DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on March 3, 2021 for application 15/974,241.  Claims 1, 14, and 21 were amended, claims 22 and 23 were added as new claims, and claims 1-6, 8, 10-17, and 20-23 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed on March 3, 2021 have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 11 of the Remarks that concerns the objection to claim 21, the amendment to claim 21 cures the deficiency and the objection is withdrawn.
	Regarding the Applicant’s response at pages 11-13 of the Remarks that concerns the § 103 rejection of independent claims 1, 14, and 21, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the pending independent claims because the arguments do not apply to some of the references currently used in the rejection of the aforementioned claims as detailed below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)	
A.	Claims 1-3, 8, 10-15, and 20-23 are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 8,756,432, “Chen”) in view of Wyatt et al. (US 2012/0240236, “Wyatt”) and Hinchliffe et al. (US 2013/0276105, “Hinchliffe”), and further in view of Mao (US 2015/0244729, “Mao”).
Regarding Claim 1
Chen discloses
A file authentication method (abstract, Fig. 2), comprising: 
1 …,
a … file digest data … (Fig. 5, Col. 9:10-35, e.g., “File Name” and “Package Name;” see also Wyatt ¶¶ [0256]-[0261], TABLE A, i.e., the file digest data encompasses the “hash” that identifies the “application” and the “icon”),
the file digest data identifying file information of the file to be authenticated (Fig. 5, Col. 9:10-35, e.g., “File Name” and “Package Name;” see also Wyatt ¶¶ [0256]-[0261], TABLE A and the associated file information), 
the file digest data including …2 and …3; 
4 …;
5 …; 
6…; 
determining file information of a target file that corresponds to the file to be authenticated from a feature database (i.e., Fig. 1, “database 120,” see also Wyatt ¶¶ [0254]-[0255], “The app crawler downloads each application from each of the different markets, stores the application, and extracts information embedded within the application itself, such as Package Name, Declared App Permissions (Entitlements), the application icon, application signing certificate, and so forth, and stores all the information in a database.”) based on the feature character string (of Mao, see 6 below) of the file to be authenticated (Figs. 1-3, Col. 8:1-42, “At step 304, one or more of the systems described herein may compare the application package file to a set of known , 
the target file matching the feature character string of the file to be authenticated (Col. 8:1-42, “In such an example, file-comparing module 106 may, after determining the signature of the application package file, transmit the signature of the application package file to server 206 so that it may be compared with the signatures of one or more known application package files contained within database 120,” i.e., the “signatures” compared here relate to the hash signatures as taught by Wyatt and Hinchliffe), 
the feature database storing at least file information and feature character strings of a plurality of genuine files (Col. 8:32-60, the system may “gather information (e.g., application and/or application-package-file metadata) about one or more known application package files [that are genuine files],” and the system “may record such information in [the feature] database 120,” and “Examples of information that may be used by file-comparing module 106 to compare the application package file to the set of known application package files may include … a digital signature [that acts as a feature character string] associated with the application file”), and 
the file information of the target file and the file information of the plurality of genuine files including at least a certificate feature value (Col. 8:42-60, i.e., “Examples of information that may be used by file-comparing module 106 to compare the ; and 
authenticating, by processing circuitry of a server (Fig. 2, Col. 8:23-31, “In such an example, file-comparing module 106 may, after determining the signature of the application package file, transmit the signature of the application package file to server 206 so that it may be compared with the signatures of one or more known application package files contained within database 120.”), the file to be authenticated according to
7 … and 
(ii) the file information of the file to be authenticated (Fig. 3, Col. 10:14-55, “For this reason, the fact that a digitally-signed repackaged application package file has not been digitally signed using the same private key as the digitally-signed application package file from which it was repackaged may indicate that the digitally-signed repackaged application package file is malicious,” where a “malicious” file fails authenticat[ion]; and Col. 8:9-22, “For example, file-comparing module 106 may compare the application package file to the set of known application package files by identifying and then comparing at least one attribute (e.g., application and/or application-package-file metadata);” see also Wyatt Fig. 21, ¶¶ [0333]-[0336], “FIG. 21 shows an overall flow 2105 for determining whether one application is a counterfeit of another application. In brief, in a step 2110, the analysis server compares first metadata [as file information] associated with or describing a first application program [to be authenticated] with second metadata [as file information] associated with or describing a second application [that acts as a target] program,”  ).  
