Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Applicant’s amendment filed on May 7, 2021 amends claims 1, 3, and 6-9.  Claims 1-9 are pending.  Applicant’s amendments have been fully considered and entered.

Response to Arguments
Applicant's arguments filed on May 7, 2021 have been fully considered but they are not persuasive.   
Applicant alleges that “Salmon-Legagneur does not disclose the feature of current claim 1 according to which a process of optimizing the current application code of an application is performed after a current footprint determined for the current application code has been determined to be identical to a reference footprint associated with said application.  Indeed, in Salmon-Legagneur, it is only after the optimization process is performed (i.e., the transformation of the DEX code into ODEX code) that the checksum calculated for the ODEX code ….”  The Examiner disagrees.  Salmon-Legagneur, at [0009], discloses that the DEX file header also contains a global checksum for the contents of the DEX file of an Android system.  Salmon-Legagneur, at [0030], 
Moreover, Applicant’s argument is moot when one considers that the “current application code” recited in the independent claims may be mapped to optimized code instead of non-optimized code.  Applicant mischaracterizes what is recited in claim 1 and disclosed in Salmon-Legagneur when he states that “the integrity of the non-optimized application code is first checked, then the code is optimized in case of a positive check, whereas in Salmon-Legagneur, the code is first optimized, then the integrity of the optimized code is checked (reverse order of the steps).”  Applicant incorrectly equates “current application code” to non-optimized code.  Examiner notes that optimized code (i.e., the ODEX or optimized DEX code, as disclosed in Salmon-
Each of independent claims 1, 8, and 9 recites a current application code.  Examiner notes that either a non-modified (non-optimized) or a modified (optimized) application code may correspond to the recited current application code; and as a consequence, a DEX or an ODEX code (or file), as disclosed in Salmon-Legagneur, may be mapped to the recited current application code.  
Applicant further alleges that “Salmon-Legagneur does not disclose the steps of current claim 1 being performed by a same electronic device.”  Examiner disagrees because Salmon-Legagneur, at [0009] and at [0030], in conjunction with Figure 3, discloses a device 110 running an Android OS, such as a smartphone or a tablet, which generates a checksum and compares the generated checksum to a stored checksum.  Therefore, Salmon-Legagneur teaches that the steps are performed by the device.
Applicant further alleges that “Besides, in Salmon-Legagneur, the determination of the plurality of ODEX checksums is not performed after verifying that a current footprint is identical to a reference footprint.”  Examiner directs Applicant to Salmon-
Examiner disagrees with Applicant’s statements that the “Examiner reads more into the Morais document than actually taught in this document.”  Examiner notes that all features of the independent claims are taught by Salmon-Legagneur except for a secure memory, which is taught by Morais.  As was previously pointed out in the last Office Action, the Examiner mapped a valid checksum to the recited reference footprint for each of these independent claims.  Examiner directs the Applicant to the rejection under 35 USC 103 for additional details.  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the 


