DETAILED ACTION
The following claims are pending in this office action: 2-3 and 5-21
The following claims are amended: 2, 15, and 19
The following claims are new: -
The following claims are cancelled: 1 and 4
Claims 2-3 and 5-21 are rejected. This rejection is FINAL.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 09/30/2021 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 09/30/2021 is attached to the instant Office action. 
Previous Objections and Rejections Withdrawn
The 35 U.S.C. § 112 (f) interpretations are withdrawn based on the amendments that check tool and security assurance tool are computer hardware of at least one processor and memory operably coupled to the at least one processor that, when executed on the computing hardware, perform the recited functions.  
The objections are withdraw based on the amendments.
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 09/30/2021 have been fully considered but are they are not persuasive.  The reasons are set forth below.
Applicant’s position is that the prior art cited fails to suggest or render obvious the independent claims 2, 15, and 19.  Particularly, “Dabbiere suffers from precisely the problem identified in the instant application – that of OS-specific certificates”. Applicant explains: 
Plainly, the client device data store of Dabbiere is for storing certificates of files corresponding to the device OS… 

Dabbiere defines a client device – not a database - having a certificate associated with a single operating system.  Moreover, the portion of Dabbiere cited by the Office Action in fact emphasizes the disclosed certificates associated with a single device-specific operating system.  

Furthermore, applicant notes the cited prior art “fails to disclose validating the issuing center certificate with the certificate database”.  Applicant explains:
The Office Action asserts that a previously-assigned “high level of trust” to a certificate is evidence of the required validating.  Accordingly, Solodovnikov does not disclose the particular validating of issuing center certificate with the certificate database of claim 2.  

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
The amended features are within the scope and content of the prior art.  The main contention of the applicant is that the cited prior art does not teach “a certificate database configured to store a plurality of certificates, wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system and a second certificate for a second operating system, wherein the first operating system and the second operating system are different”.   Dabbiere teaches that a client device may store in a data store 122 a plurality of profiles 123.  See para. 0034 and Fig. 1 of Dabbiere.  A profile within the meaning of the reference includes “a file that is recognizable by the operating system, and that defines 
The applicant also contends that the cited prior art does not teach “validating the issuing center certificate with the certificate database”.  Solodovnikov teaches that “a high level of trust may be assigned to valid certificates, whose certification authority is contained on the list of trusted certification authorities”.  See para. 0047 of Solodovikov.   The certificates discussed in the reference is issued by a CA – a certificate authority, and thus are issuing center certificates.  See para. 0061, para. 0008, and Fig. 5 of Solodovikov.  The certificate is validated by the verification module 103 that determines the level of trust; the level of trust refers to a parameter such as the issuer determining the validity of the certificate, associated with a database of trusted certificates 105.  See para. 0027 and Fig. 1 of Solodovnikov.  Thus, Solodovnikov plainly teaches validating (verification module assigning a validity value) the issuing center 
In considering the prior art references as a whole, there is no substantive difference between the claim limitations at issue and the prior art.  Applicant asserts that the client device data store is for storing certificates of files corresponding to the device OS.  However, it is well known that a single device may run multiple operating systems, and so a device OS may be more than one single OS.  See See for example, Gribble et al. (US Pub. 2007/0174915) cited in the applicant’s IDS dated 9/30/2021.  Applicant asserts Dabbiere defines a client device – not a database - having a certificate associated with a single operating system.  However, Dabbiere clearly discloses that the client device contains within it, a datastore/database.   See para. 0063 describing an example of a datastore that includes a database.  Applicant asserts that the passage on para. 0018 of Dabbiere describes certificates associated with a single device-specific operating system.  However, the qualifier “one of a plurality” also follows root certificates and intermediate certificates in the following sentence.  If the applicant’s interpretation follows, then the embodiment would be limited to only one type of root certificate and only one type of intermediate certificate.  As such an interpretation is not consistent with the operation of certificate stores, applicant’s interpretation cannot be the intended bounds of the specifications.  Furthermore, para. 0043 alludes to multiple profiles installed on a particular client device, or different profiles in different circumstances.  Taken in view of para. 0018, it follows that multiple OS profiles (i.e. Android and iOS) with embedded certificates may be installed or one (i.e. Android or iOS) may be installed as necessary.  Applicant lists no further explanation as to why the verification/level of trust assignment performed by the verification module is not a validation of the certificate.  Thus, the plain meaning of the reference, that the validation procedure performed by the verifier that uses a certificate database to determine whether the CA of the certificate is valid, is both unambiguous and closely follows the limitation.  As the embodiments described 
A person of ordinary skill in the in the pertinent art would have been able to use prior art references cited.  If the only facts of record pertaining to the level of skill in the art are found within the prior art of record, the court has held that an invention may be held to have been obvious without a specific finding of a particular level of skill where the prior art itself reflects an appropriate level. Chore-Time Equipment, Inc. v. Cumberland Corp., 713 F.2d 774, 218 USPQ 673 (Fed. Cir. 1983). See also Okajima v. Bourdeau, 261 F.3d 1350, 1355, 59 USPQ2d 1795, 1797 (Fed. Cir. 2001). At the time of filing, it would have been obvious to use the prior art cited to satisfy the amended limitations.  Thus the invention, as claimed, would be within the level of ordinary skill in the art.  
The Applicant has not provided any objective indicia of nonobviousness in the record to be considered, and it is assumed that there are no secondary considerations supporting nonobviousness.
In conclusion, the Applicant’s arguments are not persuasive.  The Graham factors, as analyzed above, support a finding that the amended claims and dependent claims relying on said amended claims are within the metes and bounds possessed by the public.  

