DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This office action is in response to the arguments/remarks filed on 02/28/2022. Claim 1 is amended. Claims 1 – 20 are pending for consideration.

Response to Arguments
In view of the Applicant’s response in Arguments/Remarks filed on 02/28/2022 (hereafter Remarks) claim rejection under 112 is withdrawn. 
Applicant’s arguments regarding rejection under 103 are fully considered but they are moot in view of new ground of rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1 – 3, 14, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rodriguez Bravo et al. (US 2020/0073651) (hereafter Rodriguez), in view of Chakravorty et al. (US 11113410) (hereafter Chakravorty), and in view of Dalvi et al. (US 2021/0173929) (hereafter Dalvi).

Regarding claim 1 Rodriguez teaches: A software validation computing platform coupled to an anonymous public distributed ledger having a first public block and a second public block, the computing platform comprising (Examiner note: the public cloud infrastructure comprises public distributed ledger structure) (Rodriguez, in Para. [0076] discloses “the cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services”):
at least one processor (Rodriguez, in Para. [0039] discloses “Server computer 150 can include processor(s) 154, memory 158, including random access memory (RAM) 160 and cache memory 162, persistent storage 170, communications unit 152, input/output (I/O) interface(s) 156 and communications fabric 140”);
a communication interface communicatively coupled to the at least one processor (Rodriguez, in Para. [0081] discloses “A network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium”) and the anonymous public distributed ledger (Rodriguez, in Para. [0076] discloses “The database may be maintained in the form of a distributed ledger or blockchain.”);
c. a private distributed ledger communicatively coupled to the communication interface (Rodriguez, in Para. [0014] discloses “The blockchain may comprise a private blockchain ledger where the identities of the participants are known to each other.”);
d. memory, storing platform computer-readable instructions (Rodriguez, in Para. [0040] discloses “Memory 158 and persistent storage 170 are computer readable storage media.”) that, when executed by the at least one processor, cause the computing platform to: 
i. generate, by the at least one processor, an authentic cryptographic hash of authentic software known to be malware free (Examiner note: hash generation of the malware-free software is met by the hash generation of the validated, i.e., malware-free software) (Rodriguez, in Para. [0022] discloses “A hash function such as: Sha-1, Sha-2 or Sha-256 provides the hash value of the software package. Once the package has been received, the vehicle requests validation from at least one network validator to ensure that the received software is valid.”);
ii. store, in a first private block in the private distributed ledger, the authentic cryptographic hash corresponding to the authentic software and first indicia sufficient to identify the authentic software (Examiner note: storage in a first private block is met by the storage in persistent storage 170; authentic software comprising the first indicia for identification is met by the software distribution program comprising all parameters of the execution programs) (Rodriguez, in Para. [0043] discloses “Software distribution programs, and other programs and data used for implementation of the present invention, may be downloaded to persistent storage 170” Rodriguez, in Para. [0037] discloses “Validator software distribution program 117, vehicle software distribution program 115 and software distribution program 175 may be individually distinct programs or may be a common program comprising multiple execution aspects to accommodate the activities of the server (administrative), validator and vehicle nodes.”);
iii. [anonymously store, in the first public block in the anonymous public distributed ledger the authentic cryptographic hash corresponding to the authentic software] 
Rodriguez fails to explicitly teach: anonymously store, in the first public block in the anonymous public distributed ledger the authentic cryptographic hash corresponding to the authentic software
