DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/03/2021 has been entered.


1.  This Non-Final Office Action is in response to amendment filed on 09/13/2022.
	Claim 1, 8 and 14 have been amended. Claims 1-20 remain pending in the application. 
Response to Amendment

The amendment filed 09/13/2022 has been entered. Claim 1, 8 and 14 have been amended. Claims 1-20 remain pending in the application.
Response to Arguments

 Regarding Applicant’s arguments, on page 6-13 of the remark filed on 04/25/2022, on the newly added limitations of independent Claims 1: “determine whether the generated second hash matches the received first hash; wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.”,
The newly amended limitations of independent claim 8: “determine whether the generated second hash matches the received first hash; wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.”
The newly amended limitations of independent claim 14: “wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.”, arguments are persuasive.
Therefore, the 35 U.S.C. 103 rejection over Kalika et al. (U.S No. 10979440) and Lum et al. (U.S Pub. No. 20200279044) in further view of Ruckriemen et al. (U.S Pub. No. 20200244470), has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 U.S.C. § 103 in view of the following prior art: Roscoe et al. (U.S Pub. No. 20210194702) in conjunction with Kalika et al. (U.S No. 10979440) and Lum et al. (U.S Pub. No. 20200279044). Please refer to the 35 U.S.C. 103 section below for a detailed explanation.
	For the reasons stated above and the new ground(s) of rejection under 35 U.S.C. 103 below, Examiner respectfully disagrees with Applicant’s argument, see Applicant’s Remarks Page 6-9, regarding allowance of the application. Examiner asserts that claims 1-20 are rejected for the reasons stated above in conjunction with the new ground(s) of rejection under 35 U.S.C. 103 below.
	Conclusion: Kalika –Lum- Roscoe teaches the aforementioned limitations of independent claims 1, 8 and 14 rendering the claim limitations obvious before the effective date of the claimed invention.

Claim Rejections - 35 USC § 103


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.





Claim 1 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”) and Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”) in further view of Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”)