Examiner notes that the limitation “a certificate database configured to store a plurality of certificates, wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system and a second certificate for a second operating system, wherein the first operating system and the second operating system are different” is well known in the art.  As an example, this limitation may also be mapped to Lynes et al. (US Patent No. 9232339)
a certificate database configured to store a plurality of certificates, ([Lynes, claim 1, a central memory/database that stores security certificates) wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system ([col. 2, ln. 50-52], conventionally, the application running on the mobile device had to store a security certificate for each operating system vendor [see col. 1, ln. 60-61]; [col. 2, ln. 39-41] a first OS vendor is Apple) and a second certificate for a second operating system, ([col. 2, ln. 39-41] a second OS vendor is Google) wherein the first operating system and the second operating system are different ([col. 2, ln. 39-41] Apple is a different OS vendor from Google)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Lynes to a certificate database configured to store a plurality of certificates, wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system and a second certificate for a second operating system, wherein the first operating system and the second operating system are different.  One of ordinary skill in the art would have been motivated to make this modification because to provide notifications, an application needs data about the mobile device including two pieces of information: what operating system is used by the mobile device and a security certificate for the operating system that verifies the identity of the mobile device.  (Lynes, col. 2, ln. 7-11)

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-3, 5-8, 10-11, and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Dabbiere (US Pub. 2014/0282869) (hereinafter “Dabbiere”) in view of Solodovnikov et al. (US Pub. 2016/0359842) (hereinafter “Solodovnikov”)