Chakravorty, from the analogous technical field teaches: anonymously store, in the first public block in the anonymous public distributed ledger (Chakravorty, in col. 4, ll. 34-40 discloses “The methods also allows for an anonymous and secure distribution, since the data item is encrypted off-sight before storing in the data set and before updating the blockchain. The blockchain enables a decentralized, secure, anonymous and traceable distribution of the data item over the internet or in a network.”) the authentic cryptographic hash corresponding to the authentic software (Chakravorty, in col. 3, ll. 47-49 discloses “the objects are achieved by a method for controlling the distribution of a data item using a data set, or hash table, and a blockchain”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Rodriguez, in view of the teaching of Chakravorty, which discloses anonymous distribution and storage of data in a blockchain or network in order to enable full authentication capabilities by the relevant unit (Chakravorty, in col. 3, ll. 47-49, col. 4, ll. 34-40).
Rodriguez, as modified by Chakravorty, further teaches: and the first indicia sufficient to identify the authentic software; (Examiner note: authentication and identification of stored software is met by the validation and providing the storage/download site ID of the stored/downloaded software) (Rodriguez, in Para. [0022] discloses “The software package is provided together with the ID of the download site, a time stamp and other metadata including site location. A hash of the package is provided to facilitate validation of the downloaded software.”)
iv. receive, from a data source, unknown software to be evaluated (Rodriguez, in Para. [0022] discloses “Once the package has been received, the vehicle requests validation from at least one network validator to ensure that the received software is valid.”); 
[v. store, in a quarantine sector of the memory, the unknown software;] 
vi. load, from the first private block in the private distributed ledger to a first sector in the memory, the authentic cryptographic hash (Rodriguez, in Para. [0022] discloses “the vehicle may determine that the appropriate software is already resident in the vehicle system storage or download the updated software directly from a providing node” Rodriguez, in Para. [0018] discloses “providing nodes may update their ledger entries to include information about new software versions, a hash of the new software version”);
vii. generate, by the at least one processor, a test cryptographic hash of the unknown software (Examiner note: test cryptographic hash is met by a hash of a new software version) (Rodriguez, in Para. [0018] discloses “providing nodes may update their ledger entries to include information about new software versions, a hash of the new software version”);
viii. store, in a second sector of the memory, the test cryptographic hash corresponding to the unknown software (Rodriguez, in Para. [0044] discloses “Software and data used to practice embodiments of the present invention, e.g., software distribution program 175 on server computer 150, can be stored on such portable computer readable storage media and can be loaded onto persistent storage 170” Rodriguez, in Para. [0016] discloses “the providing entity ledger entries include the block number, time stamp, entity id, chain code data, as well as designation and version information for the available software based upon vehicle type presented as a data hash of the software.” Rodriguez, in Para. [0043] discloses “Software distribution programs, and other programs and data used for implementation of the present invention, may be downloaded to persistent storage 170”);
ix. compare, by the at least one processor, the authentic cryptographic hash for the authentic software in the first sector of the memory to the test -41-cryptographic hash for the unknown software in the second sector of the memory; and (Rodriguez, in Para. [0015] discloses “One or more validators may provide validation by comparing the hash of the package provided by the vehicle, along with the package metadata, with information from the repository. This includes comparing the submitted data hash with a hash of the data the validator has made after downloading the package from the download source, or with a hash of the package downloaded from the source, as well as comparing the date and time information submitted by the vehicle with download records of the repository”)
x. if the authentic cryptographic hash and the test cryptographic hash match (Examiner note: the case when the software hashes match is met by the case when the software is noted as valid as the result of the above comparative analysis) (Rodriguez, in Para. [0032] discloses “Peers then validate the downloaded software by comparing the download meta-data in the proposed transaction with download meta data from the identified originating download site.”):
1. [copy, from the quarantine sector of the memory to an authorized sector of the memory, the unknown software;]  
