Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.       This action is responsive to the communication filed on 10/20/2021.

Claim Status
2.	Claims 1-2, 4, 8, 10, 15, and 17 have currently amended. 

Response to Arguments
3.	The applicant’s arguments have been taken into consideration, but are moot in view of new grounds of rejection.
	In response to the applicant’s argument (disclosed on pg. 1-2 of the remarks segment) that the previously cited prior art fails to teach wherein the one or more status indicators include one or more scanned indicators indicating a scanning status of the one or more files:  	
	In light of the amended claim language, newly cited prior art reference Chuo et al (US 9,292,689) has been cited, which teaches (as disclosed in col. 3, lines 26-40 of Chuo et al) deeming files to be ‘clean’ (e.g., “status indicator”) if hash values corresponding to hashed portions of a scanned file not matching pre-stored malicious code hash values (e.g., “status indicator”) or labeling the files to be infected (e.g., scanned indicators indicating a scanning status of the one or more files) if the hash portions of the file match said malicious hash values.
Claim Rejections – 35 USC 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent may not be obtained through the invention is not identically disclosed or described as set forth in of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

5.	Claims 1-4, 8-10, 14-15, 17-18 and 20 are rejected under 35 USC 103 as being unpatentable over Reynolds (US 2013/0298117) in view of Shavro (US 2018/0060224), further in view of Chuo et al (US 9,292,689).
With respect to claim 1, Reynolds discloses a method, comprising:
receiving, by a device, data identifying one or more applications (par [0006], lines 30-35, “ID for the software update”),
wherein each of the one or more applications includes one or more files (par [0006], lines 1-10, “update sub-file”), generating, by the device, a file hash for each of the one or more files to create one or more file hashes (par [0006], lines 1-10, which discloses a descriptor file including a hash code for each of the sub-files);
storing, by the device and in a data structure (fig. 2, which discloses storing the plurality of sub-files, descriptor files, etc.), data identifying: 
the one or more applications (fig. 2, ‘238), the one or more files (fig. 2, ‘208), and the one or more file hashes (par [0006], lines 1-10, “descriptor file includes a hash code”), and
par [0063], lines 5-15, which discloses generation of a hash for each software update sub-file), wherein the new application is not one of the one or more applications (par [0063], lines 10-20, which discloses software updates to the plurality of clients); determining, by the device, that the hash associated with the file included in the new application matches one of the one or more file hashes (par [0007], lines 30-40, which discloses determining if software update sub-file hash codes match pre-stored sub-file hash codes).
Shavro further teaches one or more status indicators associated with the each of the one or more file hashes (par [0006], lines 6-15, which discloses code segment signatures including hash values identifying origin data of the segment); and
refraining, by the device, from performing a scan of the file included in the new application based on determining that the hash associated with the file matches one of the one or more file hashes (par [0030], which discloses preventing compiled code analysis if a code segment matches public code hash value, but doesn’t match a namespace), and based on a status indicator associated with the one of the one or more file hashes (par [0029], lines 5-11, which discloses determining if an entry exists for a hash value in each code segment signature).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds in order to improve upon efficiency of file analysis and testing by applying a plurality of different tests for different file segments identified automatically to match public code (as disclosed in par [0012], lines 6-10 of Shavro) because this feature would cause the hash codes appended to each sub-file (disclosed in par [0006] of Reynolds) to 
Chuo et al further teaches wherein the one or more status indicators include one or more scanned indicators indicating a scanning status of the one or more files (col. 3, lines 26-40, which discloses deeming files to be ‘clean’ if hash values corresponding to hashed portions of the file not matching pre-stored malicious code hash values or labeling the files to be infected if the hash portions of the file match said malicious hash values).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the malicious code detecting system of Chuo et al within the concepts illustrated by Reynolds and Shavro in order to improve upon prevention of malicious content being undetected within an analyzed software application by not only storing previously detected malicious code hashes in order to determine malicious code in a currently analyzed file, but by also storing and continuously updating file patterns as the number of malicious code increases in order to enable the embodiments of Reynolds and Shavro to have the improvement of having the capability to detect malicious code in file data at a faster rate as newly detected and updated malicious code at the instance in which each new malicious pattern is stored.
Regarding claim 2, Shavro further teaches wherein refraining from performing the scan of the file included in the new application is based on a status indicator indicating that the file is approved for use (par [0030], “match an indexed code segment”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the 

Regarding claim 3, Shavro further teaches wherein refraining from performing the scan of the file included in the new application is based on a status indicator indicating that the file is not approved for use (par [0030], “does not match a namespace”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds according to the motivation previously addressed regarding claim 1.

