DETAILED ACTION
The following claims are pending in this office action: 2-3 and 5-21
The following claims are amended: 2, 11, 15 and 19
The following claims are new: -
The following claims are cancelled: 1 and 4
Claims 2-3 and 5-21 are rejected. This rejection is FINAL.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/13/2022 has been entered.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/13/2022 has been considered.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, an initialed and dated copy of Applicant’s IDS form 1449 filed 04/13/2022 is attached to the instant Office action. 
RESPONSE TO ARGUMENTS
Applicant’s arguments filed in the amendment filed 04/13/2022 have been fully considered but are moot in view of new grounds of rejection necessitated by amendment. 
Applicant notes: claim 2 is amended to recite, in combination with the other elements of the claim, that the check tool is “a digital signature check tool executable on the first operating system”, and the digital signature includes a “DS certificate for the second operating system:, and the check tool is configured to “determine the DS certificate is trusted by finding the trusted certificate data related to the DS certificate data in the trusted certificate database.“ These limitations have been mapped to Kirner et al. (US Pub. 2019/0123905) and Hogan (US Pub. 2013/0290725) below.  
Specifically, to directly address applicant’s claimed deficiencies regarding Dabbiere, mapping to Kirner et al. (US Pub. 2019/0123905) and Lynes et al. (US Patent No. 9,232,339) (hereinafter “Lynes”) are provided that specifically address making determinations about a DS certificate for a second operating system.  Furthermore, to address the interchangeability of the terms “trusted” and “valid”, and to separate any overlap that Dabbiere has with Solodovnikov, Hogan (US Pub. 2013/0290725) is used which clearly distinguishes determining validity of a certificate, and determining trust of a certificate as two separate steps.
Independent claims 15 and 19 recite similar elements and is similarly mapped to Kirner et al. (US Pub. 2019/0123905), Lynes et al. (US Patent No. 9,232,339), Hogan (US Pub. 2013/0290725), and Solodovnikov et al. (US Pub. 2016/0359842) below and rejected accordingly.  
Dependent claims 3, 5-14, 16-18, and 20-21 depend on independent claims 2, 15, and 19.  The amended elements in the independent claims have been mapped to Kirner et al. (US Pub. 2019/0123905), Lynes et al. (US Patent No. 9,232,339), Hogan (US Pub. 2013/0290725), and Solodovnikov et al. (US Pub. 2016/0359842) below, and so any additional features to the dependent claims are rejected accordingly.
Claim Objections
Claim 10 is objected to because of the following informalities:
Claim 10 recites the limitation “wherein validating the issuing center certificate includes” (claim 10, ln. 1). It is unclear whether applicant intends to refer to “validating the issuing center certificate data” (see claim 2, ln. 17-18).  If so, examiner recommends “wherein validating the issuing center certificate data includes”.  
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 5, 10, 14-15, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Kirner et al. (US Pub. 2019/0123905) (hereinafter “Kirner”), in view of Lynes et al. (US Patent No. 9,232,339) (hereinafter “Lynes”) in view of Hogan (US Pub. 2013/0290725) (hereinafter “Hogan”) in view of Solodovnikov et al. (US Pub. 2016/0359842) (hereinafter “Solodovnikov”).  