2. execute, by the at least one processor, the unknown software in the authorized sector of the memory (Rodriguez, in Para. [0036] discloses “the peer executes programmed instructions to validate the transaction using transaction information and information obtained from a download site identified in the transaction.” Rodriguez, in Para. [0015] discloses “Transactions found to be valid are memorialized in the blockchain ledger with the ledger entry communicated to the vehicle for subsequent use determining when another update is required.” Rodriguez, in Para. [0018] discloses “providing nodes may update their ledger entries to include information about new software versions, a hash of the new software version”);
xi. if the authentic cryptographic hash and the test cryptographic hash do not match (Examiner note: the case when the software hashes do not match is met by the case when the software is noted as invalid as the result of the above comparative analysis) (Rodriguez, in Para. [0033] discloses “The peers receive the ordered transaction, authenticate and validate it and commit the transaction by writing it to the state of the ledger. Invalid transactions are not validated, and though noted as invalid, they are not written to the state of the ledger”):
[1. copy, from the quarantine sector of the memory to a sandbox, the unknown software;  
2. execute, by the at least one processor, the unknown software in the sandbox;  
3. determine, by the at least one processor, whether the unknown software contains malware;]  
4. if the unknown software is malware free: (Examiner note:  the malware-free software is met by the validated, i.e., determined as a malware-free, software) (Rodriguez, in Para. [0022] discloses “Once the package has been received, the vehicle requests validation from at least one network validator to ensure that the received software is valid.”);
a. store, in a second private block in the private distributed ledger, the test cryptographic hash for the unknown software along with a certified event record that the unknown software is malware free and second indicia sufficient to identify the unknown software (Examiner note: as noted above, the malware-free software is met by the valid software) (Rodriguez, in Para. [0073] discloses “Once the software is present, a validation of the new software is requested by vehicle software distribution program 115 at step 406. This step is taken to ensure that the vehicle utilizes only valid software packages”);
b. anonymously store, in the second public block in the anonymous public distributed ledger, the test cryptographic hash for the unknown software along with the certified event record that the unknown software is malware free and the second indicia sufficient to identify the unknown software (Rodriguez, in Para. [0024] discloses “validating nodes compare the new hash and metadata associated with the transaction provided by the requesting vehicle with the corresponding information at the download site. A favorable comparison the data values are identical-results in a selective endorsement of the transaction, and a new ledger entry being written for the vehicle completing the smart contract and indicating that the update is valid.”);
c. [copy, from the quarantine sector of the memory to the authorized sector of the memory, the unknown software]; 
d. execute, by the at least one processor, the unknown software in the authorized sector of the memory (Rodriguez, in Para. [0036] discloses “Responsive to the validation, the peer node executes programmed instructions to communicate the successful validation to the client node.”);
-42-5. if the unknown software contains malware: 
store, in the second private block in the private distributed ledger, the test cryptographic hash for the unknown software along with an uncertified event record that the unknown software contains malware and the second indicia sufficient to identify the unknown software (Rodriguez, in Para. [0023] discloses “validation request may take the form of a ledger entry submitted by the vehicle. Table 1 contains exemplary data fields from such a ledger entry including the vehicles previous package hash, the new package hash, the vehicle id and digital signature”);
anonymously store, in the second public block in the anonymous public distributed ledger, the test cryptographic hash for the unknown software along with an uncertified event record that the unknown software contains malware and the second indicia sufficient to identify the unknown software; (Rodriguez, in Para. [0026] discloses “after a request for validation fails, the smart contract of the ledger entry request written by the vehicle yields a notice of validation failure to the vehicle rather than notice of success. After receiving the failure notice, the vehicle may download the regulatory package again and submit a new smart contract ledger entry request seeking validation of the new package.”); 


