DETAILED ACTION

This non-final office action is in response to claims 1-20 filed March 06, 2020 for examination. Claims 1-20 are being examined and are pending. 
Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement

The information disclosure statement filed 03/06/2020 and 12/06/2021 has been placed in the application file and the information referred to therein has been considered as to the merits. 
Drawings

The drawings filed on 03/06/2020 have been accepted.
Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 8-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because independent claims 8 and 16 recite “A software build tool” but fails to positively recite any structural components, hardware features, or functional elements that are configured to perform. MPEP 2106.03 (I) dictates the Four Categories of Statutory Subject Matter where a machine (also known as a “device”) must be a “concrete thing, consisting of parts, or of certain devices and combination of devices.” Digitech Image Techs. v. Electronics for Imaging, 758 F.3d 1344, 1348, 111 USPQ2d 1717, 1719 (Fed. Cir. 2014). This category “includes Nuijten, 500 F.3d at 1355, 84 USPQ2d at 1501 (quoting Corning v. Burden, 56 U.S. 252, 267, 14 L. Ed. 683, 690 (1854)). As the courts’ definitions of machines, manufactures and compositions of matter indicate, a product must have a physical or tangible form in order to fall within one of these statutory categories. Digitech Image Techs. v. Electronics for Imaging, 758 F.3d 1344, 1348, 111 USPQ2d at 1719 (“For all categories except process claims, the eligible subject matter must exist in some physical or tangible form.”). Claims 8 and 16 fail to provide the functional elements (hardware/machine components) necessary for “a software build tool” to perform such functions. Claims further recite “a fingerprint engine,” “a certificate engine” but these engines can be interpreted as “software” only, which is directed toward non-statutory software per se. Therefore, claims 8 and 16 fail to fall into one of the four categories of statutory subject matter. 
Dependent claims 9-15 and 17-20, which depend upon the software device tool as claimed in claims 8 and 16, fail to positively recite any structural components, hardware features, or functional elements that would qualify as statutory subject matter. Therefore, claims 9-15 and 17-20 are also rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0065709 A1 to Salomon et al. hereinafter “Salomon” in view of US 2012/0005480 A1 to Batke et al. hereinafter “Batke”.
Regarding claim 1, Salomon disclosed a computer-implemented method of establishing a trustworthy relationship between a source code and one or more binary files generated from the Abstract. an apparatus, method, system, and/or instructions by which source code can be linked to a compiled binary, guaranteeing the origin of the binary and ensuring traceability of the binary file back to the source code that originated it.), the method comprising: 
recording build information during building of the source code (Para. 0014. Generating a source code file, storing source code file in a repository. Para. 0009. a given binary file can be traced to its source code by virtue of its version, and/or time stamp, as logged in the blockchain. Para. 0062-0063); 
generating a certificate using the build information, the certificate establishing a relationship between the source code and the one or more binary files created from the source code (Para. 0008. “employing repositories for source code and associated compiled binary files, which have been (or will be) registered, using cryptographical hashes of the files, in a distributed ledger, e.g., a blockchain. Blockchain records, i.e., blocks, store source code hashes and binary hashes in association with a software version and/or time stamp.” Para. 0009. Hashes are computed using a fingerprint (e.g.. checksum, MD-5, or other mechanism) of the source code. Para. 0014. storing a hash of the source code file in a blockchain, storing a hash of the binary file in a block of the blockchain, i.e. a block in the blockchain being the certificate as defined in par. 0040-0042 of the specification as filed.) and 
signing the certificate with a public cryptographic key, the signed certificate being usable to verify that the binary file referenced in the certificate has been created from the source code referenced in the certificate (Para. 0087. the consumer systems 20 are only granted access to read the blockchain 18; to access the binary code and hash repository 48; and/or to access the distributed servers 14, after they have been authenticated and appropriately permissioned. Public Key Infrastructure (PKI) may be used as part of the interaction between the consumer systems 20 and other modules of the overall system 10. Para. 0088. a message (e.g., a message containing an encrypted binary file for client-side installation on one of the consumer systems 20) that is encrypted with the public key can be accompanied by a digital signature (that represents a combination of the message body and the private key). The receiver of the message may use the public key to check that the digital signature is valid (i.e., made with a valid private key). However, a valid private key will be required to decode the entire message that has been encoded with the public key. Para. 0012. a cloud service provider may readily verify that a binary file (or files) to be sent to a production server has (or have) not been altered, e.g., by comparing the hash of the binary (to send to the production server) with the associated hash for the binary file that has been registered in the blockchain.).