	Regarding Independent Claim 1 (Currently Amended), Kalika teaches a computing device comprising: (Fig. 1 label 102; developer device), (Figure 4B label 426; client device))
 a processor; and  (Col. 14 lines 50-55 “The computer processor(s) (402) may be an integrated circuit for processing instructions. For example, the computer processor(s) may be one or more cores or micro-cores of a processor.”; processor)
a storage medium including instructions executable by the processor to: (Col. 15 lines 8-15 “Software instructions in the form of computer readable program code to perform embodiments of the invention may be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a CD, DVD, storage device, a diskette, a tape, flash memory, physical memory, or any other computer readable storage medium. Specifically, the software instructions may correspond to computer readable program code that, when executed by a processor(s)”; storage medium execute by the processor)
receive a program file and a first hash from a client device, wherein the first hash is generated by the client device based on the program file; (Col. 3 lines 58-67 and Col. 4 lines 1-5 “The deployment package (118) is a computer file that includes one or more executable files (e.g., executable file (120)), the metadata (122) for deploying the one or more executable files, the catalog (124), and the host server list (126), which are further described below. In one or more embodiments, the executable files are stored in an archive file in the deployment package (118). In one or more embodiments, the executable file (120) includes a set of instructions generated from the source code (116) by the continuous integration server (106). The type of instructions depend on the type of programming language used and can contain binary code (generated from, e.g., assembly, C, C++, Go), byte code (from Java), high-level code (from Python, JavaScript), etc.”; program file (executable file corresponding to archive and programming language (Java)), (Col. 6 lines 57-62 “hash values are generated and transmitted by the host server to the continuous deployment server. The hash values can be generated for a set of one or more of the executable files within the deployment package. The hash values are generated in response to the deployment package being received and deployed on to the host server.”; receive a program file and a first hash (hash values are generated and transmitted [..] being received)), (Col. 6 lines 13-17 “the deployment package is generated by the continuous integration server. In one or more embodiments, the deployment package is generated by collecting the set of executable files and metadata into an archive file that forms the deployment package.”; receiving a program file (collecting the set of executable files)), (Col. 6 lines 4-12 “ the signature for a function is generated by hashing the executable files in the deployment package to generate an original hash value that is used as the message of the digital signature.”; the first hash is generated based on the program file ( signature is generated by hashing the executable files to generate an original hash)), (Col. 15 lines 45-50 “The nodes may include functionality to receive requests from the client device (426) and transmit responses to the client device (426). The client device (426) may be a computing system, such as the computing system shown in FIG. 4A. Further, the client device (426) may include and/or perform all or a portion of one or more embodiments of the invention.”; client device performing all functions))
generate a second hash based on the program file; (Claim 1 “wherein: the list of functions includes a second hash value for the deployed function, and the second hash value is generated by the host server in response to receiving the request for the list of functions after the function is deployed”; generating of second hash), (Col. 5 lines 1-15 “ The hash value can be generated on demand in response to a request for the function list (134). Each executable file can have an individual hash value that is generated by applying a hashing algorithm to the executable file. Additional and alternative embodiments can generate additional hash values from the hash values generated for the individual executable files.”; generate a second hash based on the program file (generate additional hash values generated for individual executable files))
determine whether the generated second hash matches the received first hash; and (Col. 7 lines 58-62 “ the original hash value is recovered by decrypting the digital signature using the public key. When the deployed function hash value matches the original hash value, the deployed function is validated.”; determining that the generated second hash matches ( hash value matches original hash value)), (Col. 10 lines 41-50 “The continuous deployment server (310) hashes the executable files of the deployment package to generate a hash value that is compared with the recovered hash value. If the generated hash value does not match the recovered hash value, then the deployment package may have been tampered with and the continuous deployment server (310) will not deploy the deployment package to the host server (312).”; determination that the generated second hash matches the first received hash (hash value that is compared with the recovered hash value [..] match)), (Col. 7 lines 8-15 “ hash values for one or more executable files from the deployment package that form the function, and then transmits the function list to the validator. The hash values in the function list are newly generated in response to the request for the function list from the validator.”; second hash (hash values) corresponding to signed tested files (executable files)), (Col. 4 lines 20-35 “ hash value (130) is a cryptographic hash value generated from the executable file (120). In one or more embodiments, the cryptographic hash value is generated using a hash algorithm, examples of which include message digest 5 (MD5), secure hash algorithms  [..] If the same hashing algorithm is applied to the same executable files, then each hash file should match. The hash files generated by the host servers can include additional information that is unique to each host server so that each hash file will be distinct. “; hash value corresponding to executable file)) 
However Kalika does not explicitly teach in response to a determination that the program file does not include malicious content, and in response to a determination that the generated second hash matches the received first hash, sign the generated second hash and provide the signed second hash to the client device, wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.
Wherein Lum teaches in response to a determination that the program file does not include malicious content, (Par. (0048)” If execution of the software update leads to anomalous behavior that does not match the information in the update behavior profile (e.g., the update behavior profile indicates that the software update writes file “a.txt” with hash “ab3d . . .”, but the update executable writes the same file with a different hash “48fd . . .”.),; in response to determination ( if the hashes do not match (comparing of software updates)), (Par. (0074) “The computer verifies behavior of the software update during execution matches the update behavior profile of the software update (step 720).”; in response to determination (matching of the software updates)), (Par. (0033) “software update manager 218 may use the information contained in update behavior profile 228 to detect whether software update 222 is performing normal activity or malicious activity while running on a client device based on comparing the information contained within update behavior profile 228 with metrics collected from the client device.”; in response to determination the program file does not include malicious content (to detect whether software update is performing normal activity [..] based on comparing information contained))
sign the generated second hash; and  (Par. (0015) “one or more programming languages, including an object oriented programming language such as Smalltalk, C++, or the like, and procedural programming languages, such as the “C” programming language or similar programming languages.”; corresponding to program file (programming/ C/C++)), (Par. (0024) “plurality of different software update servers, identifiers and network addresses for a plurality of different client devices, software updates, software update behavior profiles, and the like”; software update and software update behavior profiles), (Par. (0033) “Software update manager 218 runs update executable 224 on a plurality of secure platforms over multiple iterations. While running update executable 224 on the plurality of secure platforms, software update manager 218 collects update executable metrics [..] represent measurements corresponding to software update 222, such as, for example, what actions or tasks software update 222 performs during normal execution. Software update manager 218 utilizes classifier 220 to generate update behavior profile 228 based on collected update executable metrics 226 over the multiple runs. Update behavior profile 228 represents a stored profile corresponding to software update 222 that describes the normal behavior or characteristics of software update 222 while running. Thus, update behavior profile 228 is a behavior-based profile that provides a description of what the behavior of update executable 224 is (e.g., what files update executable 224 writes to, what system calls update executable 224 makes, and the like)”; software manager corresponding to software update, update executable and update behavior profile), (Par. (0034)  “Software update manager 218 [..] digitally signs the hash of update executable 224 and update behavior profile 228 using, for example, a private key corresponding to a provider or owner of software update 222. Digital signature is the process of using Public Key Infrastructure (PKI) to attest to the integrity and authenticity of update package 230 that includes cryptographically signed update executable and behavior profile 232”; sign the generated second hash (software update manager digitally signs hash of update executable and update behavior profile))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Lum within the teachings of Kalika to include in response to a determination that the program file does not include malicious content, sign the generated second hash because of the analogous concept of software development stages and secure protection of program files from malicious content such as spyware, viruses etc. Lum includes a process of determining that the program file does not include malicious content and signing the generated second hash, this is significant because it addresses the issue and provides a solution of program files being overly exposed over a network and how malicious content such as Trojan attacks, viruses and other malware may be inserted into a program file before being signed. By detecting whether the malicious content is not included it allows the server to authenticity sign the program file and confirm that the sensitive data has not been modified, altered, tampered or compromised in any way. Lum also discloses the signing of the generated second hash, this is significant because signing the hash provides an indication to the user that the program file is safe and that there is no malicious content present. The process of the signing the second hash ensures software developers that there is a decreased chance or less likelihood that malicious content has reached the program file before the final production of the software and in return saves time, development costs as well as provide a confirmation that the software is securely protected.
The motivation to combine these references is by implementing a determination or detection mechanism to identify when there is no malicious content included in the program file the software developers can proceed to the final stages of production unimpeded as well as transfer software application data to external locations without concern of inauthenticity before the contents are signed.  
However Kalika and Lum do not explicitly teach and in response to a determination that the generated second hash matches the received first hash, and provide the signed second hash to the client device, wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.
Wherein Roscoe teaches determine whether the generated second hash matches the received first hash; and (Par. (0016) “and comparing the obtained hash value with a hash value in the first subset of hash values corresponding to said each key, [..] if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values”; determining whether the second hash matches the first hash (comparing the obtained hash value with a hash value in the first subset [..] if the hash values are consistent)), (Par. (0049) “can obtain a hash value of a correspondence between each key in the received keys and the user identifier of the user respectively, and then compare the obtained hash values with the corresponding hash values in the first subset of hash values. If the obtained hash values are identical to (e.g., consistent with) the corresponding hash values in the first subset of hash values,”; second hash matches the received first hash ( obtain hash value is the compared [..] hash values are identical))
in response to a determination that the generated second hash matches the received first hash, sign the generated second hash and (Par. (0016) “and comparing the obtained hash value with a hash value in the first subset of hash values corresponding to said each key, and signing all hash values received from the user except the first subset of hash values if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values”; determination that the generated second hash matches the received first hash (comparing the obtained hash value with a hash value in the first subset) sign the generated second hash (signing all hash values received from the user corresponding to the comparison if the hash values are consistent)) 
provide the signed second hash to the client device, (Figure 5 labels 501, 502 “Signature of hash (A kA) or hash (A, kA, t)”; provide the signed second hash to the client device (signature of hash is sent back to client device 501))
wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed. (Par. (0079) “and compare the obtained hash value with a corresponding hash value in the first subset of hash values. Further, the certificate authority 502 can be configured to sign all hash values received from the client 501 except the first subset of hash values if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values. In the embodiment, if all the obtained hash values are consistent with or equal to the corresponding hash values in the first subset of hash values,”; upon determination that the generated second hash dos not match (compare the obtained hash value with a corresponding hash value) the second generated hash value is not signed ( certificate authority signs the hash values only if the obtain hash values are consistent or equal))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Roscoe within the teachings of Kalika and Lum to include the signing of the generated second hash and provide the signed second hash to the client device after a determination is made that there is a match and not signing the second hash if there is not a match because of the analogous concept of verification of software components using hash values. Roscoe includes a process of signing the generated second has and providing the signed second hash to a device only after there is a match. This is important because it creates an additional layer of protection because of not only generating a second hash but by signing it so that only the corresponding authorized entity can have access based on the keys used to sign. This enhances the level of verification and in return leads to software products and application being created to avoid tampering or compromise and maintain the integrity of the system as a whole.