Chen doesn’t disclose
	1 extracting …a from a file to be authenticated, the file to be authenticated including an installation package of an application,
	2 …an application icon…
	3 …a digest file of the application…
	4 generating a first string of the file to be authenticated according to the application icon of the application;
	5 generating feature text according to the digest file, and generating a second feature character string of the file to be authenticated according to the feature text;
	6 generating a feature character string of the file to be authenticated based on a combination of the first feature character string and the second feature character string;
	7 (i) the file information of the target file determined based on the feature character string of the file to be authenticated…
Wyatt, however, discloses
	1 extracting …a from a file to be authenticated (¶ [0258], “For example, an Android application package file (APK) is the file format used to distribute and install mobile application software onto devices having Google's Android operating system. To make an APK file, a program for Android is first compiled, and then all of its parts are packaged into one file;” and ¶ [0262], “The database may include extract[ed] data, i.e., data that is extracted from the application program or binary,” and ¶ [0256], “…data extracted from the application binary,…”), the file to be authenticated including an installation package of an application (¶ [0047], “Application data includes both data objects and information about data objects, such as behavioral data or metadata. Data an installation package] that may be particular to certain mobile communication devices;” and ¶ [0258], “For example, an Android application package file (APK) is the file format used to distribute and install [via an installation package] mobile application software”),
	2 …an application icon… (¶ [0261], “The “Icon” field stores the launcher icon to the application.”)
	3 …a digest file of the application… (¶ [0258], “To make an APK file, a program for Android is first compiled, and then all of its parts are packaged into one file. This holds all of that program's code such as .dex files, resources, assets, certificates, and manifest file [that acts as a digest file];” and ¶¶ [0255]-[0256], i.e., the “application metadata” is stored in the associated digest file)
	5 generating feature text according to the digest file (¶ [0257], “In a specific implementation, the identifier is a hash of the application contents,” i.e., any of the “application contents” that are “hash[ed]” serve as feature text, where such “contents” can be generat[ed] via the information in the “manifest file” that identifies the application and that then is later hashed), and generating a second feature character string of the file to be authenticated according to the feature text (¶ [0254], “In a specific implementation, each application is uniquely identified using a package name or some other mechanism such as a hash [that serves as a second feature character] of the application contents [that include the selected feature text],” ¶ [0257], “In a specific implementation, the identifier is a hash of the application contents[, some of which provide the feature text]. The application may be provided as input to a hash function which returns hash value or code so that the application can be identified;” and ¶ [0294], feature text] and comparing the hash value with hash values of the stored applications.”);
7 (i) the file information of the target file determined based on the feature character string of the file to be authenticated (Fig. 21, ¶¶ [0340]-[0341], “Similarity may be based on text (e.g., two applications having the same or similar application titles), images (e.g., two applications having the same or similar icons), video, sound, audio data, or combinations of these,” and “Video fingerprinting may be used to compare video;” and Mao ¶ [0047] (see below), i.e., Wyatt teaches a “combination of these,” but is silent as to their concatenation; Mao, however, discloses a “combination” that represents a concatenation that thus discloses the feature character string; and ¶¶ [0348]-[0351], the concatenation of Mao as a combination in Wyatt can be employed to detect a “difference” by the “interference  engine” for authentication and thus detect a “counterfeit application program” where authentication fails because of a difference in the feature character string)
Hinchliffe, however, discloses
	4 generating a first feature character string of the file to be authenticated according to the application icon of the application (¶ [0020], To this end, if it is determined that the application associated with the hash is packed (or optionally that the icon from which the hash [that acts as a first feature character] is generat[ed] is included in a packed file [to be authenticated]), it may optionally be determined that the application is not valid.);
Mao, however, discloses
	6 generating a feature character string of the file to be authenticated based on a combination of the first feature character string and the second feature character string (¶ [0047], “Generation module 108 may generate the fingerprint [that serves as a feature character string] of the system image in any suitable manner. For example, generation module 108 may generate the fingerprint of the system image by combining an individual fingerprint[, where the first and second feature character string each represent an individual fingerprint,] for each application within the plurality of applications,” and Wyatt ¶ [0341], “Similarity may be based on text (e.g., two applications having the same or similar application titles), images (e.g., two applications having the same or similar icons), video, sound, audio data, or combinations of these,” i.e., Wyatt suggests “combinations” of features to be analyzed, but is silent to combining or concatenating the features; Mao discloses the concatenation of individual fingerprints to create a single finger print that serves as a feature character string);
	Regarding the combination of Chen and Wyatt, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the file authentication method of Chen to have included the hash feature of Wyatt. One of ordinary skill in the art would have been motivated to incorporate the hash feature of Valceanu because Wyatt teaches the use of hashes as an efficient to authenticate data objects.  See Wyatt ¶ [0054], stating “For example, rather than transmitting whole data objects, such as application files or application packages, for analysis, hashing functions or hashing algorithms may be applied to data and the resulting hash of the data may be sent to the server 151. The server 151 may use the hash to uniquely identify the data object.” 

