DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
 
 2.	Applicant’s response filed on May 7, 2021 have been received.  In the response, The replacement sheet for Fig. 5 has been received.  Claims 12-20 have been canceled.  Claim 1 has been amended.  Claims 1-11 are pending. 

Claim Rejections - 35 USC § 103

3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	Claims 1-3, 5-9, and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Li et al. (U.S. 9,959,407 B1), hereinafter “Li”, in view of  Ackerman et al. (U.S. 2006/0259587 A1), hereinafter “Ackerman”.
Referring to claim 1:
	i.	Li teaches:
                      A method of validating an inventory of files in a file system of a customer premises equipment (CPE), comprising (see Li, fig. 4):
           comparing each file for the file system of a test CPE being tested to entries in a validated file system database, the entries being obtained by operating under a series of different operating conditions one or more validated CPEs of a type to which the test CPE belongs, the entries collectively defining an inventory of files in the file system of the one or more validated CPEs after operating the one or more validated CPEs under the series of different operating conditions, the validated one or more CPEs each having an uncorrupted file system that has not been tampered with in database’, 122 ‘set of benign singleton files [i.e., a validated file system database ]’, 124 ‘set of malicious singleton files’; col. 8, lines 59-62 ‘sets of benign…singleton files 122 …from…a plurality of computing devices using a security software [i.e., one or more validated CPEs ]’; col. 9, line 53 ‘Detection module 110 may further detect unclassified singleton file 212 by comparing files to determine that unclassified singleton file 212 is unlike any other file within a known set of files and that unclassified singleton file 212 is not in sets of benign and malicious singleton files 122 and 124.’); 
          for each file in the file system of the test CPE that is also present in the validated file system database, comparing each attribute of the file to a corresponding attribute of a file in the validated file system database if the corresponding attribute of the file in the validated file system database has not changed in value after operating the one or more validated CPEs under the series of different operating conditions (see Li, col. 2, line 17 ‘the file identification information that identifies the 
singleton file may include a filename, an inverse of the filename, a file path, a size of the file, a file header, and/or a file entropy [i.e., various attributes of a file, where ‘file header’ includes timestamps for file creation/modification].’; col. 8, line 19 ‘features and attributes of malware files’; col. 9, line 54 ‘comparing files to determine that unclassified singleton file 212 is unlike any other file [i.e., attributes, such as file name, file path, file size, timestamps for file creation/modification, do not match ] within a known set of files’; col. 10, line 6 ‘Analysis module 112 may then extract feature [i.e., attribute ] 402 from information 214 and classify unclassified singleton file 212 based on feature 402.’);
          identifying any attribute of the file in the test CPE being compared as suspicious if a value of the attribute of the file in the test CPE does not match a value of the corresponding attribute of the file in the validated file system database (see Li, col. 9, lines 53-58 ‘Detection module 110 may further detect [i.e., identifying ] unclassified singleton file 212 by comparing files to determine that unclassified singleton file 212 is unlike any other file within a known set of files and that unclassified singleton file 212 is not in sets of benign and malicious singleton files 122 and 124 [i.e., where sets of benign singleton files 122 corresponding to ‘validated file system database’ ] ’); and
alert that the unclassified singleton file is suspicious’).
	However, Li does not explicitly disclose identifying any file in the file system of the test CPE that is not also present in the validated file system database as a suspicious file. 
	ii.	Ackerman discloses identifying any file in the file system of the test CPE that is not also present in the validated file system database as a suspicious file (see Ackerman, [0085] ‘a file integrity validation’; [0086] ‘The ability to detect new, moved, copied, changed, or deleted files using the present embodiment can be used in a variety of ways for computer security.’).
	iii.	It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Ackerman into the system of Li to detect a new file.  Li teaches "systems and methods for identifying potentially malicious singleton files by classifying files as malicious or benign.” (see Li, col. 1, line 51).  Therefore, Ackerman’s teaching could enhance the system of Li,  because Ackerman discloses  “The ability to detect new, moved, copied, changed, or deleted files using the present embodiment can be used in a variety of ways for computer security.” (see Ackerman, [0086]), and for “a file integrity validation” (see Ackerman, [0085]).
Referring to claim 2:
		Li and Ackerman further disclose:
          wherein the test CPE is selected from the group consisting of a router, modem, home gateway, set top box, media center and a consumer appliance (see Li, col. 12, line 55 ‘modem’).
Referring to claim 3:
		Li and Ackerman further disclose:
          wherein the different operating conditions include operating the one or more validated CPEs in association with networks of different service providers (see Li, col. 16, line 1 ‘These cloud-based services (e.g., software as a service, platform as a service, infrastructure as a service, etc.) may be accessible through a web browser or other remote interface.’).
Referring to claim 5:
		Li and Ackerman further disclose:
          wherein the different feature settings include different service provider configured settings (see Li, col. 11, line 57 ‘configuration’).
Referring to claim 6:
		Li and Ackerman further disclose:
          wherein the different feature settings include different end user configurable settings (see Li, col. 11, line 57 ‘configuration’).
Referring to claim 7:
		Li and Ackerman further disclose:
           wherein additional ones of the entries are obtained at two or more different times while operating the one or more validated CPEs under each of the different operating conditions (see Ackerman, [0083] ‘These data size files would be date stamped 
and compared for changes or trends over time.’).
 	           It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Ackerman into the system of Li to obtain entries at two more different times.  Li teaches "systems and methods for identifying potentially malicious singleton files by classifying files as malicious or benign.” (see Li, col. 1, line 51).  Therefore, Ackerman’s teaching could enhance the system of Li,  because Ackerman discloses  “The ability to detect new, moved, copied, changed, or deleted files using the present embodiment can be used in a variety of ways for computer security.” (see Ackerman, [0086]), and for “a file integrity validation” (see Ackerman, [0085]). 
Referring to claims 8, 9:
		Li and Ackerman further disclose:
           performing the comparing and the identifying using a script, such as a shell script (see Li, col. 17, line 49 ‘script’).
Referring to claim 11:
		Li and Ackerman further disclose:
           identifying any file that is present in the validated file system database after operating the one or more validated CPEs under each of the series of different operating detect new, moved, copied, changed, or deleted files using the present embodiment can be used in a variety of ways for computer security.’).
                      It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Ackerman into the system of Li to detect a deleted file.  Li teaches "systems and methods for identifying potentially malicious singleton files by classifying files as malicious or benign.” (see Li, col. 1, line 51).  Therefore, Ackerman’s teaching could enhance the system of Li,  because Ackerman discloses  “The ability to detect new, moved, copied, changed, or deleted files using the present embodiment can be used in a variety of ways for computer security.” (see Ackerman, [0086]), and for “a file integrity validation” (see Ackerman, [0085]). 