As per claim 2, a system for verifying a digital signature of at least one file, the system comprising: 
a data transfer device including: ([Kirner, para. 0014] “a single physical…. machine.... may operate multiple OS instances” [device]; [para. 0040] “a connection request is sent from a first workload 135-A executing a first executing on a first OS instance 130-A to a second workload 135-B executing on a second OS instance 130-B” [data transfer by the device, making the device a data transfer device])
computing hardware of at least one processor and memory operably coupled to the at least one processor; and instruction that, when executed on the computing hardware, cause the computing hardware to implement: ([Kirner, para. 0027] “components of the OS instances may be implemented as a non-transitory computer-readable storage medium storing instructions executable by a processor that when executed causes the processor to perform the steps… described herein”)
a digital signature check tool executable on the first operating system configured to: ([Kirner, para. 0042] “the first OS instance 130-A verifies that the certificate 240-B is authentic by verifying the digital signature 246-B using a public key associated with the certificate authority” [the public key is a digital signature check tool as it checks a digital signature and is used/executed, first OS instance is the first operating system])
obtain the at least one file, ([Kirner, para. 0042] “The first OS instance 130-A performs 406-A an authentication processes… based on the certificate 240-B… received” [the certificate being the at least one received file]) the at least one file having a digital signature, ([para. 0028] “the certificate includes… a digital signature”) and the digital signature including a DS certificate for the second operating system, ([para. 0028] “the certificate includes an identifier 242; the identifier 242 uniquely identifies the OS instance 130 to which the certificate was issued”; [para. 0029] “the OS instances 130 may provide the identity by providing the certificate 240”; [para. 0042] “the certificate 240-B… received from the second OS instance 130-B”; the second OS instance being the second operating system, and the certificate being generated by the certificate authority for the second OS instance) having issuing center certificate data ([Para. 0028] “the certificate 240 comprises a digital document [data] issued to the OS instance 130 by the certificate authority) and having DS certificate data; ([Para. 0028] “the certificate includes an identifier 242… The identifier 242 uniquely identifies the OS instance 130 to which the certificate was issued…” [DS certificate data includes the certificate– see claim 11 of the application “DS certificate data includes at least one of the DS certificate…”])
Kirner does not clearly teach a certificate database configured to store a plurality of certificates, wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system, and a second certificate for a second operating system, wherein the first operating system and the second operating system are different; a trusted certificate database configured to store trusted certificate data; determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate data with the plurality of certificates in the certificate database, and determine the digital signature is valid by checking that the at least one file has a required file integrity and the DS certificate is valid, if the DS certificate is valid, determine the DS certificate is trusted by finding the trusted certificate data related to the DS certificate data in the trusted certificate database, and categorize the at least one file as trusted when the digital signature is valid and the DS certificate is trusted. 
However, Lynes teaches a certificate database configured to store a plurality of certificates, ([Lynes, claim 1], “a central memory that stores security certificates for a plurality of operating systems”) wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system, ([col. 2, ln. 50-52], “conventionally, the application running on the mobile device had to store a security certificate for each vendor” [vendors refer to different operating system vendors: see col. 1, ln. 60-61]; [col. 2, ln. 39-41] a first OS vendor is Apple) and a second certificate for a second operating system, ([col. 2, ln. 39-41] a second OS vendor is Google) wherein the first operating system and the second operating system are different; ([col. 2, ln. 39-41] Apple is a different OS vendor from Google)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner with the teachings of Lynes to include a certificate database configured to store a plurality of certificates, wherein the plurality of certificates in the certificate database includes a first certificate for a first operating system and a second certificate for a second operating system, wherein the first operating system and the second operating system are different.  One of ordinary skill in the art would have been motivated to make this modification because to provide notifications/alerts, an application needs data about the device including two pieces of information: what operating system is used by the device and a security certificate for the operating system that verifies the identity of the mobile device.  (Lynes, col. 2, ln. 7-11)