[and prevent, by the at least one processor, execution of the unknown software outside of the quarantine sector of the memory.]
Rodriguez, as modified by Chakravorty, fails to explicitly teach: 
v. store, in a quarantine sector of the memory, the unknown software;
copy, from the quarantine sector of the memory to an authorized sector of the memory, the unknown software
1. copy, from the quarantine sector of the memory to a sandbox, the unknown software;  
2. execute, by the at least one processor, the unknown software in the sandbox;  
3. determine, by the at least one processor, whether the unknown software contains malware;
copy, from the quarantine sector of the memory to the authorized sector of the memory, the unknown software
and prevent, by the at least one processor, execution of the unknown software outside of the quarantine sector of the memory
Dalvi from the analogous technical field teaches:
v. store, in a quarantine sector of the memory, the unknown software (Examiner note: VM stands for a virtual machine; storage in a quarantine sector is met by quarantining the malware) (Dalvi, in Para. [0003] discloses “If the application displays malicious behavior, it can be quarantined or removed from the endpoint.”);
copy, from the quarantine sector of the memory to an authorized sector of the memory, the unknown software (Examiner note: this limitation is met when the software does not contain malware and the hash comparison analysis shows not match, as noted above for the case xi.) (Dalvi, in Para. [0033] discloses “The software can be quarantined for further analysis, and so on.” Dalvi, in Para. [0019] discloses “If the downloaded software cannot be determined to be benign or malicious, the download agent 132 can submit the software to a sandbox for validation.”)
copy, from the quarantine sector of the memory to a sandbox, the unknown software (Dalvi, in Para. [0019] discloses “If the downloaded software cannot be determined to be benign or malicious, the download agent 132 can submit the software to a sandbox for validation.”);
2. execute, by the at least one processor, the unknown software in the sandbox (Dalvi, in Para. [0021] discloses “sandbox VM 124 can receive the downloaded software from target VM 122 and execute the software in a safe and controlled environment (sandbox environment) provided by the sandbox VM.”)
3. determine, by the at least one processor, whether the unknown software contains malware (Dalvi, in Para. [0021] discloses “Malicious behavior can be detected, for example, by monitoring file access activity, changes made to the system configuration”);
copy, from the quarantine sector of the memory to the authorized sector of the memory, the unknown software (Dalvi, in Para. [0043] discloses “At 512, in response to a determination (at 508) that malicious behavior was not detected, the sandbox server can record the parameters of the trapped system call(s) in an execution report that is associated with the downloaded software.” Dalvi, in Para. [0024] discloses “Using execution report 136, anti-malware engine 116 can assess the trapped operation and issue a Yes/No signal (or other suitable indicator) to target VM 122, allowing the target VM to take appropriate action. If a positive indication is provided, operation can be deemed to be benign and target VM 122 can execute the trapped operation.”)
and prevent, by the at least one processor, execution of the unknown software outside of the quarantine sector of the memory (Examiner note: Note that this section falls under 4e case above which states that the unknown software contains malware which falls under the 112 issue as item 4 requires items under it to be malware free, see examiner comments above) (Dalvi, in Para. [0021] discloses “When any malicious behavior is detected, sandbox VM 124 can signal that the downloaded software is malware so that appropriate action can be taken, such as having the malware quarantined, deleted, or otherwise processed accordingly.” Dalvi, in Para. [0033] discloses “The software can be quarantined for further analysis, and so on.”);
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Rodriguez, as modified by Chakravorty, in view of the teaching of Dalvi which discloses software validation using sandbox technology followed by appropriate actions with detected malicious and malware-free software in order to higher system protection against malware (Dalvi, [0003, 0019, 0021, 0027, 0033]).