Salomon disclosed the claimed invention and a block in the blockchain is being interpreted as the certificate defined in par. 0040-0042 of the specification as filed. However, the analogous art Batke explicitly taught generating a certificate using the build information, the certificate establishing a relationship between the source code and the one or more binary files created from the source code (Para. 0026. FIG. 2, a block diagram illustrates an example firmware signature process 200. At 210, a normal binary file is created. At 220, a digital certificate is generated that contains information relating to the firmware 210. Para. 0030-0031. The build procedure creates a certificate that includes: the hash value for the firmware image information.).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of Salomon by including the idea of generating a certificate using the build information, the certificate establishing a relationship between the source code and the one or more binary files created from the source code () as taught  software tools can then verify the integrity of the firmware using the certificate (Batke. Para. 0006).
Regarding claim 2, Salomon-Batke combination further taught the method as in claim 1, further comprising providing a software release package, the software release package including at least the source code, final binary files generated from the source code, and the certificate (Batke, Fig. 7. Para. 0016-0018, 0046-0052. Final script file is created from firmware binary files, certificate, and digital signature.).
Regarding claim 3, Salomon further taught the method as in claim 1, further comprising generating, via a fingerprint generation algorithm, a recorded build information fingerprint (Para. 0009. [0064] The controller 28 then inputs the source code file(s) to the source fingerprinting module 30, so as to obtain a fingerprint of the source code file(s) in accordance with a fingerprinting algorithm implemented by the fingerprinting module 30. Exact details of the fingerprinting algorithm are implementation specific and may vary, depending upon the needs of a given implementation. In the present example embodiment, the source fingerprinting module 30 uses an MD-5 hash algorithm, or other suitable checksum or hash function. The output of the source fingerprinting module 30 represents a number (or code, e.g., a message digest) that can be used to identify the input source file(s).).
Regarding claim 4, Salomon further taught the method as in claim 3, further comprising: receiving the recorded build information fingerprint; cross-checking the recorded build information fingerprint against a fingerprint generated by a tool used during the building of the source code; and verifying that no modification has been made to a file between a time that the recorded build information fingerprint was generated and a time that the fingerprint was generated by the tool (Para. 0008. Blockchain records, i.e., blocks, store source code hashes and binary hashes in association with a software version and/or time stamp. Para. 0012. Para. 0076, 0079. The registration data also includes timestamp information, and the hashes can be used to confirm that a particular source file and/or binary file has not been altered or changed from a registered version. 0121. The consumer system 20 may then compare the hash files obtained from the binary repository 48 with the registered hash files to ensure that the downloaded binary has not been corrupted or altered, i.e., the binary hashes match. Para. 0135).
Regarding claim 5, Salomon-Batke combination further taught the method as in claim 1, further comprising encrypting the signed certificate with the public cryptographic key or another public cryptographic key depending on given build requirements for a given build instance of the source code (Batke, Para, 0028, 0031. A digital signature which is the hash value of the certificate itself encrypted with the RSA algorithm using private key. Salomon, Para. 0088).
Regarding claim 6, Salomon-Batke combination further taught the method as in claim 1, the public cryptographic key being provided by a recipient or a trusted third party (Batke, Para. 0042-0043).
