Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
DETAILED ACTION
This communication is in respond to applicant’s Request for Continued Examination filed on 1/05/2022.
Status of claims
Claims 1-14 are pending. Claims 1-3 and 5-13 are allowed.
Terminal Disclaimer

The terminal disclaimer filed on 09/15/2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of the US Patents No. 10,614,252 and 9754130 have been reviewed and are accepted. The terminal disclaimer has been recorded.
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 FR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given during via email on 1/18/2022 by the applicant Mr. Guanyao Cheng. 

Claim 1 (Currently Amended):	A method comprising:
	generating a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer;

	using the distributed hash table to store a plurality of databases to the P2P network, wherein each of the databases contains master records of properties of system files for different types of hosts computing devices, and wherein the respective file properties contained within the databases are stored to different ones of the nodes of the P2P network in accordance with the distributed hash table; and
	performing, by a first node of the P2P network, an integrity check of a second node of the P2P network to detect whether the second node is a compromised node by at least
accessing, by the first node and using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from portions of the database stored on a plurality of different nodes of the P2P network and comparing, by the first node, file properties of a system file of an operating system currently executing on the second node of the P2P network with the retrieved file properties contained within the database distributed throughout the P2P network to detect whether the system file of the operating system currently executing on the second node of the P2P network has been compromised.

Claim 2 (Original):	The method of claim 1, wherein storing the database further comprises:
performing a plurality of different content-hash functions on each of the file properties of the system files to produce a plurality of hash values for each of the file properties;
	re-hashing each of the plurality of hash values with a hash function associated with the distributed hash table to generate respective keys that map each of the plurality of hash values for each of the file properties into a key space of the distributed hash table; and
	selecting nodes of the P2P network as storage nodes to store the plurality of 

Claim 3 (Previously Presented):	The method of claim 1, wherein performing the integrity check comprises:
	outputting, by the first node, a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node;

receiving, by the first node, the file properties of the system files for the operating system currently executing on the second node;
comparing, by the first node, the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network;
	determining, by the first node, that the system files for the operating system currently executing on the second node have been compromised; and
	initiating, by the first node, a counter-measure on the second node.

Claim 4 (Canceled).

Claim 5 (Currently Amended):	The method of claim [[4]] 1,
	wherein the master records contained within the databases stored to the P2P network contain master records for different versions of the same system file,
	the method further comprising detecting a system update, patch, or upgrade as part of a valid distribution to one of the nodes of the P2P network by accessing the database storing the master records for the one of the nodes of the P2P network, and reducing a severity-level of a corresponding alert upon confirming that a new or changed file on the one of the nodes of the P2P network is a valid part of the distribution.


	a communications network; and
	a plurality of peer nodes coupled by the communications network to form a peer-to-peer (P2P) network, wherein each of the peer nodes includes a local storage area, and
wherein a first node of the P2P network comprises:
a microprocessor;
a distributed hash table service executing on the microprocessor that is configured to apply a distributed hash table to provide a lookup service to identify locations for objects within the local storage areas of the peer nodes, generate a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer, , and uses the distributed hash table to store a plurality of databases to the P2P network, wherein each of the databases contains master records of properties of system files for different types of hosts computing devices, and wherein the respective file properties contained within the databases are stored to different ones of the nodes of the P2P network in accordance with the distributed hash table; and
an integrity checker software executing on the microprocessor that is configured to perform an integrity check of a second node of the P2P network to detect whether the second node is a compromised node by at least accessing, by the first node and using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from portions of the database stored on a plurality of different nodes of the P2P network and comparing, by the integrity checker software, file properties of the system file of the operating system currently executing on the second node of the P2P network with the file properties contained within the database distributed throughout the P2P network to detect whether the system file of the operating system currently executing on the second node of the P2P network has been compromised.

Claim 7 (Original):	The system of claim 6, wherein the distributed hash table service is further configured to:
perform a plurality of different content-hash functions on each of the properties of the database to produce a plurality of hash values for each of the properties;
re-hash each of the plurality of hash values with a hash function associated with the distributed hash table to generate respective keys that maps each of the plurality of hash values for each of the properties into a key space of the distributed hash table; and
	select peer nodes as storage nodes to store the plurality of hash values of each of the file properties based on the generated keys.

Claim 8 (Original):	The system of claim 6, further comprising a scheduler that periodically invokes the integrity checker software to perform an integrity check using the distributed hash table.

Claim 9 (Original):	The system of claim 6, wherein the set of valid system files is associated with a different one of the peer nodes than the first node on which the integrity checker software executes.

Claim 10 (Previously Presented):	The system of claim 6, wherein the integrity checker software is further configured to:
	output a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node;

receive the file properties of the system files for the operating system currently executing on the second node;
compare the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network;

initiate a counter-measure on the second node.

Claim 11 (Currently Amended):	A non-transitory computer-readable storage medium comprising instructions that, when executed, cause a processor of a first node of a peer-to-peer (P2P) network to:
	generate a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer;
	store the database in a distributed manner throughout the P2P network of nodes using a distributed hash table to select the nodes of the P2P network such that two or more nodes of the P2P network store different portions of the database; 
use the distributed hash table to store a plurality of databases to the P2P network, wherein each of the databases contains master records of properties of system files for different types of hosts computing devices, and wherein the respective file properties contained within the databases are stored to different ones of the nodes of the P2P network in accordance with the distributed hash table; and
	perform an integrity check of a second node of the P2P network to detect whether the second node is a compromised node by at least accessing, by the first node and using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from portions of the database stored on a plurality of different nodes of the P2P network and comparing, by the first node, file properties of the system file of the operating system currently executing on the second node of the P2P network with the file properties contained within the database distributed throughout the P2P network to detect whether the system file of the operating system currently executing on the second node of the P2P network has been compromised.

Claim 12 (Original):	The non-transitory computer-readable storage medium of claim 11, wherein the instructions that cause the processor to store the database comprise instructions that, when executed, cause the processor to:

	re-hash each of the plurality of hash values with a hash function associated with the distributed hash table to generate respective keys that map each of the plurality of hash values for each of the file properties into a key space of the distributed hash table; and
	select nodes of the P2P network as storage nodes to store the plurality of hash values for each of the file properties based on the generated keys.

Claim 13 (Previously Presented):	The non-transitory computer-readable storage medium of claim 11, wherein the instructions that cause the processor to perform the integrity check comprise instructions that, when executed, cause the processor to:
	output a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node;

receive the file properties of the system files for the operating system currently executing on the second node;
compare the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network;
	determine that the system files for the operating system currently executing on the second node have been compromised; and
	initiate a counter-measure on the second node.

Claim 14 (Canceled).


REASON FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: None of the 
The dependent claims further limit the independent claims and are considered allowable on the same basis as the independent claims as well as for the further limitations set forth.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EVANS DESROSIERS whose telephone number is (571)270-5438.  The examiner can normally be reached on Monday -Thursday 7:00 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B. Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/EVANS DESROSIERS/Primary Examiner, Art Unit 2491