To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base method, namely icon identification that relies upon analyzing pixels, color, etc. of an icon, see Wyatt ¶ [0341], upon which the claimed invention can be seen as an “improvement” through the use of a hashing of an icon for identification, see Hinchliffe ¶ [0020];
2) the prior art contained a “comparable” method, namely the method of Hinchliffe, that has been improved in the same way as the claimed invention through the hashing of an icon for identification; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the hashing of an icon to the base method, or the identification of icons via analyzing pixels, color, etc. of Wyatt, and the results would have been predictable to one of ordinary skill in the art.
	Regarding the combination of Chen-Wyatt-Hinchliffe and Mao, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Wyatt to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).

1) the prior art contained a base method, namely the “combinations” of individual features to be analyzed, see Wyatt ¶ [0341], upon which the claimed invention can be seen as an “improvement” through the use of combining individual fingerprints to create a single fingerprint as a single “combination”, see Mao ¶ [0047] (i.e., the individual components of Wyatt, which are analyzed as a combination, are concatenated to create a single feature to be analyzed);
2) the prior art contained a “comparable” method, namely the method of Mao, that has been improved in the same way as the claimed invention through the combining of individual fingerprints (or hashes or feature character strings) to create a single fingerprint; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the combination of individual fingerprints to create a single fingerprint to the base method, or a combination of features taken individually of Wyatt, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 2
Chen in view of Wyatt and Hinchliffe, and further in view of Mao (“Chen-Wyatt-Hinchliffe-Mao”) discloses the method according to claim 1, and Chen further discloses
wherein the authenticating the file (Fig. 3, Col. 10:14-55) comprises: 
when the file information of the target file is consistent with the file information of the file (Col. 10:22-31, “For this reason, the fact that a digitally-signed repackaged application package file has not been digitally signed using the same private key as the file information of the file and target file are consistent), determining that the authentication on the file succeeds (Col. 10:22-31, “…may indicate that the digitally-signed repackaged application package file is malicious,” i.e., if the file is not malicious because of the consistency between private keys, then the authentication on the file succeeds because it is not malicious; further noting that the file information can be based upon the hashes, which are based upon the feature text and the application icon, as disclosed in Valceanu, see Fig. 5, Col. 8:54-9:9, that can similarly be used for authentication); and
when the file information of the target file is inconsistent with the file information of the file (Col. 10:22-31, “For this reason, the fact that a digitally-signed repackaged application package file has not been digitally signed using the same private key as the digitally-signed application package file from which it was repackaged…” i.e., where the “digital signature” is created with the different private keys, then the file information of the file and target file are inconsistent), determining that the authentication on the file fails (Col. 10:22-31, “…may indicate that the digitally-signed repackaged application package file is malicious,” i.e., if the file is malicious because of the inconsistency between private keys, then the authentication on the file fails because it is malicious). 
Regarding Claim 3
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 1, and Chen further discloses
wherein the determining the file information of the target file (Figs. 1-3, Col. 8:1-42) comprises: 
calculating similarity between the feature character string of the file and each of the feature character strings in the feature database (Figs. 4 &5, Col. 9:24-10:21, “similarity-determining module 108 may determine that the application package file is similar to the known application package file by 1) calculating a similarity score that indicates a degree of similarity between an attribute of the application package file with an attribute of the known application package file, and…;” and “For example, as illustrated in FIGS. 4 and 5, the fact that known-application-package-file information 400 and application-package-file information 500 share the same application-package-file name (e.g., AngryBirds—2.1.1.apk),…” where instead of using the application-package-file name, another “attribute of the application package” is used, which would include the “hash of the resource file” that acts as the feature character string of the file; see also Wyatt ¶¶ [0340]-[0342], “More particularly, in a specific implementation, in step 2110, the system measures a degree of similarity between the first and second application metadata,” and “Similarity may be based on text (e.g., two applications having the same or similar application titles), images (e.g., two applications having the same or similar icons), video, sound, audio data, or combinations of these,” i.e., the “combination” relates to the concatenation of the fingerprints as disclosed by Mao ¶ [0047]); and 
selecting at least one of the feature character strings in the feature database having the similarity within a preset range as the target file (Figs. 4 & 5, Col. 9:24-10:21, “similarity-determining module 108 may determine that the application package file is similar to the known application package file by … 2) determining that the similarity preset range is above the “threshold” and that application package is thereby select[ed]).