Kirner in view of Lynes does not teach a trusted certificate database configured to store trusted certificate data; determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate data with the plurality of certificates in the certificate database, and determine the digital signature is valid by checking that the at least one file has a required file integrity and the DS certificate is valid, if the DS certificate is valid, determine the DS certificate is trusted by finding the trusted certificate data related to the DS certificate data in the trusted certificate database, and categorize the at least one file as trusted when the digital signature is valid and the DS certificate is trusted.
However, Hogan teaches a trusted certificate database configured to store trusted certificate data; and ([Hogan, para. 0021] “the memory 108 comprises an … list of trusted certificates 118” [the list being trusted certificate data, and the memory being a database])
determine the digital signature is valid ([Hogan, para. 0035} “at step 316, the method 300 tracks the signature as having a status of valid) by checking that the at least one file has a required file integrity ([Fig. 3; para. 0031] “at step 304, the method 300 determines if the document [at least one file] has been altered [has a required has a required file integrity]) and the DS certificate is valid, ([para. 0034] “at 310, the method 300 determines whether the certificate was valid at the time the document was signed”)
if the DS certificate is valid, ([Hogan, Fig. 3] step 314 occurs after step 310, where the DS certificate was determined to be valid) determine the DS certificate is trusted by finding the trusted certificate data related to the DS certificate data in the trusted certificate database, and  ([para. 0035] “at step 314, the method determines if the certificate chain links to a trust anchor [list of trusted certificates].  A certificate is trusted if it [DS certificate data includes the certificate– see claim 11 of the application “DS certificate data includes at least one of the DS certificate…”] is in a [finding] recipient’s list of trusted certificates [trusted certificate data in the trusted certificate database]”)
categorize the at least one file as trusted ([Hogan, para. 0030] “the method validates the trustworthiness of the document content since it was signed”; [Fig. 3, Para. 0037] “At step 324, the method 300 returns a status of VALID [indicating the document as trusted]”) when the digital signature is valid ([Step 310 of Fig. 3, and para. 0034 as described above) and the DS certificate is trusted.  ([Step 314, and para. 0035 as described above)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes with the teachings of Hogan to include a trusted certificate database configured to store trusted certificate data; and determine the digital signature is valid by checking that the at least one file has a required file integrity and the DS certificate is valid, if the DS certificate is valid, determine the DS certificate is trusted by finding the trusted certificate data related to the DS certificate data in the trusted certificate database, and categorize the at least one file as trusted when the digital signature is valid and the DS certificate is trusted.  One of ordinary skill in the art would have been motivated to make this modification because such a method allows for the system to deal with the failure mode of when a document was signed using a digital certificate that was not trusted for signing on the recipient’s machine.  (Hogan, para. 0006)
Kirner in view of Lynes and Hogan does not clearly teach determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate data with the plurality of certificates in the certificate database.
However, Solodovnikov teaches determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate data with the plurality of certificates in the certificate database. ([Solodovnikov, para. 0045] the checking of the validity of the certificate includes those identified in the ITU-T standard for a public key infrastructure, which includes generating a checksum/hash of the certificate, and then verifying the integrity of the data [certificate] by having the validator regenerate the same hash, validating the integrity of the DS certificate [see ITU-T, Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks, Article E41034, Posted 2016-12-08, Retrieved on 2021-06-23, Retrieved from the Internet: <URL: https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.509-201610-S!!PDF-E > Sec. 6.1, pg. 9-10]; [para. 0047] a high level of trust [a value validating the certificate data – see para. 0027] may be assigned to certificates identifiers whose certification authority is contained on the list of trusted certification authorities [validating the issuing center data with the plurality of certificates certificate database])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes and Hogan with the teachings of Solodovnikov to include determine the DS certificate is valid by checking that the DS certificate has a required DS certificate integrity and by validating the issuing center certificate data with the plurality of certificates in the certificate database.  One of ordinary skill in the art would have been motivated to make this modification because it allows for reduction of the load on a computer’s disk system that is checking malware files by eliminating the need to check highly trusted files associated with highly trusted certificates.  (Solodvnikov, para. 0003, para. 0029)