Regarding claim 7, Salomon-Batke combination further taught the method as in claim 1, the build information comprising at least one of build environment information, framework information, source files identification, intermediately generated files information, final binary files information, file operations during building of the source code, or commands/operations during building of the source code (Salomon, Para. 0066.  Accordingly, the source hash returned by the source hash function 32 contains information about the workstation 12 (e.g., via the CPU ID and MAC address), the user (e.g., via the User ID), and the source files 26. The resulting source hash and associated source code files 26 are then routed by the controller 28 for storage in the source code and hash repository 46.Para. 0008. Batke, 0017).
Regarding claim 8, Salomon taught a software build tool for establishing establishes a trustworthy relationship between source code and binary files generated from the source code, (Abstract. an apparatus, method, system, and/or instructions by which source code can be linked to a compiled binary, guaranteeing the origin of the binary and ensuring traceability of the binary file back to the source code that originated it.) comprising: a fingerprint engine (Para. 0061. Fingerprinting module) that records build information during building of the source code (Para. 0014. Generating a source code file, storing source code file in a repository. Para. 0009. a given binary file can be traced to its source code by virtue of its version, and/or time stamp, as logged in the blockchain. Para. 0062-0063) and fingerprints the build information (Para. 0009. Hashes are computed using a fingerprint (e.g.. checksum, MD-5, or other mechanism) of the source code. Para. 0064. The controller 28 then inputs the source code file(s) to the source fingerprinting module 30, so as to obtain a fingerprint of the source code file(s) in accordance with a fingerprinting algorithm implemented by the fingerprinting module 30. Exact details of the fingerprinting algorithm are implementation specific and may vary, depending upon the needs of a given implementation. In the present example embodiment, the source fingerprinting module 30 uses an MD-5 hash algorithm, or other suitable checksum or hash function.); and a certificate engine that generates a certificate using the build information to establish a relationship between the source code and a binary file created from the source code (Para. 0008. “employing repositories for source code and associated compiled binary files, which have been (or will be) registered, using cryptographical hashes of the files, in a distributed ledger, e.g., a blockchain. Blockchain records, i.e., blocks, store source code hashes and binary hashes in association with a software version and/or time stamp.” Para. 0009. Hashes are computed using a fingerprint (e.g.. checksum, MD-5, or other mechanism) of the source code. Para. 0014. storing a hash of the source code file in a blockchain, storing a hash of the binary file in a block of the blockchain, i.e. a block in the blockchain being the certificate as defined in par. 0040-0042 of the specification as filed.)  and that signs the certificate with a public cryptographic key, the signed certificate being usable to verify that the binary file referenced in the certificate has been created from the source code referenced in the certificate (Para. 0087. the consumer systems 20 are only granted access to read the blockchain 18; to access the binary code and hash repository 48; and/or to access the distributed servers 14, after they have been authenticated and appropriately permissioned. Public Key Infrastructure (PKI) may be used as part of the interaction between the consumer systems 20 and other modules of the overall system 10. Para. 0088. a message (e.g., a message containing an encrypted binary file for client-side installation on one of the consumer systems 20) that is encrypted with the public key can be accompanied by a digital signature (that represents a combination of the message body and the private key). The receiver of the message may use the public key to check that the digital signature is valid (i.e., made with a valid private key). However, a valid private key will be required to decode the entire message that has been encoded with the public key. Para. 0012. a cloud service provider may readily verify that a binary file (or files) to be sent to a production server has (or have) not been altered, e.g., by comparing the hash of the binary (to send to the production server) with the associated hash for the binary file that has been registered in the blockchain.).
Salomon disclosed the claimed invention and a block in the blockchain is being interpreted as the certificate defined in par. 0040-0042 of the specification as filed. However, the analogous art Batke explicitly taught a certificate engine that generates a certificate using the build information to establish a relationship between the source code and a binary file created from the source code (Para. 0026. FIG. 2, a block diagram illustrates an example firmware signature process 200. At 210, a normal binary file is created. At 220, a digital certificate is generated that contains information relating to the firmware 210. Para. 0030-0031. The build procedure creates a certificate that includes: the hash value for the firmware image information.).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of Salomon by including the idea of generating a certificate using the build information, the certificate establishing a relationship between the source code and the one or more binary files created from the source code () as taught by Batke so that software tools can then verify the integrity of the firmware using the certificate (Batke. Para. 0006).