Claims 8 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”) and of Zimmermann et al. (U.S Pub. No. 20190065171, hereinafter referred to as “Zimmermann”) in further view of Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”)


Regarding Independent Claim 8 (Currently Amended), Kalika teaches a non-transitory machine-readable storage medium storing instructions that upon execution cause a processor to: (Col. 1 lines 35-45 “In general, in one or more aspects, the invention relates to a non-transitory computer readable medium that comprises computer readable program code for: receiving, from a host server in a serverless computing architecture, a list of functions comprising a deployed function on the host server,”; non-transitory machine (computer) readable storage medium))
receive, by a signing server, a program file and a first hash from a client device, wherein the first hash is generated by the client device based on a ……. program file, ((Col. 3 lines 58-67 and Col. 4 lines 1-5 “The deployment package (118) is a computer file that includes one or more executable files (e.g., executable file (120)), the metadata (122) for deploying the one or more executable files, the catalog (124), and the host server list (126), which are further described below. In one or more embodiments, the executable files are stored in an archive file in the deployment package (118). In one or more embodiments, the executable file (120) includes a set of instructions generated from the source code (116) by the continuous integration server (106). The type of instructions depend on the type of programming language used and can contain binary code (generated from, e.g., assembly, C, C++, Go), byte code (from Java), high-level code (from Python, JavaScript), etc.”; program file (executable file corresponding to archive and programming language (Java)), (Col. 6 lines 57-62 “hash values are generated and transmitted by the host server to the continuous deployment server. The hash values can be generated for a set of one or more of the executable files within the deployment package. The hash values are generated in response to the deployment package being received and deployed on to the host server.”; receive a program file and a first hash by a signing server (hash values are generated and transmitted [..] being received by server)), (Col. 6 lines 13-17 “the deployment package is generated by the continuous integration server. In one or more embodiments, the deployment package is generated by collecting the set of executable files and metadata into an archive file that forms the deployment package.”; receiving a program file (collecting the set of executable files)), (Col. 6 lines 4-12 “ the signature for a function is generated by hashing the executable files in the deployment package to generate an original hash value that is used as the message of the digital signature.”; the first hash is generated based on the program file ( signature is generated by hashing the executable files to generate an original hash)), (Col. 15 lines 45-50 “The nodes may include functionality to receive requests from the client device (426) and transmit responses to the client device (426). The client device (426) may be a computing system, such as the computing system shown in FIG. 4A. Further, the client device (426) may include and/or perform all or a portion of one or more embodiments of the invention.”; client device performing all functions))
generate, by the signing server, a second hash based on ….. the program file; (Claim 1 “wherein: the list of functions includes a second hash value for the deployed function, and the second hash value is generated by the host server in response to receiving the request for the list of functions after the function is deployed”; generating of second hash), (Col. 5 lines 1-15 “ The hash value can be generated on demand in response to a request for the function list (134). Each executable file can have an individual hash value that is generated by applying a hashing algorithm to the executable file. Additional and alternative embodiments can generate additional hash values from the hash values generated for the individual executable files.”; generate a second hash based on the program file (generate additional hash values generated for individual executable files), (Col. 4 lines 10-15 “a set of hash values for the deployment package (118).”; second hash based on the program file (set of hash values for deployment package)), (Col. 4 lines 20-35 “the hash value generated by the continuous integration server (106). If the same hashing algorithm is applied to the same executable files, then each hash file should match. The hash files generated by the host servers can include additional information that is unique to each host server so that each hash file will be distinct.”; generate by a signing server a second hash (continuous integration server generates hash value that is compared to another hash value)), (Col. 9 lines 45-55 “the tested files are signed. In one or more embodiments, the continuous integration server (306) signs the tested files using a private key that was provided by the developer with the developer device (302). In one or more embodiments, the signing process involves hashing the tested files to generate a hash value”; by the signing server to generate a second hash (continuous integration server signs the files to generate a hash))
determine whether the generated second hash matches the received first hash; ((Col. 7 lines 58-62 “ the original hash value is recovered by decrypting the digital signature using the public key. When the deployed function hash value matches the original hash value, the deployed function is validated.”; determination that the generated second hash matches ( hash value matches original hash value)), (Col. 10 lines 41-50 “The continuous deployment server (310) hashes the executable files of the deployment package to generate a hash value that is compared with the recovered hash value. If the generated hash value does not match the recovered hash value, then the deployment package may have been tampered with and the continuous deployment server (310) will not deploy the deployment package to the host server (312).”; determination that the generated second hash matches the first received hash (hash value that is compared with the recovered hash value [..] match)),), (Col. 7 lines 8-15 “ hash values for one or more executable files from the deployment package that form the function, and then transmits the function list to the validator. The hash values in the function list are newly generated in response to the request for the function list from the validator.”; second hash (hash values) corresponding to signed tested files (executable files)), (Col. 4 lines 20-35 “ hash value (130) is a cryptographic hash value generated from the executable file (120). In one or more embodiments, the cryptographic hash value is generated using a hash algorithm, examples of which include message digest 5 (MD5), secure hash algorithms  [..] If the same hashing algorithm is applied to the same executable files, then each hash file should match. The hash files generated by the host servers can include additional information that is unique to each host server so that each hash file will be distinct. “; hash value corresponding to executable file))  
However Kalika does not explicitly teach sign, by the signing server, the generated second hash: by the signing server, the signed second hash to the client device.   wherein the received program file is an original version of the program file; modified version of the program file, the modified version of, in response to a determination that the received program file does not include malicious content, sign, by the signing server, the generated second hash; and provide, by the signing server, the signed second hash to the client device.
Wherein Lum teaches, sign, by the signing server, the generated second hash; and (Par. (0015) “one or more programming languages, including an object oriented programming language such as Smalltalk, C++, or the like, and procedural programming languages, such as the “C” programming language or similar programming languages.”; corresponding to program file (programming/ C/C++)), (Par. (0024) “plurality of different software update servers, identifiers and network addresses for a plurality of different client devices, software updates, software update behavior profiles, and the like”; software update and software update behavior profiles), (Par. (0033) “Software update manager 218 runs update executable 224 on a plurality of secure platforms over multiple iterations. While running update executable 224 on the plurality of secure platforms, software update manager 218 collects update executable metrics [..] represent measurements corresponding to software update 222, such as, for example, what actions or tasks software update 222 performs during normal execution. Software update manager 218 utilizes classifier 220 to generate update behavior profile 228 based on collected update executable metrics 226 over the multiple runs. Update behavior profile 228 represents a stored profile corresponding to software update 222 that describes the normal behavior or characteristics of software update 222 while running. Thus, update behavior profile 228 is a behavior-based profile that provides a description of what the behavior of update executable 224 is (e.g., what files update executable 224 writes to, what system calls update executable 224 makes, and the like)”; software manager corresponding to software update, update executable and update behavior profile), (Par. (0034)  “Software update manager 218 [..] digitally signs the hash of update executable 224 and update behavior profile 228 using, for example, a private key corresponding to a provider or owner of software update 222. Digital signature is the process of using Public Key Infrastructure (PKI) to attest to the integrity and authenticity of update package 230 that includes cryptographically signed update executable and behavior profile 232”; sign the generated second hash (software update manager digitally signs hash of update executable and update behavior profile))
and provide, by the signing server, the signed second hash to the client device. (Par. (0015) “one or more programming languages, including an object oriented programming language such as Smalltalk, C++, or the like, and procedural programming languages, such as the “C” programming language or similar programming languages.”; corresponding to program file (programming/ C/C++)), (Par. (0024) “plurality of different software update servers, identifiers and network addresses for a plurality of different client devices, software updates, software update behavior profiles, and the like”; software update and software update behavior profiles), (Par. (0033) “Software update manager 218 runs update executable 224 on a plurality of secure platforms over multiple iterations. While running update executable 224 on the plurality of secure platforms, software update manager 218 collects update executable metrics [..] represent measurements corresponding to software update 222, such as, for example, what actions or tasks software update 222 performs during normal execution. Software update manager 218 utilizes classifier 220 to generate update behavior profile 228 based on collected update executable metrics 226 over the multiple runs. Update behavior profile 228 represents a stored profile corresponding to software update 222 that describes the normal behavior or characteristics of software update 222 while running. Thus, update behavior profile 228 is a behavior-based profile that provides a description of what the behavior of update executable 224 is (e.g., what files update executable 224 writes to, what system calls update executable 224 makes, and the like)”; software manager corresponding to software update, update executable and update behavior profile), (Par. (0034)  “Software update manager 218 [..] digitally signs the hash of update executable 224 and update behavior profile 228 using, for example, a private key corresponding to a provider or owner of software update 222. Digital signature is the process of using Public Key Infrastructure (PKI) to attest to the integrity and authenticity of update package 230 that includes cryptographically signed update executable and behavior profile 232”; sign the generated second hash (software update manager digitally signs hash of update executable and update behavior profile))