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1-4, 6, and 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Salmon-Legagneur et al. (US 2017/0262657) in view of Morais et al. (US 2006/0047933).
Regarding claim 1, Salmon-Legagneur teaches a method for determining a validity of a code of an application (see Salmon-Legagneur at [0022]: the device determines that the integrity of the application is valid by way of using checksums), said method being implemented within an electronic device comprising at least one processor, a non-secure memory [and a secure memory], (see Salmon-Legagneur at 
loading said application in said non-secure memory, delivering a current application code (see Salmon-Legagneur at [0017]:  device comprises memory configured to store the application; a processing unit configured to execute the application; see Salmon-Legagneur at [0009] which discloses that the DEX file header contains a global checksum for the contents of the DEX file; see Salmon-Legagneur at [0010] which discloses that at runtime, the system may verify the integrity of the application using the ODEX checksum; Examiner notes that either a DEX or ODEX may be mapped to the recited current application code.);
determining a footprint of said current application code, delivering a current footprint associated with said application (see Salmon-Legagneur at [0009] which discloses that the DEX file header contains a global checksum for the contents of the DEX file; see [0010] which discloses that at runtime, the system may verify the integrity of the application using the ODEX checksum; see [0022]: During execution of the application a device generates a checksum for the application and determines that the integrity of the application is valid … Examiner maps the generation of the checksum for the application to the recited footprint of the current application code; also see [0046] which states that a checksum may thus for example also be a hash value.  Examiner notes that Applicant’s specification discloses that “this footprint, which corresponds to a 
obtaining, [within said secure memory,] a reference footprint associated with said application (see Salmon-Legagneur, at [0017], which discloses memory for storing a plurality of different valid checksums; see Salmon-Legagneur at [0022]:  determining that the integrity of the application is valid in the case the generated checksum matches one of the plurality of different valid checksums; Examiner maps valid checksum to the recited reference footprint);
comparing said current footprint with said reference footprint; (see Salmon-Legagneur at [0022]:  determining that the integrity of the application is valid in the case the generated checksum matches one of the plurality of different valid checksums; also see Salmon-Legagneur at [0029] which states that a plurality of ODEX or ELF file checksums, each checksum corresponding to a specific, possible ODEX or set of ELF files, are delivered with the DEX and that the integrity of the ODEX or ELF files is then verified by comparing a generated checksum against the plurality of ODEX or ELF file checksums.)
and in response to said current footprint being identical to said reference footprint, validating said current application code, (see Salmon-Legagneur at [0037]:  In case the generated checksum matches one of the plurality of ODEX checksums, the signature is verified using the public key in the certificate 228) comprising: executing an optimization process of the current application code of said application, delivering an optimized application code; determining a footprint of said optimized application code, delivering a post-optimization footprint associated with said application (see Salmon-Legagneur at [0031] which discloses that the processing unit 124 is configured to perform a plurality of optimizations on a DEX to obtain a plurality of ODEX files and to calculate checksums for each of the plurality of ODEX files; see Salmon-Legagneur at [0044] which further discloses that the integrity may be iteratively checked a plurality of times during the execution of the application).
Regarding claim 1, Salmon-Legagneur, teaches said post-optimization footprint and as a new reference footprint associated with said application (see Salmon-Legagneur, at [0009], which discloses that the Android system uses an optimizer which modifies a DEX code into an optimized ODEX code, and that the optimizer also updates the checksum.  Examiner notes that updating the checksum corresponds to recording the post-optimization footprint as a new reference footprint.)
Salmon-Legagneur does not expressly teach a secure memory, and recording [said post-optimization footprint] in said secure memory [as a new reference footprint associated with said application].  But in a related art, Morais et al. teaches a secure memory (and non-secure memory), and recording in said secure memory (see Morais at [0043]: a hash function is applied to the data 700; the calculated hash 728 is stored in the location in secure memory 716; also see Morais at elements 716 and 112 in Fig. 7 both a secure RAM and a RAM where data is stored in unsecured memory while the hashed value of that data is stored in secure memory.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salmon-Legagneur to include an additional memory for use as a secure memory, as taught by Morais.  
One would have been motivated to make such a modification because in the case of protection, verification information that is a function of the data, such as a hash, is preferably stored in a tamper-resistant secure memory, as suggested by Morais at [0021].  
Independent claims 8 and 9 are substantially the same as claim 1 and are therefore rejected under the same rationale as stated for claim 1 above.
As for claim 2, the modified Salmon-Legagneur, teaches the method according to claim 1 further comprising initializing said reference footprint, implemented during an installation of said application of said electronic device (Examiner points to the specification, at page 9, which states that “this reference footprint has been initialized a first time at the installation of the application on the electronic device”.  See Salmon-Legagneur at [0008] and [0009] which discloses that to distribute and install application software onto the previously mentioned Android operating system a file format called APK is used and that the RSA signature for the CERT.SF enables validation of the entire content of the APK file during installation.  Furthermore, the archive file contains the checksum for the contents of the DEX file.  Also, see [0030]:  The device 110 can be any kind of suitable device running an Android OS, such as a smartphone or a tablet.).
As for claim 3, the modified Salmon-Legagneur, teaches the method according to claim 2 wherein the initializing the reference footprint comprises: verifying a signature of at least one installation packet of said application; (see Salmon-Legagneur at [0008]: The RSA signature for the CERT.SF enables validation of the entire content of the APK file during installation)
and when said verification of a signature is positive: obtaining a first reference footprint for said application; (see Salmon-Legagneur at [0008] which describes that the DEX file header contains a global checksum for the contents of the DEX file and that at the first execution of the application, the Android system uses an optimizer which modifies the DEX code into an ODEX and updates the checksum; Examiner maps the checksum, prior to its update, as the first reference footprint.)
and recording said first reference footprint [in said secure memory] (see Salmon-Legagneur at [0008] which states that the ODEX file is stored in a specific repository with in the Android file system for future use and that the ODEX file then becomes the reference for the application software.)
Regarding claim 3, the modified Salmon-Legagneur, does not expressly teach, but in a related art, Morais et al. teaches in said secure memory (see Morais at [0043]: a 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salmon-Legagneur to add a secure memory for storing a checksum to provide tamper-resistance, as taught by Morais.  
One would have been motivated to make such a modification because in the case of protection, verification information that is a function of the data, such as a hash, is preferably stored in a tamper-resistant secure memory, as suggested by Morais at [0021].  
As for claim 4, the modified Salmon-Legagneur, teaches the method according to claim 1 further comprising, when said current footprint is different from said reference footprint, implementing at least one protection measure (see [0038] which states that suitable measures may be taken in the instance that the integrity is not valid).
As for claim 6, the modified Salmon-Legagneur, teaches the method according to claim 1 wherein the current footprint and the reference footprint associated with said application are determined by implementing a hash function (see Salmon-Legagneur at [0046] which discloses that a checksum may thus for example also be a hash value).