As per claim 5, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2
Kirner in view of Hogan, and Solodovnikov does not teach wherein the trusted certificate data in the trusted certificate database includes data for at least two operating systems.
However, Lynes teaches wherein the trusted certificate data in the trusted certificate database includes data for at least two operating systems.  ([Lynes, col. 2, ln. 39-41] “security certificates [trusted certificate data] are centrally maintained for various vendor services …APPLE, ANDROID, GOOGLE, WINDOWS” [at least two operating systems].  [Col. 2, ln. 47] the information is recorded in a database)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Hogan, and Solodovnikov with the teachings of Lynes to include wherein the trusted certificate data in the trusted certificate database includes data for at least two operating systems.  One of ordinary skill in the art would have been motivated to make this modification because in such a way, custom interfaces on each different OS are not necessary, and a simplified and unified interface for applications is provided.  (Lynes, col. 1, ln. 67 to col. 2, ln. 3)

As per claim 10, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2.  
Kirner in view of Lynes and Hogan does not teach wherein validating the issuing center certificate includes: building a chain of certificates from the plurality of certificates; checking that each of the plurality of certificates in the chain of certificates has a required certificate integrity; checking that one of the plurality of certificates in the chain of certificates is related to the issuing center data; checking that a root certificate is the last certificate in the chain of certificates; and if each of the plurality of certificates in the chain of certificates has the required certificate integrity, one of the plurality of certificates in the chain of certificates is related to the issuing center data, and the root certificate is the last certificate in the chain of certificates, determining that the issuing center data is valid.
However, Solodovnikov teaches wherein validating the issuing center certificate includes: ([Solodovnikov, Fig. 3-4, para. 0046, para. 0050] a high level of trust [a value validating the certificate – see para. 0027] may be assigned to certificates whose certification authority is contained on the list of trusted certification authorities [validating the issuing center with the certificate database] and validating the certification authority based on root and intermediate certificates)
building a chain of certificates from the plurality of certificates; ([Solodovnikov, Fig. 5, para. 0050; para. 0053] to validate the certification, the verification module constructs a certificate chain from a plurality of certificates)
checking that each of the plurality of certificates in the chain of certificates has a required certificate integrity; ([Solodovnikov, Fig. 5, para. 0053] in order for the certificate to be validated, each certificate in the chain until the root certificate is reached, must have a requisite level of validation)
checking that one of the plurality of certificates in the chain of certificates is related to the issuing center data; ([Solodovnikov, Fig. 5, para. 0050] the certification authority [issuing center data] of each certificate is determined to ensure that the certification authority is linked/related)
checking that a root certificate is the last certificate in the chain of certificates; and ([Solodovnikov, Fig. 5, para. 0053] the process of checking certificates continues until the root certificate is reached)
if each of the plurality of certificates in the chain of certificates has the required certificate integrity, one of the plurality of certificates in the chain of certificates is related to the issuing center data, and the root certificate is the last certificate in the chain of certificates, determining that the issuing center data is valid. ([Solodovnikov, para. 0050-0051; para. 0055-0056] if the certificate chain is successfully traversed [the certificates in the chain of certificates has the required integrity, and related to the certification authority/issuing center data], and the root certificate has been reached [is the last certificate] it is determined that the end certificate is associated with a medium or high level of trust.  [Para. 0029] a high level of trust is associated with a list of trusted certification authorities [a determination that the issuing center data is valid])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Hogan with the teachings of Solodovnikov to include wherein validating the issuing center certificate includes: building a chain of certificates from the plurality of certificates; checking that each of the plurality of certificates in the chain of certificates has a required certificate integrity; checking that one of the plurality of certificates in the chain of certificates is related to the issuing center data; checking that a root certificate is the last certificate in the chain of certificates; and if each of the plurality of certificates in the chain of certificates has the required certificate integrity, one of the plurality of certificates in the chain of certificates is related to the issuing center data, and the root certificate is the last certificate in the chain of certificates, determining that the issuing center data is valid. One of ordinary skill in the art would have been motivated to make this modification because traversing and validating a certificate chain allows a succession search for each certificate in the chain and allows the level of trust of an end certificate to be verified.  (Solodvnikov, para. 0051)

As per claim 14, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2.  
Kirner in view of Lynes and Solodovnikov does not clearly teach wherein the trusted certificate data comprises a plurality of trusted certificates or IDs of the plurality of trusted certificates.  
However, Hogan teaches wherein the trusted certificate data comprises a plurality of trusted certificates or IDs of the plurality of trusted certificates.  ([Hogan, para. 0035] “at step 314, the method determines if the certificate chain links to a trust anchor [list of trusted certificates].  A certificate is trusted if it is in a [finding] recipient’s list of trusted certificates [plurality of trusted certificates]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Solodovnikov with the teachings of Hogan to include wherein the trusted certificate data comprises a plurality of trusted certificates or IDs of the plurality of trusted certificates. One of ordinary skill in the art would have been motivated to make this modification because a list of trusted certificates allows for tracking that a signature has a status of valid but untrusted.  (Hogan, para. 0033)

As per claim 15, Kirner teaches a method for verifying a digital signature of at least one file.  ([Kirner, claim 4] the method includes verifying the digital signature to validate authenticity of the digital certificate)
The method claimed has language that is identical or substantially similar to the steps performed by the system disclosed in claim 2, and thus is rejected with the same rationale applied against claim 2.  

As per claim 19, Kirner teaches at least one processor and memory operably coupled to the at least one processor, and instructions when executed on the processor ([Kirner, para. 0027] the components of the OS may be implemented as a non-transitory computer-readable storage medium storing instruction executable by a processor) cause the processor to implement a check tool configured to perform the steps of the check tool of claim 2, has language that is identical or substantially similar to the method of claim 2, and thus is rejected with the same rational applied against claim 2.   

Claims 3, 6-8, 13, 16-18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kirner, in view of Lynes in view of Hogan in view of Solodovnikov as applied to claims 2 , 15, and 19 above, and further in view of Dabbiere (US Pub. 2014/0282869) (hereinafter “Dabbiere”).  

