DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/30/2021 and 08/17/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.


Claims 1-3, 5, 7-10, 12, 14-16, 18 and 20 of co-pending application 16/850,525 contain every element of claims 1-2, 4, 8-9, 11, 14-15 and 17 of the instant application (see table below) and as such anticipate claims 1-2, 4, 8-9, 11, 14-15 and 17 of the instant application.
“A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “  ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
16/919,918
16/850,525
1
1 and 2, 7
2
5
4
3
8
8, 9
9
12
11
10
14
14, 15 and 20
15
18
17
16



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claims 1-3, 5-10, 12-16 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Chiang et al. (Patent No.: US 9.294,486, hereinafter Chiang) in view of Govindarajan et al. (Patent No.: US 10,243,977, hereinafter Govindarajan).
Regarding claim 1: Chiang discloses A system for a centralized network environment for processing validated executable data based on authorized hash outputs, the system comprising: 
a memory device with computer-readable program code stored thereon (Chiang - [Col. 7, Line 22-26]: The platform further comprises random access memory (RAM) or other volatile storage device 850 (alternatively referred to herein as main memory), coupled to bus 815 for storing information and instructions to be executed by processor 810); 
a communication device (Chiang - [Col. 7, Line 56-58]: Another device, which may optionally be coupled to platform 800, is a communication device 890 for accessing other nodes of a distributed system via a network); and 
a processing device operatively coupled to the memory device and the communication device (Chiang - [Col. 7, Line 21-22]: processor 810 coupled to bus 815 for processing information), wherein the processing device is configured to execute the computer-readable program code to: 
receive, from a first entity computing system, a first hash output value of a first set of executable code, wherein the first set of executable code contains unauthorized code; store the first hash output value within an authorization database (Chiang - [Col. 5, Line 54-59]: Fig. 5, File information 500 illustrates a portion of information for a received malware sample (‘file_name1’) that may be generated and stored in a private or shared database. File information 500 is shown to include a generated hash key, file name, file size and incident date. [Col. 2, Line 47-49]: cryptographic hashes of received malware samples may be stored in analysis data database 122); 
Chiang - [Col. 5, Line 42-44]: receiving a malware sample, 402, either via a user submission or through real-time analysis of incoming network traffic); 
generate a second hash output value of the second set of executable code (Chiang - [Col. 5, Line 44-47]: Fig. 4, For each malware sample that is received, a hash is generated as an identifier for received malware samples to identify previously received files);
compare the second hash output value with one or more hash values within the authorization database (Chiang - [Col. 5, Line 49-50]: Fig. 4, A comparison of previously received and analyzed malware samples is made, 404).
However Chiang doesn’t explicitly teach, but Govindarajan discloses: based on comparing the second hash output value with the one or more hash values, perform validation of the second set of executable code (Govindarajan - [Col. 6, Line 66-67 – Col. 7, Line 1-6]: determine, at decision block 328, that the signature of the file 103 a does not match any signature in the list of malicious files 114. Therefore, the method 300 may continue to decision block 334. The method 300 may include, at decision block 334, determining whether the signature matches any signature in the list of signatures of files known to be clean).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Chiang with Govindarajan so that an validation or action is performed based on the comparison result. The modification would have allowed the system to increase security. 
Regarding claim 2: Chiang as modified discloses wherein performing validation of the second set of executable code comprises: 
detecting a match between the second hash output value and the one or more hash values within the authorization database; and based on detecting the match, automatically blocking the second set of executable code from being executed on the second entity computing system (Govindarajan - [Col. 6, Line 42-54]: The method 300 may include, at decision block 328, determining whether the signature matches any signature in the list of signatures of files known to be malicious. If so (Yes at decision block 328), the method 300 may include, at block 330, identifying the network device file as a malicious file and, at block 332, performing a security action on the malicious file on the network device to protect the network device. … the performing of the security action at block 332 may include quarantining the malicious file on, or removing the malicious file from, the network device to prevent the malicious file from executing on the network device).
The reason for combine is similar as claim 1.
Regarding claim 3: Chiang as modified discloses wherein performing validation of the second set of executable code comprises: 
detecting that the second hash output value does not match any of the one or more hash values within the authorization database; and initiating a process to evaluate the second set of executable code for malware (Govindarajan - [Col. 7, Line 4-8]: at decision block 334, determining whether the signature matches any signature in the list of signatures of files known to be clean. If so (Yes at decision block 334), the method 300 may include, at block 336, identifying the network device file as a clean file).
The reason for combine is similar as claim 1.
Regarding claim 5: Chiang as modified discloses wherein computer-readable program code further causes the processing device to: 
detecting that the first set of executable code contains malware; and transmitting a notification to the second entity computing system, wherein the notification comprises the first hash output value (Chiang - [Col. 3, Line 44-49]: Using malware analysis tool 110, a client device on a host network may submit a malware sample and, after a short delay, begin receiving malware-related signatures for network, file system, registry, etc. to assist in determining remediation steps, either from malware analysis modules executing in real time, or from module results database 122).
Regarding claim 6: Chiang as modified discloses wherein the unauthorized code is malware (Chiang - [Col. 2, Line 25]: malware is typically received as a binary executable).
Regarding claim 7: Chiang as modified discloses wherein the malware is a logic bomb (Govindarajan - [Col. 3, Line 39-42]: A malicious file may be, but is not limited to, a file that contains one or more of spyware, a virus, a worm, a logic bomb).
prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Chiang with Govindarajan so that the malware includes a logic bomb The modification would have allowed the system to detect the logic bomb for security enhancement. 
Regarding claims 8-10 and 12-13: Claims are directed to computer program product/computer readable medium claims and do not teach or further define over the limitations recited in claims 1-3 and 5-6. Therefore, claims 8-10 and 12-13 are also rejected for similar reasons set forth in claims 1-3 and 5-6. 
Regarding claims 14-16 and 18-20: Claims are directed method claims and do not teach or further define over the limitations recited in claims 1-3 and 5-7. Therefore, claims 14-16 and 18-20 are also rejected for similar reasons set forth in claims 1-3 and 5-7. 

Claims 4, 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Chiang et al. (Patent No.: US 9.294,486, hereinafter Chiang) in view of Govindarajan et al. (Patent No.: US 10,243,977, hereinafter Govindarajan) and Lee et al. (Pub. No.: US 2013/0014260, hereinafter Lee).
Regarding claims 4, 11 and 17: Chiang as modified doesn’t explicitly teach but Lee discloses wherein performing validation of the second set of executable code comprises: 
detecting that the second hash output value does not match any of the one or more hash values within the authorization database; and allowing the second set of executable code to be executed on the second entity computing system (Lee - [0035]: the file inspection unit 104 determines the executable file as a normal file without calculating an additional DNA value, and allows the executable file to be executed).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Chiang and Govindarajan with Lee so that the execution of a file is allowed if the file is not a malware. The modification would have allowed the system to be more secure. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Grabois et al. (Pub. No.: US 2020/0167491) - Data protection and threat detection 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437