Regarding Claim 8
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 1, and Hinchliffe further discloses 
wherein the generating the first feature character string of the file (¶ [0020]) comprises: 
generating the first feature character string of the file according to the application icon of the application (¶ [0020]) and…1 
Wyatt further discloses
1 …a perceptual hash (pHash) algorithm or a scale invariant feature transform (SIFT) algorithm (¶¶ [0340]-[0342], “Some specific examples of image comparison techniques include Hausdorff Distance, histograms (e.g., joint histograms, color histograms), keypoint matching, and Scale-invariant feature transform (or SIFT keypoints).”).
Regarding the combination of Chen and Wyatt, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the file authentication method of Chen to have included the icon similarity feature of Wyatt. One of ordinary skill in the art would have been motivated to incorporate the icon similarity feature of Wyatt because Chen discusses the calculation of a “similarity score” based upon “a degree of similarity between the attribute of the application package,” see Chen Col. 9:55-62, and Wyatt teaches that a similarity can be 
Regarding the combination of Chen-Wyatt and Hinchliffe, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 8.
Regarding Claim 10
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 1, and Chen further discloses 
wherein the feature database (Figs. 1-3, Col. 8:1-42) stores…1, and 
the authenticating the file according to the file information of the target file and the file information of the file (Col. 10:22-31) includes 
when the file information of the target file is inconsistent with the file information of the file (Col. 10:22-31), …2; 
3 …; and 
4 ….
Wyatt further discloses
	1 … a whitelist (¶ [0210], “the whitelist automatically including changes to the sets of acceptable apps”),
	2 , … querying whether the whitelist stores the file information of the file (¶¶ [0208]-[0211], i.e., whitelists exist to be quer[ied] to assess whether an app is an “acceptable app”);
	3 when the whitelist stores the file information of the file (¶¶ [0208]-[0211], i.e., file information amounts to a name of an app that is stored in the whitelist), determining that the authentication on the file succeeds (¶¶ [0208]-[0211], i.e., any app appearing on the whitelist is an “acceptable app” that therefore succeeds in authentication);
	4 when the whitelist does not store the file information of the file (¶¶ [0208]-[0211], i.e., file information amounts to a name of an app which is not stored in the whitelist in this situation), determining that the authentication on the file fails (¶¶ [0208]-[0211], i.e., any app not appearing on the whitelist is an “[un]acceptable app” that therefore fails in authentication).
Regarding the combination of Chen and Wyatt, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the file authentication method of Chen to have included the whitelist feature of Wyatt. One of ordinary skill in the art would have been motivated to incorporate the whitelist feature of Wyatt because Wyatt teaches that “a user or IT administrator [can] easily add those sets [of acceptable apps] to a whitelist,” see Wyatt ¶ [0210], which provides a measure of flexibility in managing apps.  
Regarding Claim 11
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 10, and Wyatt further discloses
wherein the whitelist stores file information of the plurality of the genuine files (¶ [0210], “maintaining sets of acceptable apps and allowing a … IT administrator to easily add those sets to a whitelist, the whitelist automatically including changes to the sets of acceptable apps,” i.e., an IT administrator would possess the skill to populate a whitelist with only genuine apps that are therefore “acceptable apps.”).

Regarding Claim 12
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 1, and Chen further discloses  
wherein the feature database (Figs. 1-3, Col. 8:1-42) stores …1, and 
the authenticating the file according to the file information of the target file and the file information of the file (Col. 10:22-31) includes 
2 …; and
3 ….