As per claim 3, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2.  
Kirner in view of Lynes and Hogan does not clearly teach wherein the check tool is further configured to categorize the at least one file as non-trusted when the digital signature is invalid or the DS certificate is invalid or non-trusted, and wherein the data transfer device further includes instructions that, when executed on the computing platform, cause the computing platform to implement a security assurance tool configured to restrict access to a user computing device to the at least one file when the at least one file is categorized as non-trusted by the check tool.
	However, Solodovnikov teaches wherein the check tool is further configured to categorize the at least one file as non-trusted when the digital signature is invalid or the DS certificate is invalid or non-trusted.   ([Solodovnikov, para. 0029] performing one or more of heuristic analysis, emulation, manual checking and blocking of execution of the file [categorizing the at least one file as untrusted] is done if the certificate is associated with a low level of trust.  If the digital signature is invalid, the certificate is associated with a low level of trust.  [Para. 0047] if the certificate is invalid, the certificate is associated with a low level of trust)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes and Hogan with the teachings of Solodovnikov to include wherein the check tool is further configured to categorize the at least one file as non-trusted when the digital signature is invalid or the DS certificate is invalid or non-trusted.  One of ordinary skill in the art would have been motivated to make this modification because such a modification allows a computing device to determine if additional, resource intensive, and complex checking of the file is required, increasing the efficiency of the operation of antivirus software.  (Solodvnikov, para. 0029, para. 0004)
	Kirner in view of Lynes and Hogan with the teachings of Solodovnikov does not clearly teach wherein the data transfer device further includes instructions that, when executed on the computing platform, cause the computing platform to implement a security assurance tool configured to restrict access to a user computing device to the at least one file when the at least one file is categorized as non-trusted by the check tool.
	However, Dabbiere teaches wherein the data transfer device further includes instructions that, when executed on the computing platform, cause the computing platform to implement a security assurance tool configured to restrict access to a user computing device to the at least one file when the at least one file is categorized as non-trusted by the check tool. ([Dabbiere, para. 0017] the client device [the computing platform] includes local rules that allows enforcement of the remedial action [instructions] such as in the case of functionality built into an OS or certain enterprise applications [a security assurance tool].  [Para. 0052] If the certificate validation check fails [when the at least one file is categorized as non-trusted] measures may be taken such as disabling resources [restricting access to a user computing device to the at least one file])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Hogan and Solodovnikov with the teachings of Dabbiere to include wherein the data transfer device further includes instructions that, when executed on the computing platform, cause the computing platform to implement a security assurance tool configured to restrict access to a user computing device to the at least one file when the at least one file is categorized as non-trusted by the check tool.  One of ordinary skill in the art would have been motivated to make this modification because such a modification allows users with a lower security clearance to be provided with more restrictive device requirements, allowing users not willing to surrender the necessary level of device control to still limited access.  (Dabbiere, para. 0004)

As per claim 6, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2
Kirner in view of Lynes, Hogan, and Solodovnikov does not clearly teach wherein the check tool is configured to determine the digital signature is valid with a first processor process and the check tool is configured to determine the DS certificate is valid with a second processor process, the first processor process being executed concurrently and independently of the second processor process.  
However, Dabbiere teaches wherein the check tool is configured to determine the digital signature is valid with a first processor process and the check tool is configured to determine the DS certificate is valid with a second processor process, the first processor process being executed concurrently and independently of the second processor process.  ([Dabbiere, para. 0049] in response to a request from the application, the user device validates a certificate, and validates a digital signature.  [Para. 0076]  processes of validating the certificate and digital signature may be executed concurrently [with a first processor process, and a second processor process]) 
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Hogan and Solodovnikov with the teachings of Dabbiere to include wherein the check tool is configured to determine the digital signature is valid with a first processor process and the check tool is configured to determine the DS certificate is valid with a second processor process, the first processor process being executed concurrently and independently of the second processor process.  One of ordinary skill in the art would have been motivated to make this modification because certificate validation can be performed at random times, which may require updated certificate checks even when the application [for example a digital signature check] is running.  (Dabbiere, para. 0054)