modified version of the program file (Par. (0052) “that an update that installs a certain package writes to certain files. For example, a library update may write to a user library. Therefore, illustrative embodiments generate a behavioral profile for the update based on this information. When the update is being run, [..]  is modifying a configuration file”; modified version of the program file (modifying a configuration file)
the modified version of (Par. (0052) “that an update that installs a certain package writes to certain files. For example, a library update may write to a user library. Therefore, illustrative embodiments generate a behavioral profile for the update based on this information. When the update is being run, [..]  is modifying a configuration file”; modified version of the program file (modifying a configuration file)
 in response to a determination that the received program file does not include malicious content, (Par. (0048)” If execution of the software update leads to anomalous behavior that does not match the information in the update behavior profile (e.g., the update behavior profile indicates that the software update writes file “a.txt” with hash “ab3d . . .”, but the update executable writes the same file with a different hash “48fd . . .”.),; in response to determination ( if the hashes do not match (comparing of software updates)), (Par. (0074) “The computer verifies behavior of the software update during execution matches the update behavior profile of the software update (step 720).”; in response to determination (matching of the software updates)), (Par. (0033) “software update manager 218 may use the information contained in update behavior profile 228 to detect whether software update 222 is performing normal activity or malicious activity while running on a client device based on comparing the information contained within update behavior profile 228 with metrics collected from the client device.”; in response to determination the program file does not include malicious content (to detect whether software update is performing normal activity [..] based on comparing information contained))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Lum within the teachings of Kalika to include signing by a signing server a second hash a modified version of a program file and in response to a determination that the received program file does not include malicious content because of the analogous concept of software development stages and secure protection of program files from malicious content such as spyware, viruses etc. Lum includes a process of signing a second hash, determining that the program file does not include malicious content and signing the generated second hash, this is significant because it addresses the issue and provides a solution of program files being overly exposed over a network and how malicious content such as Trojan attacks, viruses and other malware may be inserted into a program file before being signed. By detecting whether the malicious content is not included it allows the server to authenticity sign the program file and confirm that the sensitive data has not been modified, altered, tampered or compromised in any way. Lum also discloses the signing of the generated second hash, this is significant because signing the hash provides an indication to the user that the program file is safe and that there is no malicious content present. The process of the signing the second hash ensures software developers that there is a decreased chance or less likelihood that malicious content has reached the program file before the final production of the software and in return saves time, development costs as well as provide a confirmation that the software is securely protected.
The motivation to combine these references is by implementing a determination or detection mechanism to identify when there is no malicious content included in the program file the software developers can proceed to the final stages of production unimpeded as well as transfer software application data to external locations without concern of inauthenticity before the contents are signed.  
However Kalika and Lum do not explicitly teach wherein the received program file is an original version of the program file; in response to a determination that the generated second hash matches the received first hash, sign, by the signing server, the generated second hash and provide, by the signing server, the signed second hash to the client device, wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.
Wherein Zimmermann teaches wherein the received program file is an original version of the program file; (Par. (0024) “binary programs 110 (sometimes shortened to “binaries” 110). A binary program 110 may, in some embodiments, include a [..] from the original source code for a particular upgrade”; original version of the program file (binary programs corresponding to original source code)), (Par. (0014) “multiple different binary programs can include a first binary program for a first OS kernel version, and a second binary program for a second OS kernel version. Each binary program may be associated with the software upgrade and may include a code section and a data section”; original version of the program file (first binary program with code section)), (Par. (0016) “may receive a binary program that is associated with a software upgrade.”; received program file (receive a binary program associated with software))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Zimmermann within the teachings of Kalika and Lum to include the received program file being an original version of the program file because of the analogous concept of programs, applications and files in the process of software development. Zimmermann includes a process in which the received program file is an original version of the program file. This is important because it allows software developer when building, testing and deploying application to have a means for comparing the original application against and updates, modification or other changes during the software development process. By having a received original application virus, malicious content and other harmful malware attacks can be identified earlier on in the process and help securely protect the product before it is finalized and deployed. This further enhances the software development process by implementing a detection mechanism before the program files are signed and leads to less susceptibility or exposure before the verification process is concluded. 
However the combination of Kalika, Lum and Zimmerman do teach not explicitly teach in response to a determination that the generated second hash matches the received first hash, sign, by the signing server, the generated second hash and provide, by the signing server, the signed second hash to the client device, wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.
Wherein Roscoe teaches determine whether the generated second hash matches the received first hash; (Par. (0016) “and comparing the obtained hash value with a hash value in the first subset of hash values corresponding to said each key, [..] if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values”; determining whether the second hash matches the first hash (comparing the obtained hash value with a hash value in the first subset [..] if the hash values are consistent)), (Par. (0049) “can obtain a hash value of a correspondence between each key in the received keys and the user identifier of the user respectively, and then compare the obtained hash values with the corresponding hash values in the first subset of hash values. If the obtained hash values are identical to (e.g., consistent with) the corresponding hash values in the first subset of hash values,”; second hash matches the received first hash ( obtain hash value is the compared [..] hash values are identical))
 in response to a determination that the generated second hash matches the received first hash, sign, by the signing server, the generated second hash (Par. (0016) “and comparing the obtained hash value with a hash value in the first subset of hash values corresponding to said each key, and signing all hash values received from the user except the first subset of hash values if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values”; determination that the generated second hash matches the received first hash (comparing the obtained hash value with a hash value in the first subset) sign the generated second hash (signing all hash values received from the user corresponding to the comparison if the hash values are consistent))
and provide, by the signing server, the signed second hash to the client device, (Figure 5 labels 501, 502 “Signature of hash (A kA) or hash (A, kA, t)”; provide the signed second hash to the client device (signature of hash is sent back to client device 501))
wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed. (Par. (0079) “and compare the obtained hash value with a corresponding hash value in the first subset of hash values. Further, the certificate authority 502 can be configured to sign all hash values received from the client 501 except the first subset of hash values if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values. In the embodiment, if all the obtained hash values are consistent with or equal to the corresponding hash values in the first subset of hash values,”; upon determination that the generated second hash dos not match (compare the obtained hash value with a corresponding hash value) the second generated hash value is not signed ( certificate authority signs the hash values only if the obtain hash values are consistent or equal))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Roscoe within the teachings of Kalika and Lum to include the signing of the generated second hash only after a determination is made that there is a match and providing the signed second hash to the client because of the analogous concept of verification of software components using hash values. Roscoe includes a process of signing the generated second has and providing the signed second hash to a device only after a determination has been made that there is a match. This is important because it creates an additional layer of protection because of not only generating a second hash but by signing it so that only the corresponding authorized entity can have access based on the keys used to sign. This enhances the level of verification and in return leads to software products and application being created to avoid tampering or compromise and maintain the integrity of the system as a whole.