Regarding claim 4, Shavro further teaches storing, as part of the status indicators, one or more of:
one or more scanned indicators indicating a scanning status of the one or more files (par [0006], lines 1-10, “analyzed to determine a signature for the code”).
Chuo et al further teaches one or more approval indicators indicating an approval status of the one or more files (fig. 3 & col. 3, lines 26-40, which discloses determining files to be clean/free of malicious code upon scanning file portions and determining that neither portion’s hash value matches a pre-stored hash value of malicious code).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Chuo et al within the concepts illustrated by Reynolds and Shavro according to the motivation disclosed regarding claim 1.

With respect to claim 5, Shavro further teaches a determining, by the device, that the hash associated with the file included in the new application does not match any of the one or more file hashes (par [0030]);
performing the scan of the file included in the new application based on determining that the hash associated with the file does not match any of the one or more file hashes (par [0031], lines 1-5, “code analysis”); and
inserting into the data structure the hash associated with the file and at least one status indicator based on a result of the scan of the file associated with the new application (par [0038], lines 1-5, “signature for each code section is generated”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds according to the motivation previously addressed regarding claim 1.
With respect to claim 8, Reynolds discloses a device (fig. 2, ‘214), comprising: 
one or more memories (fig. 2, ‘222); and 
one or more processors, communicatively coupled to the one or more memories (fig. 2, ‘224), configured to:
receive data identifying one or more applications (par [0006], lines 30-35, “ID for the software update”),
par [0006], lines 1-10, “update sub-file”), generating, by the device, a file hash for each of the one or more files to create one or more file hashes (par [0006], lines 1-10, which discloses a descriptor file including a hash code for each of the sub-files);
store, in a data structure (fig. 2, which discloses storing the plurality of sub-files, descriptor files, etc.), data identifying: 
the one or more applications (fig. 2, ‘238), the one or more files (fig. 2, ‘208), and the one or more file hashes (par [0006], lines 1-10, “descriptor file includes a hash code”), and
generate a hash associated with a file included in a new application (par [0063], lines 5-15, which discloses generation of a hash for each software update sub-file), wherein the new application is not one of the one or more applications (par [0063], lines 10-20, which discloses software updates to the plurality of clients); 
determine that the hash associated with the file included in the new application matches one of the one or more file hashes (par [0007], lines 30-40, which discloses determining if software update sub-file hash codes match pre-stored sub-file hash codes).
Shavro further teaches one or more status indicators associated with the each of the one or more file hashes (par [0006], lines 6-15, which discloses code segment signatures including hash values identifying origin data of the segment); and
refrain from performing a scan of the file included in the new application based on determining that the hash associated with the file matches one of the one or more file hashes (par [0030], which discloses preventing compiled code analysis if a code segment matches public code hash value, but doesn’t match a namespace), and based on a status indicator associated par [0029], lines 5-11, which discloses determining if an entry exists for a hash value in each code segment signature).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds in order to improve upon efficiency of file analysis and testing by applying a plurality of different tests for different file segments identified automatically to match public code (as disclosed in par [0012], lines 6-10 of Shavro) because this feature would cause the hash codes appended to each sub-file (disclosed in par [0006] of Reynolds) to automatically determine if each sub-file segment contains data that matches potentially unwanted conditions without an extensive process used to identify integrity of each segment.
Chuo et al further teaches wherein the one or more status indicators include one or more scanned indicators indicating a scanning status of the one or more files (col. 3, lines 26-40, which discloses deeming files to be ‘clean’ if hash values corresponding to hashed portions of the file not matching pre-stored malicious code hash values or labeling the files to be infected if the hash portions of the file match said malicious hash values).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the malicious code detecting system of Chuo et al within the concepts illustrated by Reynolds and Shavro in order to improve upon prevention of malicious content being undetected within an analyzed software application by not only storing previously detected malicious code hashes in order to determine malicious code in a currently analyzed file, but by also storing and continuously updating file patterns as the number of malicious code increases in order to enable the embodiments of Reynolds and Shavro to have the improvement of having the 

Regarding claim 9, Shavro further teaches wherein the processor is configured to refrain from performing the scan of the file included in the new application is based on a status indicator indicating that the file is approved for use (par [0030], “match an indexed code segment”) or the file is not approved for use.
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds according to the motivation previously addressed regarding claim 8.