As per claim 7, Kirner in view of Lynes, Hogan, and Solodovnikov and further in view of Dabbiere teaches claim 3.  
Kirner in view of Lynes, Hogan, and Solodovnikov does not clearly teach wherein the security assurance tool is configured to restrict access to the user computing device to the file by at least one of: prohibiting transfer of the at least one file to the user computing device, prohibiting execution of the at least one file on the user computing device, prohibiting opening of the at least one file on the user computing device, deleting the at least one file, or quarantining the at least one file.
However, Dabbiere teaches wherein the security assurance tool is configured to restrict access to the user computing device to the file by at least one of: ([Dabbiere, para. 0017; para. 0052] the device uses remedial modules or enterprise applications [the security assurance tool] to enforce remedial actions which restrict access to the user of the computing device.  The examiner interprets “at least of one of” to mean that only one of the items in the list below is required, but to expedite prosecution, prior art citations for all of the items in the list below are provided)
prohibiting transfer of the at least one file to the user computing device, ([Dabbiere, para. 0064] denying the transfer of resources to a requesting devices as a possible remedial action)
prohibiting execution of the at least one file on the user computing device, ([Dabbiere, para. 0020] requests to execute applications [at least one file] are refused on a requesting device as a possible remedial action)
prohibiting opening of the at least one file on the user computing device, ([Dabbiere, para. 0052] executing routines for opening applications will be denied as a possible remedial action)
deleting the at least one file, or ([Dabbiere, para. 0052] deleting local resources [at least one file] as a possible remedial action)
quarantining the at least one file. ([Dabbiere, para. 0052] disabling [or quarantining] the resource as a possible remedial action)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Kirner, Lynes, Hogan, Solodovnikov and Dabbiere for the same reasons as disclosed above. 

As per claim 8, Kirner in view of Lynes, Hogan, and Solodovnikov and further in view of Dabbiere teaches claim 7.  
Kirner in view of Lynes, Hogan, and Solodovnikov does not clearly teach wherein when the check tool obtains the at least one file, the security assurance tool is further configured to suspend transfer of the at least one file to the user computing device until the at least one file is categorized as trusted or non-trusted.
However, Dabbiere teaches wherein when the check tool obtains the at least one file, the security assurance tool is further configured to suspend transfer of the at least one file to the user computing device until the at least one file is categorized as trusted or non-trusted. ([Dabbiere, para. 0017; para. 0050-51] the device uses remedial modules or enterprise applications [the security assurance tool] in the event that the certificate is not trusted by the device [until the file is categorized as non-trusted].  The request for access to resources may be denied, at least temporarily [suspend transfer of the file], until the problem with the certificate is resolved)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to combine the teachings of Kirner, Lynes, Hogan, Solodovnikov and Dabbiere for the same reasons as disclosed above. 

As per claim 13, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2.  
Kirner in view of Lynes, Hogan, and Solodovnikov does not clearly teach wherein the plurality of certificates stored in the certificate database comprises only root certificates and certificates of certifying centers.  
However, Dabbiere teaches wherein the plurality of certificates stored in the certificate database comprises only root certificates and certificates of certifying centers.  ([Dabbiere, para. 0018] in an embodiment, the certificates are one of a plurality of root certificates and a plurality of intermediate certificates.  Intermediate certificates are certificates of certifying centers [see ITU-T, Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks, Article E41034, Posted 2016-12-08, Retrieved on 2021-06-23, Retrieved from the Internet: <URL:https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.509-201610-S!!PDF-E> Sec. 3.5.21, pg. 4])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Hogan and Solodovnikov with the teachings of Dabbiere to include wherein the plurality of certificates stored in the certificate database comprises only root certificates and certificates of certifying centers.  One of ordinary skill in the art would have been motivated to make this modification the OS may then refer to the trust store to determine whether the certificate has been signed by a certificate authority.  (Dabbiere, para. 0048)

As per claim 16, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

As per claim 17, the claim language is identical or substantially similar to that of claim 7. Therefore, it is rejected under the same rationale applied to claim 7.

As per claim 18, the claim language is identical or substantially similar to that of claim 8. Therefore, it is rejected under the same rationale applied to claim 8.

As per claim 20, the claim language is identical or substantially similar to that of claim 3. Therefore, it is rejected under the same rationale applied to claim 3.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Kirner in view of Lynes in view of Hogan in view of Solodovnikov as applied to claim 2 above, and further in view of Huang et al. (US Pub. 2015/0121478) (hereinafter “Huang”)