Regarding claim 2 Rodriguez, as modified by Chakravorty and Dalvi, teaches: The software validation computing platform of claim 1 further comprising a plurality of validation servers each having: 
a. at least one validation processor (Rodriguez, in Para. [0039] discloses “Server computer 150 can include processor(s) 154, memory 158, including random access memory (RAM) 160 and cache memory 162, persistent storage 170, communications unit 152, input/output (I/O) interface(s) 156 and communications fabric 140”);
b. a validation communication interface communicatively coupled to the at least one validation processor and the private distributed ledger; and (Examiner note: each ledger entry is associated with a relevant validation server per software distribution programs 115 and/or 175 which meets plurality of validation servers) (Rodriguez, in Para. [0027] discloses “a vehicle ledger entry may include a plurality of regulatory software entries each associated with a unique geopolitical zone. In this embodiment, each entry comprises the last validated package.” Rodriguez, in Para. [0029] discloses “a network comprises nodes including an ordering service, peers, and clients each capable of wireless network communications with the other network nodes. The ordering service provides communication services between nodes including sequencing proposed transactions for broadcast to peer nodes such that each peer node reviews all proposed transactions in the same order as all other peer nodes.”)   
c. a validation memory storing validation computer-readable instructions that, when executed by the at least one validation processor, cause the validation software to: (Rodriguez, in Para. [0073] discloses “Once the software is present, a validation of the new software is requested by vehicle software distribution program 115 at step 406. This step is taken to ensure that the vehicle utilizes only valid software packages.”)  
i. independently validate, by the at least one validation processor, the test cryptographic hash prior to the anonymous storing of the test cryptographic hash in the second public block of the anonymous public distributed ledger (Rodriguez, in Para. [0022] discloses “A hash function such as: Sha-1, Sha-2 or Sha-256 provides the hash value of the software package. Once the package has been received, the vehicle requests validation from at least one network validator to ensure that the received software is valid.”);
ii. determine, by the at least one validation processor in response to the independent validation, whether a majority of the plurality of validation servers agree that the test cryptographic hash is valid; and (Rodriguez, in Para. [0015] discloses “One or more validators may provide validation by comparing the hash of the package provided by the vehicle, along with the package metadata, with information from the repository. This includes comparing the submitted data hash with a hash of the data the validator has made after downloading the package from the download source, or with a hash of the package downloaded from the source, as well as comparing the date and time information submitted by the vehicle with download records of the repository”)  
1. if the plurality of validation servers agree that the test cryptographic hash is valid:
a. store, in a second private block in the private distributed ledger, the test cryptographic hash for the unknown software along with a certified event record that the unknown software is malware free and second indicia sufficient to identify the unknown software (Rodriguez, in Para. [0043] discloses “Software distribution programs, and other programs and data used for implementation of the present invention, may be downloaded to persistent storage 170”);
b. anonymously store, in the second public block in the anonymous public distributed ledger (Examiner note: anonymously storage of hash and corresponding software is met by storing instructions and software in the storage 170 unit by default, i.e. without identification of the source) (Rodriguez, in Para. [0041] discloses “Program instructions and data used to practice embodiments of the present invention, e.g., the software distribution program 175, are stored in persistent storage 170 for execution and/or access by one or more of the respective processor(s) 154 of server computer 150 via cache 162.”), the test cryptographic hash for the unknown software along with the certified event record that the unknown software is malware free and the second indicia sufficient to identify the unknown software; and  (Rodriguez, in Para. [0024] discloses “validating nodes compare the new hash and metadata associated with the transaction provided by the requesting vehicle with the corresponding information at the download site. A favorable comparison the data values are identical-results in a selective endorsement of the transaction, and a new ledger entry being written for the vehicle completing the smart contract and indicating that the update is valid.” Rodriguez, in Para. [0044] discloses “Software and data used to practice embodiments of the present invention, e.g., software distribution program 175 on server computer 150, can be stored on such portable computer readable storage media and can be loaded onto persistent storage 170”)
2. if the plurality of validation servers do not agree that the test cryptographic has is valid, disregard, by the at least one validation processor, the test cryptographic hash (Rodriguez, in Para. [0033] discloses “The peers receive the ordered transaction, authenticate and validate it and commit the transaction by writing it to the state of the ledger. Invalid transactions are not validated, and though noted as invalid, they are not written to the state of the ledger.” Rodriguez, in Para. [0036] discloses “The new ledger state includes the new transaction as well as a hash of the previous state of the ledger.” Rodriguez, in Para. [0036] discloses “a system generally noted as 100, comprises a server subsystem 102 and a plurality of networked client devices including vehicles 104, 106, 108, 110, and validator 112.”).

