Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
Applicant’s amendment filed on September 24, 2021 amends claims 1 and 8-9.  New claims 10-11 are added.  Claims 1-11 are pending.  Applicant’s amendments have been fully considered and entered.

Response to Arguments
Applicant's arguments filed on September 24, 2021 have been fully considered but are moot in light of a newly cited reference, Breternitz JR. et al. (US 2012/0079246).  The amendments to the independent claims and the new claims, which necessitate a new grounds of rejection, are taught by the combination of Salmon-Legagneur, Morais, and Breternitz JR. et al. (US 2012/0079246).   Examiner directs the Applicant to the claim rejections under 35 USC 103 for additional details.  


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in 


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claims 1-4, 6, and 8-11 are rejected under 35 U.S.C. 103 as being unpatentable over Salmon-Legagneur et al. (US 2017/0262657) in view of Morais et al. (US 2006/0047933) and further in view of Breternitz, JR. et al. (US 2012/0079246), hereinafter “Breternitz”.
Regarding claim 1, Salmon-Legagneur teaches a method for determining a validity of a code of an application (see Salmon-Legagneur at [0022]: the device determines that the integrity of the application is valid by way of using checksums), said method being implemented within an electronic device comprising at least one processor, a non-secure memory [and a secure memory], (see Salmon-Legagneur at 
loading said application in said non-secure memory, delivering a current application code (see Salmon-Legagneur at [0017]:  device comprises memory configured to store the application; a processing unit configured to execute the application; see Salmon-Legagneur at [0009] which discloses that the DEX file header contains a global checksum for the contents of the DEX file; see Salmon-Legagneur at [0010] which discloses that at runtime, the system may verify the integrity of the application using the ODEX checksum; Examiner notes that either a DEX or ODEX may be mapped to the recited current application code.);
determining a footprint of said current application code, delivering a current footprint associated with said application (see Salmon-Legagneur at [0009] which discloses that the DEX file header contains a global checksum for the contents of the DEX file; see [0010] which discloses that at runtime, the system may verify the integrity of the application using the ODEX checksum; see [0022]: During execution of the application a device generates a checksum for the application and determines that the integrity of the application is valid … Examiner maps the generation of the checksum for the application to the recited footprint of the current application code; also see [0046] which states that a checksum may thus for example also be a hash value.  Examiner notes that Applicant’s specification discloses that “this footprint, which corresponds to a 
obtaining, [within said secure memory,] a reference footprint associated with said application (see Salmon-Legagneur, at [0017], which discloses memory for storing a plurality of different valid checksums; see Salmon-Legagneur at [0022]:  determining that the integrity of the application is valid in the case the generated checksum matches one of the plurality of different valid checksums; Examiner maps valid checksum to the recited reference footprint);
comparing said current footprint with said reference footprint; (see Salmon-Legagneur at [0022]:  determining that the integrity of the application is valid in the case the generated checksum matches one of the plurality of different valid checksums; also see Salmon-Legagneur at [0029] which states that a plurality of ODEX or ELF file checksums, each checksum corresponding to a specific, possible ODEX or set of ELF files, are delivered with the DEX and that the integrity of the ODEX or ELF files is then verified by comparing a generated checksum against the plurality of ODEX or ELF file checksums.)
and in response to said current footprint being identical to said reference footprint, validating said current application code, (see Salmon-Legagneur at [0037]:  In case the generated checksum matches one of the plurality of ODEX checksums, the signature is verified using the public key in the certificate 228) comprising: executing an optimization process of the current application code of said application, delivering an optimized application code; determining a footprint of said optimized application code, delivering a post-optimization footprint associated with said application (see Salmon-Legagneur at [0031] which discloses that the processing unit 124 is configured to perform a plurality of optimizations on a DEX to obtain a plurality of ODEX files and to calculate checksums for each of the plurality of ODEX files; see Salmon-Legagneur at [0044] which further discloses that the integrity may be iteratively checked a plurality of times during the execution of the application).
Regarding claim 1, Salmon-Legagneur, teaches said post-optimization footprint and as a new reference footprint associated with said application (see Salmon-Legagneur, at [0009], which discloses that the Android system uses an optimizer which modifies a DEX code into an optimized ODEX code, and that the optimizer also updates the checksum.  Examiner notes that updating the checksum corresponds to recording the post-optimization footprint as a new reference footprint.)
Salmon-Legagneur does not expressly teach a secure memory, and recording [said post-optimization footprint] in said secure memory [as a new reference footprint associated with said application].  But in a related art, Morais et al. teaches a secure memory (and non-secure memory), and recording in said secure memory (see Morais at [0043]: a hash function is applied to the data 700; the calculated hash 728 is stored in the location in secure memory 716; also see Morais at elements 716 and 112 in Fig. 7 both a secure RAM and a RAM where data is stored in unsecured memory while the hashed value of that data is stored in secure memory.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salmon-Legagneur to include an additional memory for use as a secure memory, as taught by Morais.  
One would have been motivated to make such a modification because in the case of protection, verification information that is a function of the data, such as a hash, is preferably stored in a tamper-resistant secure memory, as suggested by Morais at [0021].
The modified Salmon-Legagneur does not expressly teach detecting a call to execute an optimization process of the application; and upon detecting the call to execute the optimization process, which in a related art, Breternitz teaches (see Breternitz at [0047] which discloses that calls are used to enable execution of transactions to optimize application code; Examiner notes that each of the calls is detected when each call is executed.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Salmon-Legagneur to include detecting a call to execute an optimization process of the application, and upon detecting the call to execute the optimization process, as taught by Breternitz.  