Regarding Independent Claim 14 (Currently Amended), Kalika teaches a method, comprising:  
a signing server receiving, from a client device, a program file and a first hash based on the program file, wherein the first hash is generated by the client device;  (Figure 2 Step 216; a signing server receiving from a client device (host server transmitting hash to continuous deployment server), (Col. 3 lines 58-67 and Col. 4 lines 1-5 “The deployment package (118) is a computer file that includes one or more executable files (e.g., executable file (120)), the metadata (122) for deploying the one or more executable files, the catalog (124), and the host server list (126), which are further described below. In one or more embodiments, the executable files are stored in an archive file in the deployment package (118). In one or more embodiments, the executable file (120) includes a set of instructions generated from the source code (116) by the continuous integration server (106). The type of instructions depend on the type of programming language used and can contain binary code (generated from, e.g., assembly, C, C++, Go), byte code (from Java), high-level code (from Python, JavaScript), etc.”; program file (executable file corresponding to archive and programming language (Java)), (Col. 6 lines 57-62 “hash values are generated and transmitted by the host server to the continuous deployment server. The hash values can be generated for a set of one or more of the executable files within the deployment package. The hash values are generated in response to the deployment package being received and deployed on to the host server.”; receive a program file and a first hash (hash values are generated and transmitted [..] being received)), (Col. 6 lines 13-17 “the deployment package is generated by the continuous integration server. In one or more embodiments, the deployment package is generated by collecting the set of executable files and metadata into an archive file that forms the deployment package.”; receiving a program file (collecting the set of executable files)), (Col. 6 lines 4-12 “ the signature for a function is generated by hashing the executable files in the deployment package to generate an original hash value that is used as the message of the digital signature.”; the first hash is generated based on the program file ( signature is generated by hashing the executable files to generate an original hash)), (Col. 15 lines 45-50 “The nodes may include functionality to receive requests from the client device (426) and transmit responses to the client device (426). The client device (426) may be a computing system, such as the computing system shown in FIG. 4A. Further, the client device (426) may include and/or perform all or a portion of one or more embodiments of the invention.”; client device performing all functions))
the signing server determining whether the program file includes malicious content; (Col. 8 lines 6-20 “ the validation process will fail when the deployed function hash value does not match, i.e., a mismatch, the original hash value that is either recovered from the digital signature or retrieved from the deployment repository. The mismatch is an indication that the deployed function has been tampered with”; determining program file includes malicious content (has been tampered with)), (Col. 6 lines 13-20 “ the deployment package is validated by the continuous deployment server. In one or more embodiments, the continuous deployment server validates the deployment package by generating a deployment package hash value, recovering the original hash value from the digital signature generated by the continuous integration server (discussed above in Step 206), and comparing”; signing server ( continuous deployment server) determines whether the program file includes malicious content (validates by comparing hash values))
the signing server generating a second hash based on the program file; (Col. 6 lines 18-30 “the original hash value from the digital signature generated by the continuous integration server (discussed above in Step 206), and comparing the deployment package hash value from the continuous deployment server to the original hash value from the continuous integration server. The deployment package hash value is generated by the continuous deployment server by applying a hashing algorithm to one or more of the executable files within the deployment package.”; signing server generating a second hash (continuous deployment server generates hash value in contrast to original hash from host)), (Claim 1 “wherein: the list of functions includes a second hash value for the deployed function, and the second hash value is generated by the host server in response to receiving the request for the list of functions after the function is deployed”; generating of second hash), (Col. 5 lines 1-15 “ The hash value can be generated on demand in response to a request for the function list (134). Each executable file can have an individual hash value that is generated by applying a hashing algorithm to the executable file. Additional and alternative embodiments can generate additional hash values from the hash values generated for the individual executable files.”; generate a second hash based on the program file (generate additional hash values generated for individual executable files))
the signing server determining whether the first hash matches the second hash; and  in response to a determination that the first hash matches the second hash, 
((Col. 7 lines 58-62 “ the original hash value is recovered by decrypting the digital signature using the public key. When the deployed function hash value matches the original hash value, the deployed function is validated.”; determination that the generated second hash matches ( hash value matches original hash value)), (Col. 10 lines 41-50 “The continuous deployment server (310) hashes the executable files of the deployment package to generate a hash value that is compared with the recovered hash value. If the generated hash value does not match the recovered hash value, then the deployment package may have been tampered with and the continuous deployment server (310) will not deploy the deployment package to the host server (312).”; determination that the generated second hash matches the first received hash (hash value that is compared with the recovered hash value [..] match)), (Col. 9 lines 40-46 “the tested files are signed. In one or more embodiments, the continuous integration server (306) signs the tested files using a private key that was provided by the developer with the developer device (302). In one or more embodiments, the signing process involves hashing the tested files to generate a hash value and encrypting the hash value using the private key to generate a digital signature.”; sign the generated second hash (test files are signed [..]signing process includes hashing the tested files [..] generate a signature)), (Col. 7 lines 8-15 “ hash values for one or more executable files from the deployment package that form the function, and then transmits the function list to the validator. The hash values in the function list are newly generated in response to the request for the function list from the validator.”; second hash (hash values) corresponding to signed tested files (executable files)), (Col. 4 lines 20-35 “ hash value (130) is a cryptographic hash value generated from the executable file (120). In one or more embodiments, the cryptographic hash value is generated using a hash algorithm, examples of which include message digest 5 (MD5), secure hash algorithms  [..] If the same hashing algorithm is applied to the same executable files, then each hash file should match. The hash files generated by the host servers can include additional information that is unique to each host server so that each hash file will be distinct. “; hash value corresponding to executable file)) (Col.6 lines 18-35 “the original hash value from the digital signature generated by the continuous integration server (discussed above in Step 206), and comparing the deployment package hash value from the continuous deployment server to the original hash value from the continuous integration server. The deployment package hash value is generated by the continuous deployment server by applying a hashing algorithm to one or more of the executable files”; second signed hash (original hash value compared to deployment package hash value) corresponding to executable files (one or more executable files)), (Col. 5 lines 1-15 “ hash value for one or more of the executable files (120) from the deployment package (118) that form the function (132) deployed on the host server (112). The hash value can be generated on demand in response to a request for the function list (134). Each executable file can have an individual hash value that is generated by applying a hashing algorithm to the executable file. Additional and alternative embodiments can generate additional hash values from the hash values generated for the individual executable files.”; second signed hash corresponding to executable file (hash values/additional hash values [..] for one or more of the executable files))