As per claim 2, Dabbiere a system for verifying a digital signature of at least one file, the system comprising: a certificate database configured to store a plurality of certificates, ([Dabbiere, Fig. 1, para. 0034; para. 0018] the client device stores in a data store a database of certificates. The database of certificates are a plurality of root certificates and intermediate certificates) wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system, and a second certificate for a second operating system, wherein the first operating system and the second operating system are different; ([Dabbiere, para. 0037] the certificates in the certificate store may be associated with [includes] a one or more [a first and second certificate] unique profiles [corresponding to a first and second operating system, where the first and second operating systems are different – see para. 0018 – for example Windows, Android Mac OS, etc])
a trusted certificate database configured to store trusted certificate data; and ([Dabbiere, Fig. 1, para. 0034; para. 0006] the client device stores in a data store a database of profiles [a trusted certificate database].  The profiles include trusted certificate data [see para. 0030 – embedded certificate that the OS will recognize and install, such as in a “trust store”] that is uniquely associated with the required profile)
a data transfer device including: ([Dabbiere, para. 0071] the client device [a data transfer device] with a client side application coordinates with a distribution service to facilitate transmission of resources [data])
([Dabbiere, para. 0077] the client device includes processors in a computer system coupled to memory)
instructions that, when executed on the computing hardware, cause the computing hardware to implement: ([Dabbiere, para. 0077] instructions may be fetched from the memory and executed by the computing platform )
a check tool configured to: ([Dabbiere, para. 0040] the client side application [the check tool] determines if the required certificate is installed on the client device)
if the DS certificate is valid, determine the DS certificate is trusted by finding the trusted certificate data related to the DS certificate data.  ([Dabbiere, para. 0048] the application may be configured to query the OS to determine whether a certificate is valid by presenting the certificate.  The OS then returns a binary response of whether the certificate is trusted. In order to find that the certificate is trusted, the OS may refer to the trust store, finding that the certificate is related to a profile [the trusted certificate data related to the DS certificate data - see para. 0030])
Dabbiere does not teach obtain the at least one file, the at least one file having a digital signature, and the digital signature including a DS certificate having issuing center data and DS certificate data, determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate with the certificate database, determine the digital signature is valid by checking that the at least one file has a required file integrity and the DS certificate is valid, and categorize the at least one file as trusted when the digital signature is valid and the DS certificate is trusted.
However, Solodovnikov teaches obtain the at least one file, the at least one file having a digital signature, and the digital signature including a DS certificate having issuing center data and DS certificate data, ([Solodovnikov, para. 0035; para. 0027; para. 0050] the verification module receives/obtains an unknown file from the application.  The file contains an end certificate [DS certificate data] which has a digital signature that was used to sign the file [the digital signature].   The end certificate contains the certificate authority which issued the certificate [the issuing center data]) 
determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate with the plurality of certificates in the certificate database, ([Solodovnikov, para. 0045] the checking of the validity of the certificate includes those identified in the ITU-T standard for a public key infrastructure, which includes generating a checksum/hash of the certificate, and then verifying the integrity of the data [certificate] by having the validator regenerate the same hash, validating the integrity of the DS certificate [see ITU-T, Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks, Article E41034, Posted 2016-12-08, Retrieved on 2021-06-23, Retrieved from the Internet: <URL: https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.509-201610-S!!PDF-E > Sec. 6.1, pg. 9-10]; [para. 0046] a high level of trust [a value validating the certificate – see para. 0027] may be assigned to certificates whose certification authority is contained on the list of trusted certification authorities [validating the issuing center with the certificate database])
determine the digital signature is valid by checking that the at least one file has a required file integrity and the DS certificate is valid, ([Solodovnikov, para. 0046] the digital signature is checked by comparing the resulting value of the hash function of the file with the calculated value of the hash function of the file [checking that the at least one file has a required file integrity].  [Para. 0029] a low level of trust [a value invalidating the certificate] indicates that the digital signature of the certificate is invalid, and a high level of trust [a value validating the certificate] indicates that the digital signature of the certificate is valid)
categorize the at least one file as trusted when the digital signature is valid and the DS certificate is trusted.  ([Solodovnikov, para. 0008] not performing antivirus checking of a file [categorizing the at least one file as trusted] a digital certificate with a high level of trust.  [Para. 0029] A high level of trust may be assigned to files whose certificate is on a list of trusted certification authorities [is trusted].  [Fig. 2; Para. 0037-0038] to assign a certificate a high level of trust, the verification module checks the validities of selected modules, checking that the digital signature of the certificate is correct)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Solodovnikov to include obtain the at least one file, the at least one file having a digital signature, and the digital signature including a DS certificate having issuing center data and DS certificate data, determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate with the certificate database, determine the digital signature is valid by checking that the at least one file has a required file integrity and the DS certificate is valid, and categorize the at least one file as trusted when the digital signature is valid and the DS certificate is trusted.  One of ordinary skill in the art would have been motivated to make this modification because it allows for reduction of the load on a computer’s disk system that is checking malware files by eliminating the need to check highly trusted files associated with highly trusted certificates.  (Solodvnikov, para. 0003, para. 0029)