Regarding claim 10, Chuo et al further teaches wherein the one or more status indicators include:
one or more approval indicators indicating an approval status of the one or more files (fig. 3 & col. 3, lines 26-40, which discloses determining files to be clean/free of malicious code upon scanning file portions and determining that neither portion’s hash value matches a pre-stored hash value of malicious code).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Chuo et al within the concepts illustrated by Reynolds and Shavro according to the motivation disclosed regarding claim 8.
With respect to claim 11, Shavro further teaches a determining, by the device, that the hash associated with the file included in the new application does not match any of the one or more file hashes (par [0030]);
performing the scan of the file included in the new application based on determining that the hash associated with the file does not match any of the one or more file hashes (par [0031], lines 1-5, “code analysis”); and
inserting into the data structure the hash associated with the file and at least one status indicator based on a result of the scan of the file associated with the new application (par [0038], lines 1-5, “signature for each code section is generated”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds according to the motivation previously addressed regarding claim 8.
Regarding claim 14, Shavro further teaches wherein the one or more processors are further configured to:
identify one or more functions provided in each of the one or more files (par [0022], “separate functions or classes”); generate a function hash for each of the one or more functions to create one or more function hashes (par [0025], “applying a hash function to the code segment”); and
store, in the data structure, data identifying: 
the one or more functions (par [0025], “each code segment”), 
the one or more function hashes (par [0025], “SHA-1…MD5”), and 
par [0029], lines 5-11).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds according to the motivation previously addressed regarding claim 8.

With respect to claim 15, Reynolds discloses a non-transitory computer-readable medium storing instructions (fig. 2, ‘214), comprising: 
one or more instructions that, when executed by the one or more processors, cause the one or more processors (fig. 2, ‘224) to:
receive data identifying one or more applications (par [0006], lines 30-35, “ID for the software update”),
wherein each of the one or more applications includes one or more files (par [0006], lines 1-10, “update sub-file”), generating, by the device, a file hash for each of the one or more files to create one or more file hashes (par [0006], lines 1-10, which discloses a descriptor file including a hash code for each of the sub-files);
store, in a data structure (fig. 2, which discloses storing the plurality of sub-files, descriptor files, etc.), data identifying: 
the one or more applications (fig. 2, ‘238), the one or more files (fig. 2, ‘208), and the one or more file hashes (par [0006], lines 1-10, “descriptor file includes a hash code”), and
generate a hash associated with a file included in a new application (par [0063], lines 5-15, which discloses generation of a hash for each software update sub-file), wherein the new par [0063], lines 10-20, which discloses software updates to the plurality of clients); 
determine that the hash associated with the file included in the new application matches one of the one or more file hashes (par [0007], lines 30-40, which discloses determining if software update sub-file hash codes match pre-stored sub-file hash codes).
Shavro further teaches one or more status indicators associated with the each of the one or more file hashes (par [0006], lines 6-15, which discloses code segment signatures including hash values identifying origin data of the segment); and
refrain from performing a scan of the file included in the new application based on determining that the hash associated with the file matches one of the one or more file hashes (par [0030], which discloses preventing compiled code analysis if a code segment matches public code hash value, but doesn’t match a namespace), and based on a status indicator associated with the one of the one or more file hashes (par [0029], lines 5-11, which discloses determining if an entry exists for a hash value in each code segment signature).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds in order to improve upon efficiency of file analysis and testing by applying a plurality of different tests for different file segments identified automatically to match public code (as disclosed in par [0012], lines 6-10 of Shavro) because this feature would cause the hash codes appended to each sub-file (disclosed in par [0006] of Reynolds) to automatically determine if each sub-file segment contains data that matches potentially unwanted conditions without an extensive process used to identify integrity of each segment.
Chuo et al further teaches wherein the one or more status indicators include one or more scanned indicators indicating a scanning status of the one or more files (col. 3, lines 26-40, which discloses deeming files to be ‘clean’ if hash values corresponding to hashed portions of the file not matching pre-stored malicious code hash values or labeling the files to be infected if the hash portions of the file match said malicious hash values).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the malicious code detecting system of Chuo et al within the concepts illustrated by Reynolds and Shavro in order to improve upon prevention of malicious content being undetected within an analyzed software application by not only storing previously detected malicious code hashes in order to determine malicious code in a currently analyzed file, but by also storing and continuously updating file patterns as the number of malicious code increases in order to enable the embodiments of Reynolds and Shavro to have the improvement of having the capability to detect malicious code in file data at a faster rate as newly detected and updated malicious code at the instance in which each new malicious pattern is stored.

Regarding claim 17, Chuo et al further teaches wherein the one or more status indicators include:
one or more approval indicators indicating an approval status of the one or more files (fig. 3 & col. 3, lines 26-40, which discloses determining files to be clean/free of malicious code upon scanning file portions and determining that neither portion’s hash value matches a pre-stored hash value of malicious code).