5.	Claims 4, and 10  are rejected under 35 U.S.C. 103 as being unpatentable over Li et al. (U.S. 9,959,407 B1), in view of  Ackerman et al. (U.S. 2006/0259587 A1), further in view of Crofton et al. (U.S. 2017/0180394 A1), hereinafter “Crofton”. 
Referring to claim 4:
	 	Li and Ackerman do not explicitly disclose the different feature settings.
          Crofton disclose the feature settings (see Crofton, [0033] ‘settings or preferences’).
 	          It would have been obvious to one of the ordinary skilled in the art, before the effective filing date of the claimed invention, to apply the teaching of Crofton into the system of Li to implement feature settings. Li teaches "systems and methods for identifying potentially malicious singleton files by classifying files as malicious or benign.” (see Li, col. 1, line 51).  Therefore, Crofton’s teaching could enhance the system of Li,  because Crofton teaches “detection and mitigation of malicious activity regarding user data by a network backup system.” (see Crofton, [0001]). 
Referring to claim 10:
		Li,  Ackerman, and Crofton further disclose:
          downloading the shell script to the test CPE over a service provider network with which the test CPE is associated (see Crofton, [0081] ‘downloaded’).
.
 
Response to Arguments
6.	Applicant's arguments filed on May 7, 2021 have been fully considered but they are not persuasive.
(a)	Applicant submits:
“Based on a review of Li, the Applicant asserts that the reference fails to disclose or suggest “comparing each attribute of the file to a corresponding attribute of a file in the validated file system database if the corresponding attribute of the file in the validated file system database has not changed in value after operating the one or more validated CPEs under the series of different operating conditions” (emphasis added); and “identifying any attribute of the file in the test CPE being compared as suspicious if a value of the attribute of the file in the test CPE does not match a value of the corresponding attribute of the file in the validated file system database,” as recited in independent claim 1.”
Examiner maintains:
Li discloses at col. 2, line 17 ‘the file identification information that identifies the 
singleton file may include a filename, an inverse of the filename, a file path, a size of the file, a file header, and/or a file entropy [i.e., various attributes of a file, where ‘file header’ includes timestamps for file creation/modification].’; col. 8, line 19 ‘features and attributes of malware files’; col. 9, line 54 ‘comparing files to determine that unclassified singleton file 212 is unlike any other file [i.e., attributes, such as file name, file path, file size, timestamps for file creation/modification, do not match ] within a known set of files’; col. 10, line 6 ‘Analysis module 112 may then extract feature [i.e., attribute ] 402 from information 214 and classify unclassified singleton file 212 based on feature 402.’.
. 

Conclusion

7.	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
(a)	 Levy, Kenneth L. et al.( US 20030012548 A1) disclose Watermark systems for media;
(b)	Zhao; Guangyu et al.( US 7080407 B1) disclose Virus detection and removal system and method for network-based systems;
(c)	MORARD; Jean-Gabriel et al.( US 20180349623 A1) disclose techniques for enabling a software application to perform an operation on a file stored on a file system while enforcing privacy measures;
(d)	Whitehead; Jeffrey et al. (US 20140181027 A1) disclose systems and methods for state consistent replication;
(e)	DITTY; Michael Alan et al. (US 20190258251 A1) disclose systems and methods for safe and reliable autonomous vehicles;
(f)	Montulli; Louis et al. (US 20140180915 A1) disclose systems and methods for real-time billing and metrics reporting;
(g)	Whitehead; Jeffrey et al.( US 20140181579 A1) disclose systems and methods for on-line backup and disaster recovery.

 8.      THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
           A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date .  
           Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peiliang Pan whose telephone number is (571) 272-5987.  The examiner can normally be reached on Monday-Friday 8:00 am - 5:00 pm EST.
            If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
            Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/PEILIANG PAN/
Examiner, Art Unit 2492
 


 
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492