Regarding claim 3 Rodriguez, as modified by Chakravorty and Dalvi,  teaches: The software validation computing platform of claim 2 wherein the comparison, by the at least one processor, of the authentic cryptographic hash for the authentic software in the first sector of the memory to the test cryptographic hash for the unknown software in the second sector of the memory determines if the unknown software is an unauthorized copy of the authentic software (Examiner note: authentication of a software copy is met by validation of a copy of the relevant ledger) (Rodriguez, in Para. [0033] discloses “the peers create a validated ledger, wherein only valid transactions are added to the validated ledger; notations regarding invalid transactions are not part of the validated ledger. The ordering service may also maintain a copy of the ledger.” Rodriguez, in Para. [0071] discloses “The vehicle data may include the vehicle's current and destination locations as well as information relating to the current use of the vehicle, the vehicle occupants, current regulatory software packages, and other vehicle characteristics. The data may be maintained in a blockchain ledger entry, a copy of which may be held by the vehicle.”).

Regarding claim 14, claim 14 discloses a media that is substantially equivalent to the platform of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 14 and rejected for the same reasons.

Regarding claim 19, claim 19 discloses a method that is substantially equivalent to the platform of claim 1. Therefore, the arguments set forth above with respect to claim 1 are equally applicable to claim 19 and rejected for the same reasons.

Regarding claim 20, claim 20 dependent on claim 19 discloses a method that is substantially equivalent to the platform of claim 3 dependent on claim 2. Therefore, the arguments set forth above with respect to claim 3 are equally applicable to claim 20 and rejected for the same reasons.

Claims 4 – 13 and 15 – 18 are rejected under 35 U.S.C. 103 as being unpatentable over Rodriguez Bravo et al. (US 2020/0073651) (hereafter Rodriguez), in view of Chakravorty et al. (US 11113410) (hereafter Chakravorty), in view of Dalvi et al. (US 2021/0173929) (hereafter Dalvi), and in view of Wilkinson et al. (US 2019/0333056) (hereafter Wilkinson).

Regarding claim 4 Rodriguez, as modified by Chakravorty and Dalvi, fails to explicitly teach: The software validation computing platform of claim 2 further comprising a firewall protecting the private distributed ledger from the anonymous distributed ledger 
Wilkinson from the analogous technical field teaches: The software validation computing platform of claim 2 further comprising a firewall protecting the private distributed ledger from the anonymous distributed ledger (Examiner note: firewall protection is performed by allowing communication between only selected nodes) (Wilkinson, in Para. [0092] discloses “A private distributed ledger may be deployed as a fork of a blockchain project on a public blockchain, and may be customized for private use” Wilkinson, in Para. [0097] discloses “The firewall server 1209 is configured to communicate with nodes of the private blockchain 1203, and with an audit server 1211. The firewall server 1209 communicates with the nodes of the private blockchain 1203 using the Ethereum JSON-RPC-2.0 protocol.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Rodriguez, as modified by Chakravorty and Dalvi, in view of the teaching of Wilkinson which discloses firewall protection of the private blockchain in order to higher security of communication within the network (Wilkinson, [0092, 0097]).

Regarding claim 5 Rodriguez, as modified by Chakravorty and Dalvi, fails to explicitly teach: The software validation computing platform of claim 2 further comprising a firewall protecting the private distributed ledger and at least one of the plurality of validation servers from the anonymous public distributed ledger.
Wilkinson from the analogous technical field teaches: The software validation computing platform of claim 2 further comprising a firewall protecting the private distributed ledger and at least one of the plurality of validation servers from the anonymous public distributed ledger (Examiner note: control of firewall protection comprising public and/or private blocks by relevant computing nodes/servers is met by application of the firewall filtering module managed by firewall server 1209) (Wilkinson, in Para. [0118] discloses “The firewall management contract 1501 contract sends, at Sl 709, a filtering response to the firewall server 1209. The filtering response indicates whether the user is authorized to access the requested data, and whether the firewall server 1209 is required to process the requested data before it is returned to the user.” Wilkinson, in Para. [0124] discloses “A second control contract and asset contracts may also be deployed on a private distributed ledger controlled by a private entity, for example a corporate entity, where some of the asset contracts on the private distributed ledger correspond to some of the asset contracts on the public distributed ledger.” Wilkinson, in Para. [0209] discloses “the plurality of computing nodes and the computing device form part of a private network; and the private network further comprises a firewall server for controlling communications with computing devices outside the private network.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Rodriguez, as modified by Chakravorty and Dalvi, in view of the teaching of Wilkinson which discloses firewall protection of the private and public blockchain in order to higher security of communication within the network (Wilkinson, [0118, 0124, 0209]).