Regarding claim 9. Salomon further taught the software build tool as in claim 8, further comprising a command engine that instructs a compiler (Salomon, Para. 0052, 0061. Compiler) to compile the source code into the binary files (Para. 0080. The source files 26 may proceed to compilation, i.e., conversion to binary (one or more binary files). After conversion to binary (via the compiler 36), a corresponding binary hash is computed by the binary hash function 34 using the binary output from the compiler 36.), organizes the source code, identifies commands for execution by the compiler, and invokes the compiler to execute the identified commands (Para. 0081. The resulting binary may then be stored in the binary code and hash repository 48 in association with version information. Para. 0083. The software-release sequencing module 38 releases source code to the compiler 36 so as to produce binary output (corresponding to the binary images 50) that is delivered to the production server 16, for execution.)
Regarding claim 10, Salomon-Batke combination further taught the software build tool as in claim 8, further comprising a release package generator that generates a software release Para. 0014. storing a hash of the source code file in a blockchain, storing a hash of the binary file in a block of the blockchain, i.e. a block in the blockchain being the certificate as defined in par. 0040-0042 of the specification as filed. Para. 105. The whole blockchain 18, or parts of it, can be made public and distributed in a network of servers which ensures the integrity of the data in the database. Batke. Fig. 7. Para. 0016-0018, 0046-0052. Final script file is created from firmware binary files, certificate, and digital signature.).
Regarding claim 11, Salomon-Batke combination further taught the software build tool as in claim 8, the release package generator encrypting the signed certificate with the public cryptographic key or another public cryptographic key, depending on requirements for a given build instance of the source code (Batke, Para, 0028, 0031. A digital signature which is the hash value of the certificate itself encrypted with the RSA algorithm using private key. Salomon, Para. 0088).
Regarding claim 12, Salomon further taught the software build tool as in claim 8, the fingerprint engine processing a fingerprint generation algorithm to generate recorded build information fingerprints (Para. 0009. Hashes are computed using a fingerprint (e.g.. checksum, MD-5, or other mechanism) of the source code. Para. 0064. The controller 28 then inputs the source code file(s) to the source fingerprinting module 30, so as to obtain a fingerprint of the source code file(s) in accordance with a fingerprinting algorithm implemented by the fingerprinting module 30. Exact details of the fingerprinting algorithm are implementation specific and may vary, depending upon the needs of a given implementation. In the present example embodiment, the source fingerprinting module 30 uses an MD-5 hash algorithm, or other suitable checksum or hash function.)
Regarding claim 13, Salomon further taught the software build tool as in claim 8, the fingerprint engine: further cross-checking the recorded build information fingerprint against a fingerprint generated by a tool used during building of the source code to verify that no modification has been made to a file between a time that the recorded build information fingerprint was generated and a time that the fingerprint was generated by the tool (Para. 0008. Blockchain records, i.e., blocks, store source code hashes and binary hashes in association with a software version and/or time stamp. Para. 0012. Para. 0076, 0079. The registration data also includes timestamp information, and the hashes can be used to confirm that a particular source file and/or binary file has not been altered or changed from a registered version. 0121. The consumer system 20 may then compare the hash files obtained from the binary repository 48 with the registered hash files to ensure that the downloaded binary has not been corrupted or altered, i.e., the binary hashes match. Para. 0135).
Regarding claim 14, Salomon-Batke combination further taught the software build tool as in claim 8, the public cryptographic key being provided by a recipient or a trusted third party (Batke, Para. 0042-0043).
