Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  Claims 1, 8 and 14 are amended.  Claims 1-20 are pending.
Information Disclosure Statement
2.	The information disclosure statement (IDS) submitted on 11/30/2021 and 2/18/2022 are being considered by the examiner.
Response to Arguments
3.	Applicant's arguments filed on 2/18/2022 have been fully considered but they are not persuasive. 
	Applicant argues that the cited prior art, Palekar and Griggs, “singularly or in combination do not teach or suggest the following recitations of the independent claims (1) generating a diagnostic report, wherein the diagnostic report, wherein the diagnostic report indicates that a user who attempted to import executable code is on an unsecure remote network; and (2) forwarding the diagnostic report to one or more users along with a request to connect using a authorized secure network in order to import executable code, specifically.”
 	
“With regard to generating a diagnostic report, the Office cited Palekar at paragraph [0044] as teaching generating a diagnostic report and forwarding the diagnostic report and forwarding the diagnostic report to one or more users (Office Action, page 6).  The cited portion of Palekar recites “if the trust level is not high then the flow diagram continues along the “No” flow up to box 245, which notifies the user that the configuration file 105 is of medium or low level of trust.” (Palekar, paragraph [0044]).  However, at not point palekar teach or suggest generating a diagnostic report, wherein the diagnostic report indicates that a user who teach or suggest generating a diagnostic report wherein forwarding the diagnostic report to one or more users along with a request to connect using an authorized secure network in order to import executable code, specifically.”

 	Examiner respectfully disagrees.  The amended claimed limitation:
(1) generating a diagnostic report, wherein the diagnostic report indicates that a user who attempted to import the executable code is on an unsecure remote network”.


 	Examiner notes that the cited limitation,  Paragraph [0044] describes:

	[0040] Next, the unencrypted hash typically located within the configuration file 105 is decrypted in box 220. Note that the encrypted hash is typically generated by the publishing source 125 upon creation of the configuration file 105. Next, in decision block 230 it is determined whether or not the hash (or other representations) match If they do not match, the flow chart 200 follows to the left into box 225 to notify the user that the configuration file 105 has been tampered with. Note that such notification may be in many various forms such as, e.g., a dialog box may be presented to the user indicating an error, the process my automatically abort, or any other various known mechanisms that provides feedback to the user for such error are contemplated herein.

	[0044] As noted in decision block 235 of flow chart 200, it is determined whether or not the trust level is high for deciding whether to block the configuration file, prompt the user with an appropriate notification describing the nature of the configuration file 105, or seamlessly allow the configuration file 105 to be used. In one embodiment, if the trust level is high the flow diagram proceeds to box 240 to allow use of the configuration file 105 for connecting to the remote server 145. As an alternative to such seamless connection, if the trust level is not high then the flow diagram continues along the "No" flow up to box 245, which notifies the user that the configuration file 105 is of medium or low level of trust.

 	In the above paragraphs,  Palekar discloses comparing  and validate the integrity of configuration files utilizing hash (e.g. paragraph 0032).  Palekar further discloses a notification system to notify the user that the configuration file has been tampered with and/or presented to the user indicating any error, the process may automatically abort, or any other various known mechanisms that provide feedback to the user for such error are contemplated. (e.g. paragraph 0040); or prompt the user with an appropriate notification describing the nature of the configuration file and/or allow the configuration file connecting to the remote server (e.g. paragraph 0044). 
 	In the scenario when the configuration file is determined to be tamper, Palekar would not allow the configuration file connecting the remote server.  Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement the notification system to notify user of error or tampered file or appropriate response or feedback to the user when certain condition occurs.  Moreover, . 