As per claim 3, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere also teaches wherein the data transfer device further includes instructions that, when executed on the computing platform, cause the computing platform to implement a security assurance tool configured to restrict access to a user computing device to the at least one file when the at least one file is categorized as non-trusted by the check tool. ([Dabbiere, para. 0017] the client device [the computing platform] includes local rules that allows enforcement of the remedial action [instructions] such as in the case of functionality built into an OS or certain enterprise applications [a security assurance tool].  [Para. 0052] If the certificate validation check fails [when the at least one file is categorized as non-trusted] measures may be taken such as disabling resources [restricting access to a user computing device to the at least one file])
	Dabbiere does not teach wherein the check tool is further configured to categorize the at least one file as non-trusted when the digital signature is invalid or the DS certificate is invalid or non-trusted.  
	However, Solodovnikov teaches wherein the check tool is further configured to categorize the at least one file as non-trusted when the digital signature is invalid or the DS certificate is invalid or non-trusted.   ([Solodovnikov, para. 0029] performing one or more of heuristic analysis, emulation, manual checking and blocking of execution of the file [categorizing the at least one file as untrusted] is done if the certificate is associated with a low level of trust.  If the digital signature is invalid, the certificate is associated with a low level of trust.  [Para. 0047] if the certificate is invalid, the certificate is associated with a low level of trust)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Solodovnikov to include wherein the check tool is further configured to categorize the at least one file as non-trusted when the digital signature is invalid or the DS certificate is invalid or non-trusted.  One of ordinary skill in the art would have been motivated to make this modification because such a modification allows a computing device to determine if additional, resource intensive, and complex checking of the file is required, increasing the efficiency of the operation of antivirus software.  (Solodvnikov, para. 0029, para. 0004)
 
As per claim 5, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere also teaches wherein the trusted certificate data in the trusted certificate database includes data for at least two operating systems. ([Dabbiere, para. 0018] the profiles [trusted certificate data in the trusted certificate database] includes data for iOS, Android and windows [at least two operating systems])

As per claim 6, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere also teaches wherein the check tool is configured to determine the digital signature is valid with a first processor process and the check tool is configured to determine the DS certificate is valid with a second processor process, the first processor process being executed concurrently and independently of the second processor process.  ([Dabbiere, para. 0049] in response to a request from the application, the user device validates a certificate, and validates a digital signature.  [Para. 0076]  processes of validating the certificate and digital signature may be executed concurrently [with a first processor process, and a second processor process]) 

As per claim 7, Dabbiere in view of Solodovnikov teaches claim 3.  
Dabbiere also teaches wherein the security assurance tool is configured to restrict access to the user computing device to the file by at least one of: ([Dabbiere, para. 0017; para. 0052] the device uses remedial modules or enterprise applications [the security assurance tool] to enforce remedial actions which restrict access to the user of the computing device.  The examiner interprets “at least of one of” to mean that only one of the items in the list below is required, but to expedite prosecution, prior art citations for all of the items in the list below are provided)
prohibiting transfer of the at least one file to the user computing device, ([Dabbiere, para. 0064] denying the transfer of resources to a requesting devices as a possible remedial action)
prohibiting execution of the at least one file on the user computing device, ([Dabbiere, para. 0020] requests to execute applications [at least one file] are refused on a requesting device as a possible remedial action)
prohibiting opening of the at least one file on the user computing device, ([Dabbiere, para. 0052] executing routines for opening applications will be denied as a possible remedial action)
([Dabbiere, para. 0052] deleting local resources [at least one file] as a possible remedial action)
quarantining the at least one file. ([Dabbiere, para. 0052] disabling [or quarantining] the resource as a possible remedial action)