However Kalika does not explicitly teach the signing server signing the second hash sending the signed second hash to the client device in response to a determination that the program file does not include the malicious content, the signing server signing the second hash and wherein the program file is not sent from the signing server to the client device, wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed.
Wherein Lum teaches the signing server signing the second hash (Par. (0015) “one or more programming languages, including an object oriented programming language such as Smalltalk, C++, or the like, and procedural programming languages, such as the “C” programming language or similar programming languages.”; corresponding to program file (programming/ C/C++)), (Par. (0024) “plurality of different software update servers, identifiers and network addresses for a plurality of different client devices, software updates, software update behavior profiles, and the like”; software update and software update behavior profiles), (Par. (0033) “Software update manager 218 runs update executable 224 on a plurality of secure platforms over multiple iterations. While running update executable 224 on the plurality of secure platforms, software update manager 218 collects update executable metrics [..] represent measurements corresponding to software update 222, such as, for example, what actions or tasks software update 222 performs during normal execution. Software update manager 218 utilizes classifier 220 to generate update behavior profile 228 based on collected update executable metrics 226 over the multiple runs. Update behavior profile 228 represents a stored profile corresponding to software update 222 that describes the normal behavior or characteristics of software update 222 while running. Thus, update behavior profile 228 is a behavior-based profile that provides a description of what the behavior of update executable 224 is (e.g., what files update executable 224 writes to, what system calls update executable 224 makes, and the like)”; software manager corresponding to software update, update executable and update behavior profile), (Par. (0034)  “Software update manager 218 [..] digitally signs the hash of update executable 224 and update behavior profile 228 using, for example, a private key corresponding to a provider or owner of software update 222. Digital signature is the process of using Public Key Infrastructure (PKI) to attest to the integrity and authenticity of update package 230 that includes cryptographically signed update executable and behavior profile 232”; sign the generated second hash (software update manager digitally signs hash of update executable and update behavior profile))
 in response to a determination that the program file does not include the malicious content (Par. (0048)” If execution of the software update leads to anomalous behavior that does not match the information in the update behavior profile (e.g., the update behavior profile indicates that the software update writes file “a.txt” with hash “ab3d . . .”, but the update executable writes the same file with a different hash “48fd . . .”.),; in response to determination ( if the hashes do not match (comparing of software updates)), (Par. (0074) “The computer verifies behavior of the software update during execution matches the update behavior profile of the software update (step 720).”; in response to determination (matching of the software updates)), (Par. (0033) “software update manager 218 may use the information contained in update behavior profile 228 to detect whether software update 222 is performing normal activity or malicious activity while running on a client device based on comparing the information contained within update behavior profile 228 with metrics collected from the client device.”; in response to determination the program file does not include malicious content (to detect whether software update is performing normal activity [..] based on comparing information contained))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Lum within the teachings of Kalika for the reasons discussed in independent claim 8 states above.
However Kalika and Lum do not explicitly teach wherein the program file is not sent from the signing server to the client device.
Wherein Zimmermann teaches wherein the program file is not sent from the signing server to the client device. ((Par. (0024) “to the host computing devices 102, binary programs 110 (sometimes shortened to “binaries” 110). A binary program 110 may, in some embodiments, include a driver corresponding to an upgrade to the security agent 108 software that is installed on the respective computing devices 102. An individual binary program 110 may correspond to a specific OS kernel version for which the binary 110”; binaries meaning binary programs), (Par. (0013) “the remote security system is configured to suppress the binaries by sending a representative binary from an individual subset of identical binaries to the host computing devices that run the different OS kernel versions corresponding to the binaries in the subset. Thus, “suppressing” binaries, as used herein, means refraining from sending one or more binaries, or data related thereto, to one or more host computing devices”; the program file is not sent from the signing server to the client device (suppressing binary programs that mean refraining from sending from the remote security system to the computing devices))
(Par. (0053) “the binary comparator 120 of the remote security system 104 may determine subsets of identical binaries 110 from among the overall set of binaries 110 [..] include a unique signature (or identification data) that pertains to a particular OS kernel version, among other unique characteristics and/or data”; signing server (remote security system with signature))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Zimmermann within the teachings of Kalika and Lum for the reasons discussed in independent claim 8 states above.
However Kalika, Lum and Zimmerman do not explicitly teach sending the signed second hash to the client device, wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed..
Wherein Roscoe teaches the signing server determining whether the first hash matches the second hash; and ( Par. (0016) “and comparing the obtained hash value with a hash value in the first subset of hash values corresponding to said each key, [..] if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values”; determining whether the second hash matches the first hash (comparing the obtained hash value with a hash value in the first subset [..] if the hash values are consistent)), (Par. (0049) “can obtain a hash value of a correspondence between each key in the received keys and the user identifier of the user respectively, and then compare the obtained hash values with the corresponding hash values in the first subset of hash values. If the obtained hash values are identical to (e.g., consistent with) the corresponding hash values in the first subset of hash values,”; second hash matches the received first hash ( obtain hash value is the compared [..] hash values are identical))
in response to a determination that the first hash matches the second hash, (Par. (0016) “and comparing the obtained hash value with a hash value in the first subset of hash values corresponding to said each key, and signing all hash values received from the user except the first subset of hash values if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values”; determination that the generated second hash matches the received first hash (comparing the obtained hash value with a hash value in the first subset) sign the generated second hash (signing all hash values received from the user corresponding to the comparison if the hash values are consistent))
 sending the signed second hash to the client device. (Figure 5 labels 501, 502 “Signature of hash (A kA) or hash (A, kA, t)”; sending the signed second hash to the client device (signature of hash is sent back to client device 501))
wherein, upon a determination that the generated second hash does not match the received first hash, the generated second hash is not signed. (Par. (0079) “and compare the obtained hash value with a corresponding hash value in the first subset of hash values. Further, the certificate authority 502 can be configured to sign all hash values received from the client 501 except the first subset of hash values if all the obtained hash values are correspondingly consistent with the hash values in the first subset of hash values. In the embodiment, if all the obtained hash values are consistent with or equal to the corresponding hash values in the first subset of hash values,”; upon determination that the generated second hash dos not match (compare the obtained hash value with a corresponding hash value) the second generated hash value is not signed ( certificate authority signs the hash values only if the obtain hash values are consistent or equal))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Roscoe within the teachings of Kalika, Lum and Zimmermann for the reasons discussed in independent claim 8 states above.