Regarding claim 15, Salomon-Batke combination further taught the software build tool as in claim 8, the build information comprising at least one of build environment information, framework information, source files identification, intermediately generated files information, final binary files information, file operations during building of the source code, or commands/operations during building of the source code (Salomon, Para. 0066.  Accordingly, the source hash returned by the source hash function 32 contains information about the workstation 12 (e.g., via the CPU ID and MAC address), the user (e.g., via the User ID), and the source files 26. The resulting source hash and associated source code files 26 are then routed by the controller 28 for storage in the source code and hash repository 46.Para. 0008. Batke, 0017).
Regarding claim 16, Salomon taught a software build tool for verifying trustworthiness of binary code received by a recipient (Abstract. an apparatus, method, system, and/or instructions by which source code can be linked to a compiled binary, guaranteeing the origin of the binary and ensuring traceability of the binary file back to the source code that originated it.), comprising: a software release package including at least source code, final binary files generated from the source code (Para. 0014. Generating a source code file, storing source code file in a repository. Compiling the source code file to generate a binary file. Para. 0009. a given binary file can be traced to its source code by virtue of its version, and/or time stamp, as logged in the blockchain. Para. 0062-0063.), and a certificate, the certificate including build information for establishing a relationship between the source code and the binary files created from the source code (Para. 0008. “employing repositories for source code and associated compiled binary files, which have been (or will be) registered, using cryptographical hashes of the files, in a distributed ledger, e.g., a blockchain. Blockchain records, i.e., blocks, store source code hashes and binary hashes in association with a software version and/or time stamp.” Para. 0009. Hashes are computed using a fingerprint (e.g.. checksum, MD-5, or other mechanism) of the source code. Para. 0014. storing a hash of the source code file in a blockchain, storing a hash of the binary file in a block of the blockchain, i.e. a block in the blockchain being the certificate as defined in par. 0040-0042 of the specification as filed.), the certificate being signed with a public cryptographic key and the build information being recorded during building of the source code Para. 0087. the consumer systems 20 are only granted access to read the blockchain 18; to access the binary code and hash repository 48; and/or to access the distributed servers 14, after they have been authenticated and appropriately permissioned. Public Key Infrastructure (PKI) may be used as part of the interaction between the consumer systems 20 and other modules of the overall system 10. Para. 0088. a message (e.g., a message containing an encrypted binary file for client-side installation on one of the consumer systems 20) that is encrypted with the public key can be accompanied by a digital signature (that represents a combination of the message body and the private key).); a certificate engine including the recipient's private cryptographic key to verify if the certificate included in the software release package is free of modification (Para. 0088. The receiver of the message may use the public key to check that the digital signature is valid (i.e., made with a valid private key). However, a valid private key will be required to decode the entire message that has been encoded with the public key..); and a fingerprint engine that locally generates fingerprints of the source code and final binary files included in the software release package and compares fingerprints of the source code and final binary files included in the software release package against the locally generated fingerprints for use in determining that the source code and final binary files included in the software release package are trustworthy when the locally generated fingerprints and the fingerprints in the software release package match (Para. 0009. Hashes are computed using a fingerprint (e.g.. checksum, MD-5, or other mechanism) of the source code. Para. 0064. The controller 28 then inputs the source code file(s) to the source fingerprinting module 30, so as to obtain a fingerprint of the source code file(s) in accordance with a fingerprinting algorithm implemented by the fingerprinting module 30. The source fingerprinting module 30 uses an MD-5 hash algorithm, or other suitable checksum or hash function. Para. 0076, 0079. The registration data also includes timestamp information, and the hashes can be used to confirm that a particular source file and/or binary file has not been altered or changed from a registered version. 0121. The consumer system 20 may then compare the hash files obtained from the binary repository 48 with the registered hash files to ensure that the downloaded binary has not been corrupted or altered, i.e., the binary hashes match. Para. 0135. Para. 0012. a cloud service provider may readily verify that a binary file (or files) to be sent to a production server has (or have) not been altered, e.g., by comparing the hash of the binary (to send to the production server) with the associated hash for the binary file that has been registered in the blockchain.).