Wyatt further discloses
	1 … file information and feature character strings of a plurality of non-genuine files (of Chen Col. 8:32-60, i.e., the storage of these attributes in the feature database) and an authentication result of each file in the plurality of genuine files and the plurality of non-genuine files (¶¶ [0208]-[0211], i.e., whitelists and blacklists possess authentication results that indicate whether a data object of interest will pass an authentication result)…
2 when the file information of the target file is consistent with the file information of the file (¶¶ [0208]-[0211], i.e., the target file is consistent with file information that appears on the “whitelist”), and the target file is successfully authenticated (¶¶ [0208]-[0211], i.e., the target file is successfully authenticated because it appears on the , determining that the authentication on the file succeeds (¶¶ [0208]-[0211], i.e., a target file on the “whitelist” is determin[ed] to have succeed[ed]); and 
3 when the file information of the target file is consistent with the file information of the file (¶¶ [0208]-[0211], i.e., the target file is consistent with file information that appears on the “blacklist”), and the target file is not successfully authenticated (¶¶ [0208]-[0211], i.e., the target file is successfully authenticated because it appears on the “blacklist”), determining that the authentication on the file fails (¶¶ [0208]-[0211], i.e., a target file on the “blacklist” is determin[ed] to have fail[ed]).
Regarding the combination of Chen and Wyatt, the rationale to combine is the same as provided for claim 10 due to the overlapping subject matter between claims 10 and 12. 
Regarding Claim 13
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 12, and Chen further discloses
wherein the file information includes a file name (Col. 8:42-60), and 
the method further includes receiving a query request from a device (Figs. 1 & 2, Cols. 5:65-6:21, 8:23-31, “file-comparing module 106 [that can be implement in “device 202”] may request [involving a query] from server 206 signatures of one or more known application package files”), 
the query request including at least a file name of a to-be-queried file (Col. 8:23-31, i.e., the request involving “application package files” requires a file name to identify the “application package files”); 
obtaining, according to the file name of the to-be-queried file, a file name of at least one matching file and a corresponding authentication result from the feature database (Figs. 3-5, Col. 10:33-11:22, i.e., the authentication result using the public key indicates the to-be-queried file fails the authentication test due to the use of a different public key, where the known public key is “extracted from the known application package file,” with the feature database serving to store the relevant components of the known application package file to enable the authentication); and 
sending a query result to the device, the query result including at least the file name of the at least one matching file and the corresponding authentication result, and the query result being displayed on an interface of the device (Col. 11:28-37, “security module 114 may perform the security action on the application by classifying the application as potentially malicious, by preventing an installation of the application, by notifying a user [by sending a query result to the device and a result being displayed on an interface] who is attempting to install the application”).
Regarding Claim 22
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 1, and Mao further discloses 
wherein the generating the feature character string of the file to be authenticated (¶ [0047]) comprises: 
combining the first feature character string and the second feature character string into a single feature character string to generate the feature character string (¶¶ [0046]-[0047], “Generally, the fingerprint may include any information tending to identify the application, including any of the aforementioned examples, alone or in combination,” first and second feature character strings) associated with a means to identify applications can be used to create single hash (a single feature character string)).
Regarding the combination of Chen-Wyatt-Hinchliffe and Mao, the rationale to combine is same as provided for claim 1 due to the overlapping subject matter between claims 1 and 22.
Regarding Claim 23
Chen-Wyatt-Hinchliffe-Mao discloses the method according to claim 1, and Chen further discloses
wherein the generating the feature character string of the file to be authenticated (¶ [0047]) comprises: 
directly joining the first feature character string and the second feature character string successively to generate the feature character string (¶¶ [0046]-[0047]).
Regarding the combination of Chen-Wyatt-Hinchliffe and Mao, the rationale to combine is same as provided for claim 1 due to the overlapping subject matter between claims 1 and 23.
Regarding Independent Claim 14 and Dependent Claim 15
With respect to claims 14 and 15, a corresponding reasoning as given earlier for mutatis mutandis, to the subject matter of claims 14 and 15. Therefore, claims 14 and 15 are rejected, for similar reasons, under the grounds set forth for claims 1 and 3.
Regarding Dependent Claim 20
With respect to claim 20, a corresponding reasoning as given earlier for claim 10 applies, mutatis mutandis, to the subject matter of claim 20. Therefore, claim 20 is rejected, for similar reasons, under the grounds set forth for claim 10.
Regarding Independent Claim 21
With respect to claim 21, a corresponding reasoning as given earlier for claim 1 applies, mutatis mutandis, to the subject matter of claim 21. Therefore, claim 21 is rejected, for similar reasons, under the grounds set forth for claim 1.
B.	Claims 4-6 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Chen in view of Wyatt, Hinchliffe, and Mao, and further in view of Wang et al. (US 2016/0234625, “Wang”) and Zhang et al. ( US 9,916,448, “Zhang”).