Claims 2-3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”) and Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) in further view of Xiao et al. (U.S No. 10547626, hereinafter referred to as “Xiao”)

Regarding Dependent Claim 2 (Original), the combination of Kalika, Lum, and Roscoe do not explicitly teach the computing device of claim 1, the instructions executable by the processor to:  apply a hash function to a modified header of the program file to generate the second hash, wherein the modified header of the program file includes a defined string in place of a header field in an original header of the program file.
Wherein Xiao teaches the computing device of claim 1, the instructions executable by the processor to:  (Col. 2 lines 15-22 “ a processor, such as a processor configured to execute instructions stored on and/or provided by a memory coupled to the processor.”; instructions executable by a processor) 
apply a hash function to a modified header of the program file to generate the second hash, wherein the modified header of the program file includes a defined string in place of a header field in an original header of the program file. (Col. 2 lines 64-66 and Col 3 liens 1-5 “The term “application” is used throughout the Specification to collectively refer to programs, bundles of programs, manifests, packages, etc., irrespective of form/platform. As used herein, an “original” application is one built from source or other code (e.g., Java/C/C++), typically by an author, developer, maintainer, or other entity with access to the applicable code, and typically signed by such an individual/entity”; program file (programs corresponding to JAVA/C/C++)), (Col. 17 lines 10-25 “In the header of a DEX file, two included fields are: the Adler32 checksum of the rest data, and the SHA-1 hash value of the rest data. When the APK is compiled using the Android SDK, the first checksum and the second hash value will all be valid regarding related data in the DEX file. This is seen in FIG. 19A, which is a representation of a portion of a DEX file from an original APK. When the APK is compiled/generated by other tools, the first checksum and/or the second hash value”; applying a hash function to a modified header of the program file ( header of DEX file includes SHA-1 hash value) to generate the second hash ( generated by [..] second hash value)), (Col. 13 lines 19-45 “ The header of a DEX file (an example of which is shown in FIG. 7) includes a checksum, signature, file_size, and header_size. A DEX file further includes a string list (also referred to as a string table), an example of which is shown in FIG. 8. For each item in the string table, the offset of the string is provided (as string_data_off). A DEX file further includes a map list (also referred to as a map table), an example of which is shown in FIG. 9 at 902. Each item in the table has a name, a size value, and an offset value. In the map table shown in FIG. 10, the highlighted item (1002) is named TYPE_STRING_ID_ITEM with size 2187 and offset 112”; modified header of the program file includes a defined string (DEX file includes string list)), (Figure 7 label “struct dex_magic magic” and Figure 8 “struct string id_list dex_string_ids”; a defined string in place of a header field in the original header of a program file))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Xiao within the teachings of Kalika, Lum and Roscoe to include apply a hash function to a modified header of the program file to generate the second hash, wherein the modified header of the program file includes a defined string in place of a header field in an original header of the program file because of the analogous concept of software development stages and secure protection of program files using signatures and hashes.  Xiao includes a process of applying a hash function to the header of the program file to generate the second hash as well as the header of the program file including a defined string in place of the original header. This is significant because by applying a hash function to the header of the program file the user or software developer in the testing or operational stage of the development process before final production can have a means of comparison based on the generation of the second hash and matching it with the first hash. By having a string in place of the original header as well as the hash function the user will be able to determine more effectively and efficiently whether the program file has malware, malicious content or unauthorized user’s further tampering or modifying the program file before it is signed and sent to final production and/or transmitted externally. This in return leads to high credibility and integrity in the system. 