 				Claim Rejections - 35 USC § 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Palekar et al. (U.S. Patent Application Publication No. 2007/0260738, hereinafter Palekar) in view of Griggs et al. (U.S. Patent Application Publication No. 2014/0114857, hereinafter Griggs).
With respect to claim 1, Palekar discloses a system for secure execution of program code within a virtual environment using cryptographic hashes, the system comprising: 
a memory device with computer-readable program code stored thereon; a communication device; and a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program code to: 
import executable code into a virtual environment instance; execute, within the virtual environment instance, one or more processes on the set of executable code; based on executing the one or more processes, perform validation of the set of executable code and generate a validation code (e.g. Palekar, paragraphs 0021, “…address some of the problems associated with compromised configuration files that are used in remote sessions of a virtual computing system environment…”; paragraph 0022, “the ability for a client in a client/server application to validate the integrity of a subset of settings in a configuration file; the ability of a server in a server/client application to control access to computing resources based on the integrity of the client’s settings in the client’s configuration file…”; Note: “configuration file” is equate to “execution code”) 
import target computing system configuration details for a target computing system; process the credentials using a data transformation algorithm to generate a data transformation output; and store the data transformation output in the validation database (e.g. Palekar, paragraphs 0031, “When the configuration file 105 is received…the integrity of the secure settings 110 may be verified…the secure settings 110 have been hashed and signed, a hash of the secure settings within the configuration file…”); comparing device configuration details or execution code version details to determine one or more mismatch details; generate a diagnostic report, wherein the diagnostic report indicates that a user who attempted to import the executable code is on an unsecure remote network; and forward the diagnostic report to one or more import executable code, specifically (e.g. paragraphs 0040, 0041 and 0044, “…it is determined whether or not the hashes (or other representations) match.  If they do not match…notify the user that the configuration file 105 has been tampered with…presented to the user indicating an error, the process may automatically abort, or any other various known mechanisms that provides feedback to the user…”; “…it is determined…whether to block the configuration file, prompt the user with an appropriate notification describing the nature of the configuration file…seamlessly allow the configuration file…for connecting to the remote server…)
Palekar does not explicitly discloses “generate credentials for the executable code based on the validation code and target computing system configuration details”.  However, Griggs discloses a similar feature (e.g. Griggs, paragraphs 0083, 0127 and 0129, “The credential value may be generated based on an evaluation of the received plurality of data elements and may comprise a yes/no matching verification process, calculation of a validation score, or creation of a hash value that could be passed through existing fields in authorization message and could be validated by the payment processor network or issuer…”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to implement Griggs’ credential generation based on different evaluation of plurality of data elements in the verification process with Palekar’s verification of configuration information to ensure the credential information authenticate the integrity of the configuration file. 
 	With respect to claim 2, Palekar and Griggs disclose the system according to claim 1, wherein the computer-readable program code further causes the processing device to: receive a request from a user to execute a second set of executable code; process the second set of executable code using the data transformation algorithm to generate a second data transformation output; compare the second data transformation output to one or more entries in the validation database; and block the second data transformation output based on comparing the second data transformation output with the one or more entries in the validation database (e.g. paragraphs 0032 and 0034). 
detecting that there is no match between the second data transformation output and any cryptographic hash value within the one or more entries in the validation database; and based on detecting that there is no match, blocking execution of the second set of executable code on the target computing system (e.g. Palekar, paragraph 0050).  	With respect to claim 4, Palekar and Griggs disclose the system according to claim 3, wherein the computer-readable program code further causes the processing device to display a denial indicator to a user via a user interface, wherein the denial indicator indicates that the second set of executable code is not authorized to be executed on the target computing system (e.g. Palekar, paragraphs 0009 and 0040).  	With respect to claim 5, Palekar and Griggs disclose the system according to claim 2, wherein the validation database is an authorized hash database, wherein comparing the second data transformation output to one or more entries in the validation database comprises:  
determining that the second data transformation output does not match any of the one or more entries in the authorized hash database; and automatically blocking execution of the second set of executable code on a target computing system (e.g. Palekar, paragraphs 0009 and 0032) . 
detecting a match between the second data transformation output and a cryptographic hash value within the one or more entries in the unauthorized hash database; and based on detecting the match, automatically blocking execution of the second set of executable code on a target computing system (e.g. Palekar, paragraph 0044).  	With respect to claim 7, Palekar discloses the system according to claim 4, wherein the computer-readable program code further causes the processing device to compare device configuration details or executable code version details to determine mismatch details; generate a diagnostic report; and forward the diagnostic report to one or more users (e.g. paragraphs 0044). 
With respect to claims 8-20, the claims are computer program product and method claims that are similar to system claims 1-7.  Therefore, claims 8-20 are rejected based on similar rationale.

Conclusion
5.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONGOC TRAN whose telephone number is (571)272-3843. The examiner can normally be reached 9-5 Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for 




/TONGOC TRAN/
Primary Examiner, Art Unit 2434