As per claim 9, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2.  
Kirner in view of Lynes, and Hogan does not clearly teach wherein checking that the at least one file has the required file integrity includes: obtaining a decrypted digital signature checksum from the digital signature; teach obtaining a checksum algorithm from the DS certificate; calculating a file checksum of the at least one file using the checksum algorithm; comparing the digital signature checksum with the file checksum using a public key in the DS certificate; and if the digital signature checksum matches the file checksum, determining that the at least one file has the required file integrity..
However, Solodovnikov teaches wherein checking that the at least one file has the required file integrity includes: ([Solodovnikov, para. 0035] an unknown file is executed on the computer and the application may send an identifier, a hash of the file, for validation that it has the requisite integrity)
obtaining a decrypted digital signature checksum from the digital signature; ([Solodovnikov, para. 0046] the checking of the digital signature includes deciphering it with a public key)
calculating a file checksum of the at least one file using the checksum algorithm; ([Solodovnikov, para. 0046] a calculated value of the hash function of the of the file)
comparing the digital signature checksum with the file checksum using a public key in the DS certificate; and ([Solodovnikov, para. 0046] comparing the resulting value of the hash function of the file with the calculated value of the hash function of the file)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, and Hogan with the teachings of Solodovnikov to include checking that the at least one file has the required file integrity includes: obtaining a decrypted digital signature checksum from the digital signature; calculating a file checksum of the at least one file using the checksum algorithm; and comparing the digital signature checksum with the file checksum using a public key in the DS certificate.  One of ordinary skill in the art would have been motivated to make this modification because such steps would allow checking of the digital signature to allow for malware detection. (Solodovniok, para. 0046; para. 0003)
Kirner in view of Lynes, Hogan, and Solodovnikov does not clearly teach obtaining a checksum algorithm from the DS certificate; and if the digital signature checksum matches the file checksum, determining that the at least one file has the required file integrity.
However, Huang teaches obtaining a checksum algorithm from the DS certificate; and ([Huang, para. 0067] a hash algorithm recorded in a certificate file is obtained so that a hash calculation can be performed using the algorithm)
if the digital signature checksum matches the file checksum, determining that the at least one file has the required file integrity. ([Huang, para. 0067] If the digital signature hash matches the file hash, it is determined that the installation package is complete [has the required file integrity])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Hogan and Solodovnikov with the teachings of Huang to include obtaining a checksum algorithm from the DS certificate; and if the digital signature checksum matches the file checksum, determining that the at least one file has the required file integrity.  One of ordinary skill in the art would have been motivated to make this modification because these steps allow for determination of whether termination of operations, or granting permissions for installing apps is appropriate. (Huang, para. 0066)

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Kirner in view of Lynes in view of Hogan in view of Solodovnikov as applied to claim 2 above, and further in view of Llyod (US Pub. 2016/0315777) (hereinafter “Lloyd”).  

As per claim 11, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 2.  
Kirner in view of Lynes and Solodovnikov does not teach wherein finding the trusted certificate data related to the DS certificate data in the trusted certificate database includes: identifying the DS certificate data in the trusted certificate data, wherein the DS certificate data includes at least one of the DS certificate, an ID of the DS certificate, or a vector of values identifying the DS certificate; or identifying a certifying center certificate from a certifying center that issued the DS certificate in the trusted certificate data.  
However, Hogan teaches wherein finding the trusted certificate data related to the DS certificate data in the trusted certificate database includes: identifying the DS certificate data in the trusted certificate data, wherein the DS certificate data includes at least one of the DS certificate, an ID of the DS certificate, or a vector of values identifying the DS certificate; or ([Hogan, para. 0035] “at step 314, the method determines if the certificate chain links to a trust anchor [list of trusted certificates].  A certificate [DS certificate]is trusted if it is in a [finding] recipient’s list of trusted certificates [trusted certificate data]”)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Solodovnikov with the teachings of Hogan to include wherein finding the trusted certificate data related to the DS certificate data includes: identifying the DS certificate data in the trusted certificate data, wherein the DS certificate data includes at least one of the DS certificate, an ID of the DS certificate, or a vector of values identifying the DS certificate. One of ordinary skill in the art would have been motivated to make this modification because a list of trusted certificates allows for tracking that a signature has a status of valid but untrusted.  (Hogan, para. 0033)
identifying a certifying center certificate from a certifying center that issued the DS certificate in the trusted certificate data.  ([Lloyd, para. 0060] “a device can acquire a URL from its certificate [trusted certificate data] that directs [identifies] the device to a certificate authority [from a certifying center]”.  The device uses the URL to download a new certificate and chain [certifying center certificate] from the certificate authority)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Hogan, Lynes and Solodovnikov with the teachings of Lloyd to include identifying a certifying center certificate from a certifying center that issued the DS certificate in the trusted certificate data. One of ordinary skill in the art would have been motivated to make this modification because such a procedure allows the device to get a correct version of the certificate that the device should be use.  (Hogan, para. 0060)

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Kirner, in view of Lynes in view of Hogan in view of Solodovnikov further in view of Llyod as applied to claim 11 above, and further in view of Miyazawa (US Pub. 2007/0234047) (hereinafter “Miyazawa”).  