Regarding claim 18, Shavro further teaches one or more instructions that, when executed by the one or more processors, cause the one or more processors to:
refrain from performing the scan of the file included in the new application is based on a status indicator indicating that the file is approved for use (par [0030], “match an indexed code segment”) or the file is not approved for use.
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds according to the motivation previously addressed regarding claim 15.
With respect to claim 19, Shavro further teaches a determining, by the device, that the hash associated with the file included in the new application does not match any of the one or more file hashes (par [0030]);
performing the scan of the file included in the new application based on determining that the hash associated with the file does not match any of the one or more file hashes (par [0031], lines 1-5, “code analysis”); and
inserting into the data structure the hash associated with the file and at least one status indicator based on a result of the scan of the file associated with the new application (par [0038], lines 1-5, “signature for each code section is generated”).

Regarding claim 20, Shavro further teaches one or more instructions that, when executed by the one or more processors, cause the one or more processors to:
identify one or more functions provided in each of the one or more files (par [0022], “separate functions or classes”); generate a function hash for each of the one or more functions to create one or more function hashes (par [0025], “applying a hash function to the code segment”); and
store, in the data structure, data identifying: 
the one or more functions (par [0025], “each code segment”), 
the one or more function hashes (par [0025], “SHA-1…MD5”), and 
one or more function status indicators (par [0029], lines 5-11).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the file code segment testing environment of Shavro within the concept illustrated by Reynolds according to the motivation previously addressed regarding claim 15.

6.	Claims 6-7, 12-13, and 16 are rejected under 35 USC 103 as being unpatentable over Reynolds (US 2013/0298117) in view of Shavro (US 2018/0060224), in view of Chuo et al (US 9,292,689) further in view of Ellis et al (US 2016/0179828).
Regarding claim 6, Ellis et al further teaches wherein the processor is further configured to: generate, for each file of the one or more files, a line hash associated with a line of code included in each file, to create one or more line hashes associated with each file (par [0023], lines 14-20, which discloses assigning hash code to a source code file new loop function); and 
storing, in the data structure, the one or more line hashes associated with each file of the one or more files (par [0027], lines 8-14, “revision repository”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the software code versioning embodiment of Ellis et al within the concepts illustrated by Shavro, Reynolds, and Chuo et al in order to add the benefit of preventing unwanted changes to software code revision each time a new software version/release is introduced when issuing warnings (as disclosed in par [0009-0010] of Ellis et al) each time new changes appear to re-introduce code that was previously removed in previous software versions.

Regarding claim 7, Belmar et al further teaches removing non-operable lines of code from the one or more files prior to generating the file hash for each of the one or more files (col. par [0009], “deletion of a line of code in the code script”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the software code versioning embodiment of Ellis et al within the concepts illustrated by Shavro, Reynolds, and Chuo et al according to the motivation previously addressed regarding claim 6.

Regarding claim 12, Ellis et al further teaches wherein the processor is further configured to:
generate, for each file of the one or more files, a line hash associated with a line of code included in each file, to create one or more line hashes associated with each file (par [0023], lines 14-20, which discloses assigning hash code to a source code file new loop function); and 
store, in the data structure, the one or more line hashes associated with each file of the one or more files (par [0027], lines 8-14, “revision repository”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the software code versioning embodiment of Ellis et al within the concepts illustrated by Shavro, Reynolds, and Chuo et al in order to add the benefit of preventing unwanted changes to software code revision each time a new software version/release is introduced when issuing warnings (as disclosed in par [0009-0010] of Ellis et al) each time new changes appear to re-introduce code that was previously removed in previous software versions.
Regarding claim 13, Belmar et al further teaches removing non-operable lines of code from the one or more files prior to generating the file hash for each of the one or more files (col. par [0009], “deletion of a line of code in the code script”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the software code versioning embodiment of Ellis et al within the concepts illustrated by Shavro, Reynolds, and Chuo et al according to the motivation previously addressed regarding claim 12.

Regarding claim 16, Belmar et al further teaches wherein the instructions further comprise:
one or more instructions that, when executed by the one or more processors, cause the one or more processors to:
 remove non-operable lines of code from the one or more files prior to generating the file hash for each of the one or more files (col. par [0009], “deletion of a line of code in the code script”).
It would have been obvious to one of ordinary skill in the art, before the effective date of the invention, to combine the software code versioning embodiment of Ellis et al within the concepts illustrated by Shavro, Reynolds, and Chuo et al in order to add the benefit of preventing unwanted changes to software code revision each time a new software version/release is introduced when issuing warnings (as disclosed in par [0009-0010] of Ellis et al) each time new changes appear to re-introduce code that was previously removed in previous software versions.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/RANDY A SCOTT/Primary Examiner, Art Unit 2439                                                                                                                                                                                                        20211107