As per claim 8, Dabbiere in view of Solodovnikov teaches claim 7.  
Dabbiere also teaches wherein when the check tool obtains the at least one file, the security assurance tool is further configured to suspend transfer of the at least one file to the user computing device until the at least one file is categorized as trusted or non-trusted. ([Dabbiere, para. 0017; para. 0050-51] the device uses remedial modules or enterprise applications [the security assurance tool] in the event that the certificate is not trusted by the device [until the file is categorized as non-trusted].  The request for access to resources may be denied, at least temporarily [suspend transfer of the file], until the problem with the certificate is resolved)

As per claim 10, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere does not teach wherein validating the issuing center certificate includes: building a chain of certificates from the plurality of certificates; checking that each of the plurality of certificates in the chain of certificates has a required certificate integrity; checking that one of the plurality of certificates in the chain of certificates is related to the issuing center data; checking that a root certificate is the last certificate in the chain of certificates; and if each of the plurality of certificates in the chain of certificates has the required certificate integrity, one of the plurality of certificates in the chain of certificates is related to the issuing center data, and the root certificate is the last certificate in the chain of certificates, determining that the issuing center data is valid.
([Solodovnikov, Fig. 3-4, para. 0046, para. 0050] a high level of trust [a value validating the certificate – see para. 0027] may be assigned to certificates whose certification authority is contained on the list of trusted certification authorities [validating the issuing center with the certificate database] and validating the certification authority based on root and intermediate certificates)
building a chain of certificates from the plurality of certificates; ([Solodovnikov, Fig. 5, para. 0050; para. 0053] to validate the certification, the verification module constructs a certificate chain from a plurality of certificates)
checking that each of the plurality of certificates in the chain of certificates has a required certificate integrity; ([Solodovnikov, Fig. 5, para. 0053] in order for the certificate to be validated, each certificate in the chain until the root certificate is reached, must have a requisite level of validation)
checking that one of the plurality of certificates in the chain of certificates is related to the issuing center data; ([Solodovnikov, Fig. 5, para. 0050] the certification authority [issuing center data] of each certificate is determined to ensure that the certification authority is linked/related)
checking that a root certificate is the last certificate in the chain of certificates; and ([Solodovnikov, Fig. 5, para. 0053] the process of checking certificates continues until the root certificate is reached)
if each of the plurality of certificates in the chain of certificates has the required certificate integrity, one of the plurality of certificates in the chain of certificates is related to the issuing center data, and the root certificate is the last certificate in the chain of certificates, determining that the issuing center data is valid. ([Solodovnikov, para. 0050-0051; para. 0055-0056] if the certificate chain is successfully traversed [the certificates in the chain of certificates has the required integrity, and related to the certification authority/issuing center data], and the root certificate has been reached [is the last certificate] it is determined that the end certificate is associated with a medium or high level of trust.  [Para. 0029] a high level of trust is associated with a list of trusted certification authorities [a determination that the issuing center data is valid])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Solodovnikov to include wherein validating the issuing center certificate includes: building a chain of certificates from the plurality of certificates; checking that each of the plurality of certificates in the chain of certificates has a required certificate integrity; checking that one of the plurality of certificates in the chain of certificates is related to the issuing center data; checking that a root certificate is the last certificate in the chain of certificates; and if each of the plurality of certificates in the chain of certificates has the required certificate integrity, one of the plurality of certificates in the chain of certificates is related to the issuing center data, and the root certificate is the last certificate in the chain of certificates, determining that the issuing center data is valid. One of ordinary skill in the art would have been motivated to make this modification because traversing and validating a certificate chain allows a succession search for each certificate in the chain and allows the level of trust of an end certificate to be verified.  (Solodvnikov, para. 0051)