Salomon disclosed the claimed invention and a block in the blockchain is being interpreted as the certificate defined in par. 0040-0042 of the specification as filed. However, the analogous art Batke explicitly taught a certificate engine including the recipient's private cryptographic key to verify if the certificate included in the software release package is free of modification (Para. 0026. FIG. 2, a block diagram illustrates an example firmware signature process 200. At 210, a normal binary file is created. At 220, a digital certificate is generated that contains information relating to the firmware 210. Para. 0030-0032. The build procedure creates a certificate that includes: the hash value for the firmware image information. Validate certificate. Para. 0023. Verify the certificate against the firmware to be loaded on the target volume).
Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of Salomon by including the idea of a certificate engine including the recipient's private cryptographic key to verify if the certificate included in the software release package is free of modification as taught by Batke so that software tools can then verify the integrity of the firmware using the certificate (Batke. Para. 0006).
Regarding claim 17, Salomon-Batke combination further taught the software build tool as in claim 16, further comprising the certificate engine decrypting the certificate when the certificate is encrypted (Batke, 0058.).
Regarding claim 18, Salomon further taught the software build tool as in claim 16, the fingerprint engine comprising a fingerprint generation algorithm known to the recipient and a provider of the software release package that generates the fingerprints of the source code and the final binary files (Para. 0009. Hashes are computed using a fingerprint (e.g.. checksum, MD-5, or other mechanism) of the source code. Para. 0064. The controller 28 then inputs the source code file(s) to the source fingerprinting module 30, so as to obtain a fingerprint of the source code file(s) in accordance with a fingerprinting algorithm implemented by the fingerprinting module 30. Exact details of the fingerprinting algorithm are implementation specific and may vary, depending upon the needs of a given implementation. In the present example embodiment, the source fingerprinting module 30 uses an MD-5 hash algorithm, or other suitable checksum or hash function.).
Regarding claim 19, Salomon-Batke combination further taught the software build tool as in claim 16, the public cryptographic key being provided by a recipient or a trusted third party (Batke, Para. 0042-0043).
Regarding claim 20, Salomon further taught the software build tool as in claim 16, the build information comprising at least one of build environment information, framework information, source files identification, intermediately generated files information, final binary files information, file operations during building of the source code, or commands/operations during building of the source code (Salomon, Para. 0066.  Accordingly, the source hash returned by the source hash function 32 contains information about the workstation 12 (e.g., via the CPU ID and MAC address), the user (e.g., via the User ID), and the source files 26. The resulting source hash and associated source code files 26 are then routed by the controller 28 for storage in the source code and hash repository 46.Para. 0008. Batke, 0017).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
WO 2014/012106 A2: [0004] One popular technique in the art for detecting malicious software comprises the following steps: a. Establishing through some independent means that the application is malicious (e.g., by manually analyzing it). This step is typically carried out by a vendor of anti- malware technology. b. Constructing a signature for this piece of software. A signature comprises a set of characteristics that can be used to identify that piece of software (and pieces of software that are related to it). One example of a signature is a cryptographic hash or fingerprint. A hash is a mathematical transformation that takes the underlying binary contents of a software application and produces a relatively short string, with the idea being that two different applications will, with overwhelmingly high probability, have distinct fingerprint values. Common functions for performing this fingerprinting or hashing step include SHA-256, SHA-1, MD5, and others. A signature can also include a set of strings that are contained in the file in question. c. Publishing this signature so that it is accessible to end-users operating a general purpose computing device. d. Having the device cross reference the files it contains against the published signatures to determine if there is a match. e. Applying a set of steps or a given policy if the fingerprints match (e.g., blocking the installation of the application, removing it from the system if it is already installed, etc.). f. The above technique is geared towards situations when the signature was known ahead of time (i.e., before an actual piece of malicious or unwanted software arrived on an actual end-user system). In some cases, a piece of malware may have already infiltrated a system, and only subsequent to its infiltration will there be new evidence to suggest that the file was malicious.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Shawnchoy Rahman/Primary Examiner, Art Unit 2438