As per claim 12, Kirner in view of Lynes, Hogan, and Solodovnikov and further in view of Llyod teaches claim 11.  
Kirner in view of Lynes, Hogan, and Solodovnikov and further in view of Llyod does not teach wherein the certificate database is further configured to store revocation data about the plurality of certificates and wherein determining the DS certificate is trusted further comprises: comparing the DS certificate to the revocation data to determine the DS certificate has not expired.
However, Miyazawa teaches wherein the certificate database is further configured to store revocation data about the plurality of certificates and wherein determining the DS certificate is trusted further comprises: ([Miyazawa, Fig. 1; para. 0082] in a flash memory a plurality of server certificate data is stored [a certificate database].  [Fig. 2, para. 0091] included in the server certificate is the serial number of the certificate and the validity period information of the certificate [revocation information/data, see para. 0096-0097])
comparing the DS certificate to the revocation data to determine the DS certificate has not expired. ([Miyazawa, Fig. 4, para. 0127-0128] the peripheral compares the DS certificate to the revocation data [the validity period information] in view of the present time to determine if the certificate is expired [duration specified in the certificate itself has not ended – see pg. 12, ln. 20-21 of the instant application].  If the certificate is expired, the certificate is determined to not to be valid [untrusted])
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Hogan, and Solodovnikov and Llyod with the teachings of Miyazawa to include wherein the certificate database is further configured to store revocation data about the plurality of certificates and wherein determining the DS certificate is trusted further comprises: comparing the DS certificate to the revocation data to determine the DS certificate has not expired.  One of ordinary skill in the art would have been motivated to make this modification because inhibiting the use of expired certificates would allow for client devices to prevent establishment of encrypted communications with degraded security (Miyazawa, para. 0037-0039)

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Kirner in view of Lynes in view of Hogan in view of Solodovnikov as applied to claim 19 above, and further in view of Murphey et al. (US Pub. 2012/0110337) (hereinafter “Murphey”).  

As per claim 21, Kirner in view of Lynes, Hogan, and Solodovnikov teaches claim 19.  
Kirner also teaches a computing device operating system (OS); ([Kiner, para. 0014] a single physical machine may operate one or more OS instances)
Kirner in view of Lynes, Hogan, and Solodovnikov does not clearly teach instructions that, when executed on the processor, cause the processor to implement a virtual machine comprising a virtual machine OS, the virtual machine OS being different than the computing device OS, and wherein the at least one file is executable only on the virtual machine OS.  
However, Murphey teaches instructions that, when executed on the processor, cause the processor to implement a virtual machine comprising a virtual machine OS, ([Murphy, para. 0112] the instructions may be implemented on a computer processor, which implements the virtual machine) the virtual machine OS being different than the computing device OS, ([para. 0004] the virtual application is encapsulated from the host OS by a virtual operating system) and wherein the at least one file is executable only on the virtual machine OS.  ([Para. 0027] a virtual application [the at least one file] may be implemented as an executable virtualized application file configured to execute in a virtualized environment [a virtual machine OS] provided by a virtual machine)
It would have been obvious before the effective filing date of the claimed invention for one of ordinary skill in the art to have modified the elements disclosed by Kirner in view of Lynes, Hogan, and Solodovnikov with the teachings of Murphy to include instructions that, when executed on the processor, cause the processor to implement a virtual machine comprising a virtual machine OS, the virtual machine OS being different than the computing device OS, and wherein the at least one file is executable only on the virtual machine OS.  One of ordinary skill in the art would have been motivated to make this modification because access to a virtual application may be restricted by restricting the ability to launch virtualized application files to only authorized applications with validated and digital signatures and certificates. (Murphy, para. 0053)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Bowen et al. (US Patent No. 11,323,274) discloses trust stores that store a list of trusted CA certificates stored by the host’s operating system, and describes that private certificates are only trusted if the root public key is in the trust store.  
Eigler et al. (US Pub. 2011/0225420) discloses a data store for certificate data where if there is not a certificate in the database that corresponds to the signature, the client module system determines that the module is not trusted.  
Hsueh et al. (US Pub. 2012/0030469) discloses a certificate database where the user may request the CA’s digital certificate in order to authenticate the identity of the CA in order to authenticate a digital certificate.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.

/Z.L./Examiner, Art Unit 2493                                                                                                                                                                                                        

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493