Independent claims 8 and 9 are substantially the same as claim 1 and are therefore rejected under the same rationale as stated for claim 1 above.
As for claim 2, the modified Salmon-Legagneur, teaches the method according to claim 1 further comprising initializing said reference footprint, implemented during an installation of said application of said electronic device (Examiner points to the specification, at page 9, which states that “this reference footprint has been initialized a first time at the installation of the application on the electronic device”.  See Salmon-Legagneur at [0008] and [0009] which discloses that to distribute and install application software onto the previously mentioned Android operating system a file format called APK is used and that the RSA signature for the CERT.SF enables validation of the entire content of the APK file during installation.  Furthermore, the archive file contains the entire program code in a single DEX file and that a DEX file header contains a global checksum for the contents of the DEX file.  Also, see [0030]:  The device 110 can be any kind of suitable device running an Android OS, such as a smartphone or a tablet.).
As for claim 3, the modified Salmon-Legagneur, teaches the method according to claim 2 wherein the initializing the reference footprint comprises: verifying a signature of at least one installation packet of said application; (see Salmon-Legagneur at [0008]: 
and when said verification of a signature is positive: obtaining a first reference footprint for said application; (see Salmon-Legagneur at [0008] which describes that the DEX file header contains a global checksum for the contents of the DEX file and that at the first execution of the application, the Android system uses an optimizer which modifies the DEX code into an ODEX and updates the checksum; Examiner maps the checksum, prior to its update, as the first reference footprint.)
and recording said first reference footprint (see Salmon-Legagneur at [0008] which states that the ODEX file is stored in a specific repository with in the Android file system for future use and that the ODEX file then becomes the reference for the application software.)
in said secure memory (see Morais at [0043]: a hash function is applied to the data 700; the calculated hash 728 is stored in the location in secure memory 716; Examiner notes that Morais at Fig. 7, illustratively discloses a secure memory (see element 716) and a non-secure memory (see element 112)  in Morais’ security engine;  Examiner further notes that a hash is stored in the secure memory (see Morais at [0043] which states that “the calculated hash 728 is stored in the location in secure memory 716.”)).
when said current footprint is different from said reference footprint, implementing at least one protection measure (see [0038] which states that suitable measures may be taken in the instance that the integrity is not valid).
As for claim 6, the modified Salmon-Legagneur, teaches the method according to claim 1 wherein the current footprint and the reference footprint associated with said application are determined by implementing a hash function (see Salmon-Legagneur at [0046] which discloses that a checksum may thus for example also be a hash value).
As for claim 10, the modified Salmon-Legagneur teaches the method according to claim 1, wherein the method further comprises: upon detecting the call to execute the optimization process, interrupting the optimization process until the current application code has been validated (see Breternitz at [0043] which discloses using an interrupt to invalidate a transaction due to any combination of conditions which may be considered invalidating, such as one or more transactions associated with optimizing the application code as disclosed by Breternitz at [0047].  Examiner notes that by way of invalidating the transaction(s) associated with the optimization of the application code, the optimization process is interrupted.  Examiner notes that Breternitz at [0043] and at [0047] discloses using an interrupt to invalidate transactional execution which may be associated with optimizing the application code; furthermore, see Salmon-Legagneur at [0037] which discloses that the signature is verified using the public key in the certificate 
As for claim 11, the modified Salmon-Legagneur teaches the method according to claim 1, wherein the method further comprises: perform at least two iterations of: detecting the call to execute the optimization process; and performing the determining, obtaining and comparing for the current application code upon detecting the call (see Breternitz at [0047] which discloses that a number of calls are used to enable execution of transactions to optimize application code; Examiner notes that each of the calls is detected when each call is executed and Examiner maps the calls to the at least two interations; see Salmon-Legagneur at [0044] which further discloses that the integrity may be iteratively checked a plurality of times during the execution of the application.)