Regarding claim 6 Rodriguez, as modified by Chakravorty and Dalvi, fails to explicitly teach: The software validation computing platform of claim 2 further comprising a firewall protecting the private distributed ledger and at least one of the plurality of validation servers from the anonymous public distributed ledger and at least another of the plurality of validation servers.
Wilkinson from the analogous technical field teaches: The software validation computing platform of claim 2 further comprising a firewall protecting the private distributed ledger and at least one of the plurality of validation servers from the anonymous public distributed ledger and at least another of the plurality of validation servers (Examiner note: as noted above, control of firewall protection comprising selection and processing public and/or private blocks by relevant computing nodes/servers is met by application of the firewall filtering module managed by firewall server 1209) (Wilkinson, in Para. [0118] discloses “The firewall management contract 1501 contract sends, at Sl 709, a filtering response to the firewall server 1209. The filtering response indicates whether the user is authorized to access the requested data, and whether the firewall server 1209 is required to process the requested data before it is returned to the user.” (Wilkinson, in Para. [0124] discloses “access to data stored on the private distributed ledger is controlled by the private entity, but the private entity may permit certain users from outside the private entity (for example, contractors or associates) to view the certification, along with corresponding evidence data relating to the certification.” Wilkinson, in Para. [0209] discloses “the plurality of computing nodes and the computing device form part of a private network; and the private network further comprises a firewall server for controlling communications with computing devices outside the private network.”).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Rodriguez, as modified by Chakravorty and Dalvi, in view of the teaching of Wilkinson which discloses control over firewall protection of the private and public blockchain processing by plurality of computing nodes in order to higher security of communication within the network (Wilkinson, [0118, 0124, 0209]).

Regarding claim 7 Rodriguez, as modified by Chakravorty, Dalvi, and Wilkinson, teaches: The software validation computing platform of claim 4 wherein the plurality of validation servers are full node computing devices (Rodriguez, in Para. [0037] discloses “a system generally noted as 100, comprises a server subsystem 102 and a plurality of networked client devices including vehicles 104, 106, 108, 110, and validator 112.”).

Regarding claim 8 Rodriguez, as modified by Chakravorty, Dalvi, and Wilkinson, teaches: The software validation computing platform of claim 4 wherein at least one of the plurality of validation servers is a full node computing device and at least another of the plurality of validation servers is a lightweight computing device (Rodriguez, in Para. [0037] discloses “It is understood that the types of computing devices 54A-N shown in FIG. 2 are intended to be illustrative only and that computing nodes 10 and cloud computing environment 50 can communicate with any type of computerized device over any type of network and/or network addressable connection ( e.g., using a web browser).”).

Regarding claim 9 Rodriguez, as modified by Chakravorty and Wilkinson, fails to explicitly teach: The software validation computing platform of claim 4 wherein the sandbox is a virtual machine.
Dalvi from the analogous technical field teaches: The software validation computing platform of claim 4 wherein the sandbox is a virtual machine (Examiner note: VM stands for a virtual machine) (Dalvi, in Para. [0021] discloses “sandbox VM 124 can receive the downloaded software from target VM 122 and execute the software in a safe and controlled environment (sandbox environment) provided by the sandbox VM.”)
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Rodriguez, as modified by Chakravorty, and Wilkinson, in view of the teaching of Dalvi which discloses software validation by sandbox technology using virtual machines in order to higher system protection against malware (Dalvi, [0021]).

