Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The IDS of 5/14/2020 and 10/20/2020 were received and considered.
Claims 21-40 are pending.

Claim Objections
Claim 27 is objected to because of the following informalities:  
In claim 27, “classify” should be replaced with “classifying”.
Appropriate correction is required.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 21-23, 26-30, 33-37 and 40 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 7,069,452 B1 to Hind et al. (Hind).
Regarding claim 21, Hind discloses at least one non-transitory machine readable medium comprising one or more instructions that when executed by a processor, cause the processor to (col. 5, line 66 – col. 6, line 8): analyze data related to a digital certificate associated with a file to determine whether the data is proper or improper (firmware update comprises signature, col. 17, lines 12-18, lines 40-41); classify the digital certificate as proper based on a determination that the data related to the digital certificate is proper or as improper based on a determination that the data related to the digital certificate is improper (validate signatures in chain of certificates, col. 17, lines 64-66); determine, based on the digital certificate being classified as proper (chain of certificates is validated), whether the digital certificate is trusted or untrusted (determine whether the final signature is valid, col. 18, lines 2-6, lines 9-12, lines 15-18, lines 21-23, lines 30-31, which determines whether the update flags set, col. 18, lines 24-36); and classify, based on a determination that the digital certificate is trusted, the file as trusted (perform update process, col. 18, lines 30-36).
Regarding claim 28, the claim is similar in scope to claim 21 and is therefore rejected using a similar rationale.
Regarding claim 35, the claim is similar in scope to claim 21 and is therefore rejected using a similar rationale.
Regarding claims 22, 29 and 36, Hind discloses wherein the analysis of the data includes determining if code signing for the digital certificate matches binary code for the digital certificate (each certificate is validated, including matching binary code for the certificate to that which has been signed – col. 16, lines 31-37). 
Regarding claim 23, 30 and 37, Hind discloses wherein the code signing is Authenticode (comparing hashes, col. 16, lines 31-37).

Regarding claims 27 and 34, Hind discloses classify the file as untrusted based on a determination that the digital certificate is untrusted (determine update is not trusted if final signature does not validate, col. 18, lines 2-6, lines 9-12, lines 15-18, lines 21-23, lines 30-31, which determines whether the update flags set, col. 18, lines 24-36).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 24, 31 and 38 are rejected under 35 U.S.C. 103 as being unpatentable over Hind, as applied to claims 21, 28 and 35 above, in view of US 2006/0184798 A1 to Yaldwyn et al. (Yaldwyn).
Regarding claims 24, 31 and 38, Hind lacks “wherein the analysis of the data includes determining if the digital certificate has been grafted to the data by modifying a portable executable file.  However, Yaldwyn, from the same or similar field of endeavor, teaches “wherein the analysis of the data related to the digital certificate includes determining if the digital certificate has been grafted to the 1

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. 

Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims of U.S. Patent No. 10,642,976. Although the claims at issue are not identical, they are not patentably distinct from each other because the instant claims are anticipated by the patent, per the table below.
16/834,161
10,642,976
21
1
22
1
23
2
24
1
25
1
26
1 – The patent lacks classifying the file as untrusted based on the digital certificate being classified as improper.  However, a skilled artisan would have found such a modification obvious as, at least in the claims, the reputation/trust is based on the certificate being classified as proper.  Further, it is noted that the prior art teaches that it was well-known to disregard a certificate deemed improperly formed.  
27
3
28
4
29
4
30
5
31
4
32
4
33
4 - The patent lacks classifying the file as untrusted based on the digital certificate being classified as improper.  However, a skilled artisan would have found such a modification obvious as, at least in the claims, the reputation/trust is based on the certificate being classified as proper.  Further, it is noted that the prior art teaches that it was well-known to disregard a certificate deemed improperly formed.  
34
6
35
7
36
7
37
8
38
7
39
7
40
7 - The patent lacks classifying the file as untrusted based on the digital certificate being classified as improper.  However, a skilled artisan would have found such a modification obvious as, at least in the claims, the reputation/trust is based on the certificate being classified as proper.  Further, it is noted that the prior art teaches that it was well-known to disregard a certificate deemed improperly formed.  


Potential Allowable Subject Matter
Claims 25, 32 and 39 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and any double patenting rejections are overcome.
Regarding claims 25, 32 and 39, the prior art fails to teach determining the digital certificate is the same as another trusted digital certificate associated with different data, in combination with the limitations of the independent claims.  For example:
US 8,650,649 B1 to Chen et al. (Chen) teaches determining that the certificate is signed by the same signer as another file’s certificate and treating the instant certificate accordingly.  
“‘WANT MY AUTOGRAPH?’: THE USE AND ABUSE OF DIGITAL SIGNATURES BY MALWARE” by Mike Wood teaches that it was known that it was known to copy a signature from a valid file to malware, such that the certificate of an instant file (malware) would match the certificate of a file with different data (p. 2).  However, Wood teaches that the signature verification would reveal this attempt.
“Playing With Authenticode and MD5 Collisions” by Didier Stevens teaches a similar method to Wood of applying a certificate from a valid file to an alternative file.  
However, the prior art does not teach explicitly determining, as part of the claimed process as a whole, that the digital certificate is the same as another trusted digital certificate associated with different data.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841. The examiner can normally be reached Monday - Friday, 7:00-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
November 15, 2021


    
        
            
        
            
        
            
        
            
        
            
        
            
    

    
        1 Note also the cited reference to Pouliot, teaching the Authenticode trade name.