As per claim 11, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere also teaches wherein finding the trusted certificate data related to the DS certificate data includes: ([Dabbiere, para. 0049] in response to the request from the application, the OS may look for the required certificate in the trust store)
identifying the DS certificate data in the trusted certificate data, wherein the DS certificate data includes at least one of the DS certificate, an ID of the DS certificate, or a vector of values identifying the DS certificate; or ([Dabbiere, para. 0037] the certificate is introduced to the client device by the profile [the certificate data], wherein the system may recognize that a profile includes the digitally signed certificate)
([Dabbiere, para. 0037] in some embodiments the system may recognize that a profile includes a root or intermediate certificate [a certifying center certificate from a certifying center].  [para. 0049] the certificate may be validated by checking a certificate authority [certifying center that issued the DS certificate] signature)

As per claim 13, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere also teaches wherein the plurality of certificates stored in the certificate database comprises only root certificates and certificates of certifying centers.  ([Dabbiere, para. 0018] in an embodiment, the certificates are one of a plurality of root certificates and a plurality of intermediate certificates.  Intermediate certificates are certificates of certifying centers [see ITU-T, Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks, Article E41034, Posted 2016-12-08, Retrieved on 2021-06-23, Retrieved from the Internet: <URL:https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.509-201610-S!!PDF-E> Sec. 3.5.21, pg. 4])

As per claim 14, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere also teaches wherein the trusted certificate data comprises a plurality of trusted certificates or IDs of the plurality of trusted certificates.  ([Dabbiere, para. 0037] in some embodiments, the certificate is introduced to the client device via the profile [the trusted certificate data], for instance recognizing that the profile includes the certificate)



As per claim 16, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

As per claim 17, the claim language is identical or substantially similar to that of claim 7. Therefore, it is rejected under the same rationale applied to claim 7.

As per claim 18, the claim language is identical or substantially similar to that of claim 8. Therefore, it is rejected under the same rationale applied to claim 8.

As per claim 19, Dabbiere teaches at least one processor and memory operably coupled to the at least one processor, and instructions when executed on the processor ([Dabbiere, para. 0077] the client device includes processors in a computer system coupled to memory, and instructions that may be fetched from memory to be executed by the client device) cause the processor to implement a check tool configured to perform the steps of the check tool of claim 2, has language that is identical or substantially similar to the method of claim 2, and thus is rejected with the same rational applied against claim 2.   

As per claim 20, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Dabbiere in view of Solodovnikov as applied to claim 2 above, and further in view of Huang et al. (US Pub. 2015/0121478)

As per claim 9, Dabbiere in view of Solodovnikov teaches claim 2.  
Dabbiere does not teach wherein checking that the at least one file has the required file integrity includes: obtaining a decrypted digital signature checksum from the digital signature; calculating a file checksum of the at least one file using the checksum algorithm; and comparing the digital signature checksum with the file checksum using a public key in the DS certificate.
However, Solodovnikov teaches wherein checking that the at least one file has the required file integrity includes: ([Solodovnikov, para. 0035] an unknown file is executed on the computer and the application may send an identifier, a hash of the file, for validation that it has the requisite integrity)
obtaining a decrypted digital signature checksum from the digital signature; ([Solodovnikov, para. 0046] the checking of the digital signature includes deciphering it with a public key)
calculating a file checksum of the at least one file using the checksum algorithm; ([Solodovnikov, para. 0046] a calculated value of the hash function of the of the file)
comparing the digital signature checksum with the file checksum using a public key in the DS certificate; and ([Solodovnikov, para. 0046] comparing the resulting value of the hash function of the file with the calculated value of the hash function of the file)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Solodovnikov to include checking that the at least one file has the required file integrity includes: obtaining a decrypted digital signature checksum from the digital signature; calculating a file checksum of the at least one file using the checksum algorithm; and comparing the digital signature checksum with the file checksum using a public key in the DS certificate.  One of ordinary skill in the art would have been motivated to make this modification because such steps would allow checking of the digital signature to allow for malware detection. (Solodovniok, para. 0046; para. 0003)
Dabbiere in view of Solodovnikov does not teach obtaining a checksum algorithm from the DS certificate; and if the digital signature checksum matches the file checksum, determining that the at least one file has the required file integrity.
However Huang teaches obtaining a checksum algorithm from the DS certificate; and ([Huang, para. 0067] a hash algorithm recorded in a certificate file is obtained so that a hash calculation can be performed using the algorithm)
if the digital signature checksum matches the file checksum, determining that the at least one file has the required file integrity. ([Huang, para. 0067] If the digital signature hash matches the file hash, it is determined that the installation package is complete [has the required file integrity])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Huang to include obtaining a checksum algorithm from the DS certificate; and if the digital signature checksum matches the file checksum, determining that the at least one file has the required file integrity.  One of ordinary skill in the art would have been motivated to make this modification because these steps allow for determination of whether termination of operations, or granting permissions for installing apps is appropriate. (Huang, para. 0066)