Regarding claim 10 Rodriguez, as modified by Chakravorty, Dalvi, and Wilkinson, teaches: The software validation computing platform of claim 4 wherein the test cryptographic hash for the unknown software is stored, in the second private block in the private distributed ledger, along with either the certified event record or the uncertified event record, the second indicia sufficient to identify the unknown software, and a generic numeric representation of the private distributed ledger (Rodriguez, in Para. [0044] discloses “Software and data used to practice embodiments of the present invention, e.g., software distribution program 175 on server computer 150, can be stored on such portable computer readable storage media and can be loaded onto persistent storage 170” Rodriguez, in Para. [0016] discloses “the providing entity ledger entries include the block number, time stamp, entity id, chain code data, as well as designation and version information for the available software based upon vehicle type presented as a data hash of the software.”).

Regarding claim 11 Rodriguez, as modified by Chakravorty, Dalvi, and Wilkinson, teaches: The software validation computing platform of claim 4 wherein the test cryptographic hash for the unknown software is anonymously stored, in the second public block in the anonymous public distributed ledger, along with either the certified event record or the uncertified event record, the second indicia sufficient to identify the unknown software, and a generic numeric representation of the anonymous public distributed ledger (Rodriguez, in Para. [0015] discloses “One or more validators may provide validation by comparing the hash of the package provided by the vehicle, along with the package metadata, with information from the repository. This includes comparing the submitted data hash with a hash of the data the validator has made after downloading the package from the download source, or with a hash of the package downloaded from the source, as well as comparing the date and time information submitted by the vehicle with download records of the repository”).

Regarding claim 12 Rodriguez, as modified by Chakravorty, Dalvi, and Wilkinson, teaches: The software validation computing platform of claim 10 wherein the generic numeric representation of the private distributed ledger comprises a 256-bit hexadecimal number (Examiner note: the SHA-256 is a Secure Hashing Algorithm based on 256-bit hexadecimal numbers) (Rodriguez, in Para. [0022] discloses “A hash function such as: Sha-1, Sha-2 or Sha-256 provides the hash value of the software package” Rodriguez, in Para. [0076] discloses “The database may be maintained in the form of a distributed ledger or blockchain. The blockchain may be private and all participants may be known and visible to each other.”).

Regarding claim 13 Rodriguez, as modified by Chakravorty, Dalvi, and Wilkinson, teaches: The software validation computing platform of claim 11 wherein the generic numeric representation of the anonymous public distributed ledger comprises a 256-bit hexadecimal number (Examiner note: as noted above, the SHA-256 is a Secure Hashing Algorithm based on 256-bit hexadecimal numbers) (Rodriguez, in Para. [0022] discloses “A hash function such as: Sha-1, Sha-2 or Sha-256 provides the hash value of the software package” Rodriguez, in Para. [0065] discloses “Nodes 10 may communicate with one another. They may be grouped (not shown) physically or virtually, in one or more networks, such as Private, Community, Public, or Hybrid clouds as described hereinabove, or a combination thereof.”).

Regarding claim 15, claim 15 dependent on claim 14 discloses a media that is substantially equivalent to the platform of claim 10 dependent on claim 4. Therefore, the arguments set forth above with respect to claim 10 are equally applicable to claim 15 and rejected for the same reasons.

Regarding claim 16, claim 16 dependent on claim 15 discloses a media that is substantially equivalent to the platform of claim 11 dependent on claim 4. Therefore, the arguments set forth above with respect to claim 11 are equally applicable to claim 16 and rejected for the same reasons.

Regarding claim 17, claim 17 dependent on claim 16 discloses a media that is substantially equivalent to the platform of claim 12 dependent on claim 10. Therefore, the arguments set forth above with respect to claim 12 are equally applicable to claim 17 and rejected for the same reasons.

Regarding claim 18, claim 18 dependent on claim 17 discloses a media that is substantially equivalent to the platform of claim 9 dependent on claim 4. Therefore, the arguments set forth above with respect to claim 9 are equally applicable to claim 18 and rejected for the same reasons.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR IVANOVICH GAVRILENKO whose telephone number is (313)446-6530.  The examiner can normally be reached on Monday-Friday 7:30-4:30 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/VLADIMIR I GAVRILENKO/Examiner, Art Unit 2431     

/TRANG T DOAN/Primary Examiner, Art Unit 2431