Claim 5 is rejected under 35 USC 103 as being unpatentable over Salmon-Legagneur et al. (US 2017/0324760) in view of Morais et al. (US 2006/0047933) and further in view of Waller (US 2016/0227406).
As per claim 5, the combination of Salmon-Legagneur and Morais teaches the method of claim 4 but does not expressly teach wherein said at least one protection measure belongs to the group consisting of:  displaying a warning message on a screen 
Waller et al., in a related art, teaches wherein said at least one protection measure belongs to the group consisting of:  displaying a warning message on a screen of said electronic device; blocking any data transmission addressed to said application; blocking said application; blocking said electronic device (see Waller at [0085] which discloses that when the metadata hash does not match the reference hash, the authentication of the metadata may fail.  Therefore, the broadcast receiver 100 may display a warning message indicating that the metadata is not authenticated; also see Fig. 7 element 140 illustratively disclosing the display of the broadcast receiver).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the modified Salmon-Legagneur to include wherein said at least one protection measure belongs to the group consisting of:  displaying a warning message on a screen of said electronic device; blocking any data transmission addressed to said application; blocking said application; blocking said electronic device, as taught by Waller.
One would have been motivated to make such a modification to provide a warning to a user of an authentication failure, as suggested by Waller at [0085]. 

7 is rejected under 35 USC 103 as being unpatentable over Salmon-Legagneur et al. (US 2017/0324760) in view of Morais et al. (US 2006/0047933) and further in view of Lagar-Cavilla et al. (US 2012/0291126).
As for claim 7, the modified Salmon-Legagneur teaches the method according to claim 1, further comprising, prior to said executing an optimization process, verifying the integrity of the code of the optimization process (see Salmon-Legagneur at [0008] which discloses signature verification using CERT.RSA and that the RSA signature enables validation of the entire content of the APK file during installation.) comprising: determining a footprint of the code of said optimization process, delivering a current footprint associated with said optimization process; obtaining [, in said secure memory,] a reference footprint associated with said optimization process;  (see Salmon-Legagneur at [0043] which discloses that integrity of the ODEX or ELF files is determined to have been verified in case of positive verification of the certificate since this is done in the instance where the signature is valid and where the generated ODEX or ELF file checksum matches one of the plurality of stored ODEX or ELF file checksums; Examiner maps generated ODEX file to current footprint; Examiner maps stored ODEX file to reference footprint) comparing said current footprint associated with the optimization process with said reference footprint associated with the optimization process; and when the current footprint associated with the optimization process is identical to the reference footprint associated with the optimization process, implementing said executing said optimization process; (see Salmon-Legagneur at [0043] which discloses that integrity of the ODEX or ELF files is determined to have been verified in case of positive verification of the certificate since this is done in the instance where the signature is valid and where the generated ODEX or ELF file checksum matches one of the plurality of stored ODEX or ELF file checksums; Examiner notes that the recited comparing is performed when the generated ODEX file checksum matches one of the plurality of stored ODEX file checksums;  see Salmon-Legagneur at [0044] which discloses that the integrity may be checked a plurality of times during execution of the application.)  when the current footprint associated with the optimization process is different from the reference footprint associated with the optimization process, [suspending the executing] said optimization process. (see Salmon-Legagneur at [0036] which discloses that in case the generated checksum does not match any of the plurality of ODEX or ELF file checksums, it is determined that the integrity of the ODEX or ELF files is not valid).
The combination of Salmon-Legagneur and Morais does not expressly teach suspending the executing.  In a related art, Lagar-Cavilla teaches suspending the executing (see [0056] which discloses that a scanner hashes and compares the executing code to a whitelist of known software stored in hash database.  Scanner makes a determination of whether or not the page is infected with a rootkit…. In the case of infected code, controller pauses the executing code, and raises an alert.)

One would have been motivated to make such a modification to conserve processor and battery resources, as suggested by Lagar-Cavilla at [0056].
 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROY RHEE whose telephone number is 313-446-6593.  The examiner can normally be reached on 8:30 am to 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Peter Nolan, can be reached on 571-270-7016.  If supervisor Peter Nolan cannot be reached, please call Thomas Black at 571-272-6956.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair.  Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the 




/R.R./Examiner, Art Unit 3661

/PETER D NOLAN/Supervisory Patent Examiner, Art Unit 3661