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Dabbiere in view of Solodovnikov as applied to claim 11 above, and further in view of Miyazawa. (US Pub. 2007/0234047).  

As per claim 12, Dabbiere in view of Solodovnikov teaches claim 11.  

However, Miyazawa teaches wherein the certificate database is further configured to store revocation data about the plurality of certificates and wherein determining the DS certificate is trusted further comprises: ([Miyazawa, Fig. 1; para. 0082] in a flash memory a plurality of server certificate data is stored [a certificate database].  [Fig. 2, para. 0091] included in the server certificate is the serial number of the certificate and the validity period information of the certificate [revocation information/data, see para. 0096-0097])
comparing the DS certificate to the revocation data to determine the DS certificate has not expired. ([Miyazawa, Fig. 4, para. 0127-0128] the peripheral compares the DS certificate to the revocation data [the validity period information] in view of the present time to determine if the certificate is expired [duration specified in the certificate itself has not ended – see pg. 12, ln. 20-21 of the instant application].  If the certificate is expired, the certificate is determined to not to be valid [untrusted])
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Miyazawa to include wherein the certificate database is further configured to store revocation data about the plurality of certificates and wherein determining the DS certificate is trusted further comprises: comparing the DS certificate to the revocation data to determine the DS certificate has not expired.  One of ordinary skill in the art would have been motivated to make this modification because inhibiting the use of expired certificates would allow for client devices to prevent establishment of encrypted communications with degraded security (Miyazawa, para. 0037-0039)

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Dabbiere in view of Solodovnikov as applied to claim 19 above, and further in view of Murphey et al. (US Pub. 2012/0110337).  

As per claim 21, Dabbiere in view of Solodovnikov teaches claim 19.  
Dabbiere also teaches a computing device operating system (OS); ([Dabbiere, para. 0030] the user device contains an operating system)
Dabbiere does not teach instructions that, when executed on the processor, cause the processor to implement a virtual machine comprising a virtual machine OS, the virtual machine OS being different than the computing device OS, and wherein the at least one file is executable only on the virtual machine OS.  
However, Murphey teaches instructions that, when executed on the processor, cause the processor to implement a virtual machine comprising a virtual machine OS, ([Murphy, para. 0112] the instructions may be implemented on a computer processor, which implements the virtual machine) the virtual machine OS being different than the computing device OS, ([para. 0004] the virtual application is encapsulated from the host OS by a virtual operating system) and wherein the at least one file is executable only on the virtual machine OS.  ([Para. 0027] a virtual application [the at least one file] may be implemented as an executable virtualized application file configured to execute in a virtualized environment [a virtual machine OS] provided by a virtual machine)
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Dabbiere with the teachings of Murphy to include instructions that, when executed on the processor, cause the processor to implement a virtual machine comprising a virtual machine OS, the virtual machine OS being different than the computing device OS, and wherein the at access to a virtual application may be restricted by restricting the ability to launch virtualized application files to only authorized applications with validated and digital signatures and certificates. (Murphy, para. 0053)

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The follow prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Masuoka et al. (US Pub. 2009/0172781) discloses certificates stores of OS, a storage area in OS where all system certificates are located and a Virtual machine with a plurality of OS systems.  Roth et al. (US Patent No. 9,037,511) discloses a plurality of guest operating system where a hypervisor stores a set of cryptographic credentials associated with a guest operating system.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493