard to claim 10, Richardson discloses the limitations of claim 1, as stated.  Richardson further discloses when the indicated program is provided by a network-accessible source, determining whether the network-accessible source is one of the one or more privileged sources (Richardson, [0042]; [0066]; [0728]; Google Play store and Apple App Store are network accessible sources); when the network-accessible source is not one of the one or more privileged sources, Richardson, [0038]; [0074]; execution of the software is blocked when determined to be unsafe); disallowing modification one or more directories that are identified by the one or more sources as providers of programs that are allowed to be executed by the computing system (Richardson, [0037]; [0066]; disclosed Apple App Store and Google Play store are “directories identified”); receiving the indications of the one or more sources from a file (Richardson, [0072]; file or database disclosed); disallowing modification of the file by non-privileged users (Richardson, [0072]; developer application disclosed, thus non- developer users cannot make modifications); and executing the program in an alternative execution environment that is a virtual machine executed by the computing system (Richardson, [0080]; [0240]; [0652])  

With regard to claim 11, Richardson discloses a non-transitory computer-readable medium including contents that are configured, when executed, to cause a computing system to perform a method (Richardson, Claim 20) for computer security, the method comprising: receiving and storing indications of one or more privileged sources that are each designated as providing programs that are allowed to be executed on a computing system (Richardson, [0042]; disclosed “application identifiers” and/or “source identifiers” that are received are indications; disclosed white list/black list of trusted/untrusted source identifiers that are safe (privileged) or unsafe (not privileged) is storage of those indications); receiving an indication of a program (Richardson, [0042]; [0066]; [0728]; “authorized Google Play store or Apple App Store”, “trusted based on a prior history with that source”, and “prior copies of software may have been previously trusted” are all indications of a program); determining whether or not the program is provided by one of the one or more privileged sources (Richardson, [0079]; [0083]; disclosed “trusted sources” are privileged sources); and disallowing execution of the program, when the program is not provided by any of the privileged sources (Richardson, [0038]; [0074]; execution of the software is blocked when determined to be unsafe).  

With regard to claim 12, Richardson discloses the limitations of claim 11, as stated.  Richardson further discloses when the indicated program is provided by a network-accessible source, determining whether the network-accessible source is one of the one or more privileged sources (Richardson, [0042]; [0066]; [0728]; Google Play store and Apple App Store are network accessible sources); when the network-accessible source is not one of the one or more privileged sources, disallowing execution of the program (Richardson, [0038]; [0074]; execution of the software is blocked when determined to be unsafe); disallowing modification one or more directories that are identified by the one or more sources as providers of programs that are allowed to be executed by the computing system (Richardson, [0037]; [0066]; disclosed Apple App Store and Google Play store are “directories identified”); receiving the indications of the one or more sources from a file (Richardson, [0072]; file or database disclosed); and disallowing modification of the file by non-privileged users (Richardson, [0072]; developer application disclosed, thus non- developer users cannot make modifications).  

Richardson discloses the limitations of claim 11, as stated.  Richardson further discloses wherein the disallowing execution of the program includes: terminating the program, suspending the program, and/or raising an exception (Richardson, [0622]; stopping of program components disclosed).  

With regard to claim 14, Richardson discloses the limitations of claim 11, as stated.  Richardson further discloses wherein the disallowing execution of the program includes: executing the program in an alternative execution environment that is a virtual machine executed by the computing system (Richardson, [0080]; [0240]; [0652]).  

With regard to claim 15, Richardson discloses a processor (Richardson, [0042]); a memory (Richardson, [0042]); a module that is stored in the memory and that is configured, when executed by the processor, to perform a method (Richardson, [0042]) comprising: receiving and storing indications of one or more privileged sources that are each designated as providing programs that are allowed to be executed on a computing system (Richardson, [0042]; disclosed “application identifiers” and/or “source identifiers” that are received are indications; disclosed white list/black list of trusted/untrusted source identifiers that are safe (privileged) or unsafe (not privileged) is storage of those indications); receiving an indication of a program (Richardson, [0042]; [0066]; [0728]; “authorized Google Play store or Apple App Store”, “trusted based on a prior history with that source”, and “prior copies of software may have been previously trusted” are all indications of a program); determining whether or not the program is provided by one of the one or more privileged sources (Richardson, [0079]; [0083]; disclosed “trusted sources” are privileged sources); and disallowing execution of the program, when the program is not provided by any of the privileged sources (Richardson, [0038]; [0074]; execution of the software is blocked when determined to be unsafe).  

With regard to claim 16, Richardson discloses the limitations of claim 15, as stated.  Richardson further discloses 
when the indicated program is provided by a network-accessible source, determining whether the network-accessible source is one of the one or more privileged sources (Richardson, [0042]; [0066]; [0728]; Google Play store and Apple App Store are network accessible sources); 
when the network-accessible source is not one of the one or more privileged sources, disallowing execution of the program (Richardson, [0038]; [0074]; execution of the software is blocked when determined to be unsafe);
and disallowing modification one or more directories that are identified by the one or more sources as providers of programs that are allowed to be executed by the computing system (Richardson, [0037]; [0066]; disclosed Apple App Store and Google Play store are “directories identified”);
disallowing execution of the program includes by executing the program in an alternative execution environment that is the virtual machine (Richardson, [0080]; [0240]; [0652]).  

With regard to claim 17, Richardson discloses the limitations of claim 15, as stated.  Richardson further discloses receive the indication of the program in a Web browser, wherein the program is JavaScript code; and determine whether the program is provided by a server that is one or more of the privileged sources (Richardson, [0068]; [0349]; disclosed Android app coded in Java).  

With regard to claim 18, Richardson discloses the limitations of claims 15 and 17, as stated.  Richardson further discloses wherein the Web browser is configured to determine whether or not the program is provided by one of the one or more privileged sources by looking up an identifier of the source in a white list (Richardson, [0039]).  

With regard to claim 19, Richardson discloses the limitations of claims 15, 17, and 18, as stated.  Richardson further discloses wherein the Web browser is further configured to determine whether or not the program is provided by one of the one or more privileged sources based on one or more properties associated with a communication with the source, including one or more of a geographic location of the source, a time of communication, and an organization associated with the source (Richardson, [0028]; [0163]; [0356]).  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
Chien, Daniel, U.S. Pub. No. 2013/0333038
Kay, Erik, U.S. Pub. No. 2015/0180875

Any inquiry concerning this communication or earlier communications from the examiner should be directed to J. Brant Murphy whose telephone number is (571)272-6433.  The examiner can normally be reached on Monday - Friday, 8am - 4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer 





/J. BRANT MURPHY/Primary Examiner, Art Unit 2435                                                                                                                                                                                                        
May 22, 2021