Regarding Claim 4
Chen-Valceanu-Park-Frei discloses the method according to claim 1, and Park further discloses 
wherein the digest file (¶¶ [0043], [0047]) stores file names, file types (¶ [0043], “may store metadata such as an android application package file having apk as an extension, information of the file [as a file type], a name of the file,”), and…1; and 
2 …; 
Chen-Wyatt-Hinchliffe-Mao doesn’t disclose
1 digest information of resource files in the file;
2 the generating the second feature character string of the file includes generating, according to the file names, file types, and digest information of the resource files, the feature text, in accordance with a specified rule.
Wang, however, discloses
1 digest information of resource files in the file (¶ [0244], “perform hashing [to create digest information] on all files [, which includes resource files,] in the file package,” with the “file package” being the “file” as initially disclosed by Park ¶ [0047]);
2 the generating the second feature character string of the file includes generating, according to the file names, file types, and digest information of the resource files, the feature text,…a (¶ [0244], “then performing hashing on the MANIFEST.MF file and all hash values in the file, and record obtained hash values by using a CERT.SF,” where performing the hash on the .MF file cumulatively generates a feature character string based upon all of the factors present in the .MF file, and the CERT.SF file can similarly serve as the “metadata file” initially disclosed by Park, .
Zhang, however, discloses
a …in accordance with a specified rule (Col. 7:23-37, i.e., the use of the “Locality Sensitive Hash” to determine the similarity between “string tokens,” where the string tokens comprise text features having a “length greater than equal to 256,” where requiring the sensitive hash comprises a specified rule).
Regarding the combination of Chen-Wyatt-Hinchliffe-Mao and Wang, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the file authentication method of Chen-Wyatt-
Regarding the combination of Chen-Wyatt-Hinchliffe-Mao-Wang and Zhang, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify file authentication method of Chen-Lee-Liu to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar methods in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base method, namely the file authentication method of Chen-Lee-Liu that relied upon hashing, upon which the claimed invention can be seen as an “improvement” through the use of the sensitive hash (simhash) of Zhang;
2) the prior art contained a “comparable” method, namely the use of the simhash of Zhang, that has been improved in the same way as the claimed invention through the use of the simhash of Zhang; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the use of the simhash within the file-authentication method of Chen-Lee-Liu, and the results would have been predictable to one of ordinary skill in the art.

Regarding Claim 5
Chen in view of Wyatt, Hinchliffe, and Mao, and further in view of Wang and Zhang (Chen-Wyatt-Hinchliffe-Mao-Wang-Zhang) disclose the method according to claim 4, and Wang further discloses 
wherein the generating the second feature character string of the file (¶ [0244]) comprises:…1.
Zhang further discloses
1 …generating the second feature character string of the file according to the feature text and a sensitive hashing (simhash) algorithm (Col. 7:23-37, i.e., the use of the ”Locality Sensitive Hash” to determine the similarity between “string tokens,” where the string tokens comprise text features having a “length greater than equal to 256”).
	Regarding the combination of Chen-Wyatt-Hinchliffe-Mao and Wang and Zhang, the rationale to combine is the same as provided for claim 4 due to the overlapping subject matter between claims 4 and 5.
Regarding Claim 6
Chen-Wyatt-Hinchliffe-Mao-Wang-Zhang disclose the method according to claim 4, and Wang further discloses 
wherein the generating, according to the file names, file types, and digest information of the resource files (¶ [0244]), the feature text comprises: 
obtaining specified digest information from the resource files according to the file types of the resource files, the specified digest information being of a resource file of a specified type (¶ [0244], i.e., “perform hashing on all files,” thus specified digest information that is of a resource file of a specified type is guaranteed to occur); and 
generating the feature text according to the specified digest information (¶ [0244], “then performing hashing on the MANIFEST.MF file and all hash values in the file,” i.e., because the .MF file contains the specified digest information (as a hash), then the feature text is consequently generate[d] according to and upon the hashing of the .MF file). 
Regarding the combination of Chen-Wyatt-Hinchliffe-Mao and Wang, the rationale to combine is the same as provided for claim 4 due to the overlapping subject matter between claims 4 and 6. 
Regarding Claims 16 and 17
With respect to claims 16 and 17, a corresponding reasoning as given earlier for claims 4 and 6 applies, mutatis mutandis, to the subject matter of claims 16 and 17. Therefore, claims 16 and 17 are rejected, for similar reasons, under the grounds set forth for claims 4 and 6.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491