Claim 5 is rejected under 35 USC 103 as being unpatentable over Salmon-Legagneur et al. (US 2017/0324760) in view of Morais et al. (US 2006/0047933) and further in view of Waller (US 2016/0227406).
As per claim 5, the combination of Salmon-Legagneur and Morais teaches the method of claim 4 but does not expressly teach wherein said at least one protection measure belongs to the group consisting of:  displaying a warning message on a screen of said electronic device; blocking any data transmission addressed to said application; blocking said application; blocking said electronic device.  
Waller et al., in a related art, teaches wherein said at least one protection measure belongs to the group consisting of:  displaying a warning message on a screen of said electronic device; blocking any data transmission addressed to said application; blocking said application; blocking said electronic device (see Waller at [0085] which discloses that when the metadata hash does not match the reference hash, the authentication of the metadata may fail.  Therefore, the broadcast receiver 100 may display a warning message indicating that the metadata is not authenticated; also see Fig. 7 element 140 illustratively disclosing the display of the broadcast receiver).

One would have been motivated to make such a modification to provide a warning to a user of an authentication failure, as suggested by Waller at [0085]. 

Claim 7 is rejected under 35 USC 103 as being unpatentable over Salmon-Legagneur et al. (US 2017/0324760) in view of Morais et al. (US 2006/0047933) and further in view of Lagar-Cavilla et al. (US 2012/0291126).
As for claim 7, the modified Salmon-Legagneur teaches the method according to claim 1, further comprising, prior to said executing an optimization process, verifying the integrity of the code of the optimization process (see Salmon-Legagneur at [0008] which discloses signature verification using CERT.RSA and that the RSA signature enables validation of the entire content of the APK file during installation.) comprising: determining a footprint of the code of said optimization process, delivering a current footprint associated with said optimization process; obtaining [, in said secure memory,] a reference footprint associated with said optimization process;  (see comparing said current footprint associated with the optimization process with said reference footprint associated with the optimization process; and when the current footprint associated with the optimization process is identical to the reference footprint associated with the optimization process, implementing said executing said optimization process; (see Salmon-Legagneur at [0043] which discloses that integrity of the ODEX or ELF files is determined to have been verified in case of positive verification of the certificate since this is done in the instance where the signature is valid and where the generated ODEX or ELF file checksum matches one of the plurality of stored ODEX or ELF file checksums; Examiner notes that the recited comparing is performed when the generated ODEX file checksum matches one of the plurality of stored ODEX file checksums;  see Salmon-Legagneur at [0044] which discloses that the integrity may be checked a plurality of times during execution of the application.)  when the current footprint associated with the optimization process is different from the reference footprint associated with the optimization process, [suspending the executing] said optimization process. (see Salmon-Legagneur 
The combination of Salmon-Legagneur and Morais does not expressly teach suspending the executing.  In a related art, Lagar-Cavilla teaches suspending the executing (see [0056] which discloses that a scanner hashes and compares the executing code to a whitelist of known software stored in hash database.  Scanner makes a determination of whether or not the page is infected with a rootkit…. In the case of infected code, controller pauses the executing code, and raises an alert.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salmon-Legagneur to include suspending the executing as an example of a suitable measure, as taught by Lagar-Cavilla.
One would have been motivated to make such a modification to conserve processor and battery resources, as suggested by Lagar-Cavilla at [0056].
 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROY RHEE whose telephone number is 313-446-6593.  The examiner can normally be reached on 8:30 am to 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Peter Nolan, can be reached on 571-270-7016.  If supervisor Peter Nolan 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair.
Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/R.R./Examiner, Art Unit 3661


/RUSSELL FREJD/Primary Examiner, Art Unit 3661