Regarding Dependent Claim 3 (Original), the combination of Kalika, Lum and Roscoe do not explicitly teach the computing device of claim 2, wherein the first hash is generated by the client device by applying the hash function to the modified header of the program file.
Wherein Xiao teaches the computing device of claim 2, wherein the first hash is generated by the client device by applying the hash function to the modified header of the program file. (Col. 13 lines 19-45 “ The header of a DEX file (an example of which is shown in FIG. 7) includes a checksum, signature, file_size, and header_size”; applying a hash function to the modified header of the program file (signature included in header of DEX file)), (Col. 17 lines 10-25 “In the header of a DEX file, two included fields are: the Adler32 checksum of the rest data, and the SHA-1 hash value of the rest data.”; first hash is generated ( header of DEX file includes SHA-1 hash value))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Xiao to the teachings of Kalika, Lum and Roscoe for the same reasons discussed in dependent claim 2.


Claims 9, 12 and 15-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”), Zimmermann et al. (U.S Pub. No. 20190065171, hereinafter referred to as “Zimmermann”) and Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) in further view of Xiao et al. (U.S No. 10547626, hereinafter referred to as “Xiao”)


Regarding Dependent Claim 9 (Original), the combination of Kalika, Lum, Zimmermann and Roscoe teach the non-transitory machine-readable storage medium of claim 8,  Kalika further teaches the non-transitory machine-readable storage medium of claim 8, (Col. 1 lines 35-45 “In general, in one or more aspects, the invention relates to a non-transitory computer readable medium that comprises computer readable program code for: receiving, from a host server in a serverless computing architecture, a list of functions comprising a deployed function on the host server,”; non-transitory machine (computer) readable storage medium))
However Kalika, Lum, Zimmermann and Roscoe do not explicitly teach wherein the modified version of the program file includes a defined string in place of a header field in the original version of the program file.
wherein the modified version of the program file includes a defined string in place of a header field in the original version of the program file. (Col. 2 lines 64-66 and Col 3 liens 1-5 “The term “application” is used throughout the Specification to collectively refer to programs, bundles of programs, manifests, packages, etc., irrespective of form/platform. As used herein, an “original” application is one built from source or other code (e.g., Java/C/C++), typically by an author, developer, maintainer, or other entity with access to the applicable code, and typically signed by such an individual/entity”; program file (programs corresponding to JAVA/C/C++)), (Col. 13 lines 19-45 “ The header of a DEX file (an example of which is shown in FIG. 7) includes a checksum, signature, file_size, and header_size. A DEX file further includes a string list (also referred to as a string table), an example of which is shown in FIG. 8. For each item in the string table, the offset of the string is provided (as string_data_off). A DEX file further includes a map list (also referred to as a map table), an example of which is shown in FIG. 9 at 902. Each item in the table has a name, a size value, and an offset value. In the map table shown in FIG. 10, the highlighted item (1002) is named TYPE_STRING_ID_ITEM with size 2187 and offset 112”; modified version of the program file includes a defined string (DEX file includes string list)), (Figure 7 label “struct dex_magic magic” and Figure 8 “struct string id_list dex_string_ids”; a defined string in place of a header field in the original version of a program file))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Xiao within the teachings of Kalika, Lum, Zimmermann and Roscoe to include the modified header of the program file includes a defined string in place of a header field in an original version of the program file because of the analogous concept of software development stages and secure protection of program files using signatures and hashes.  Xiao includes a process of the header of the program file including a defined string in place of the original header. This is significant because by applying a hash function to the header of the program file the user or software developer in the testing or operational stage of the development process before final production can have a means of comparison based on the generation of the second hash and matching it with the first hash. By having a string in place of the original header as well as the hash function the user will be able to determine more effectively and efficiently whether the program file has malware, malicious content or unauthorized user’s further tampering or modifying the program file before it is signed and sent to final production and/or transmitted externally. This in return leads to high credibility and integrity in the system. 

Regarding Dependent Claims 12 (Original), the combination of Kalika, Lum, Zimmermann and Roscoe teach the non-transitory machine-readable storage medium of claim 8, Kalika further teaches the non-transitory machine-readable storage medium of claim 8, (Col. 1 lines 35-45 “In general, in one or more aspects, the invention relates to a non-transitory computer readable medium that comprises computer readable program code for: receiving, from a host server in a serverless computing architecture, a list of functions comprising a deployed function on the host server,”; non-transitory machine (computer) readable storage medium))
 and wherein the second hash is generated by the signing server by applying the first hash function to the modified version of the program file. ((Col. 6 lines 18-30 “the original hash value from the digital signature generated by the continuous integration server (discussed above in Step 206), and comparing the deployment package hash value from the continuous deployment server to the original hash value from the continuous integration server. The deployment package hash value is generated by the continuous deployment server by applying a hashing algorithm to one or more of the executable files within the deployment package.”; signing server generating a second hash (continuous deployment server generates hash value in contrast to original hash from host)), (Claim 1 “wherein: the list of functions includes a second hash value for the deployed function, and the second hash value is generated by the host server in response to receiving the request for the list of functions after the function is deployed”; generating of second hash), (Col. 5 lines 1-15 “ The hash value can be generated on demand in response to a request for the function list (134). Each executable file can have an individual hash value that is generated by applying a hashing algorithm to the executable file. Additional and alternative embodiments can generate additional hash values from the hash values generated for the individual executable files.”; generate a second hash based on the program file (generate additional hash values generated for individual executable files)), (Col. 54 lines 20-40 “a cryptographic hash value generated from the executable file (120). In one or more embodiments, the cryptographic hash value is generated using a hash algorithm, examples of which include message digest 5 (MD5), secure hash algorithms (SHA-0, SHA-1, SHA-2, SHA-3, SHA-256), RACE Integrity Primitives Evaluation Message Digest (RIPEMD), etc. The hash value (130) can be generated by the continuous integration server (106) after the executable files have been created.”; applying a first hash function (SHA-1, hash algorithm by the signing server (continuous integration server))
However Kalika, Lum, Zimmermann and Roscoe do not explicitly teach wherein the first hash is generated by the client device by applying a first hash function to the modified version of the program file,
Wherein Xiao teaches wherein the first hash is generated by the client device by applying a first hash function to the modified version of the program file, (Col. 2 lines 64-66 and Col 3 liens 1-5 “The term “application” is used throughout the Specification to collectively refer to programs, bundles of programs, manifests, packages, etc., irrespective of form/platform. As used herein, an “original” application is one built from source or other code (e.g., Java/C/C++), typically by an author, developer, maintainer, or other entity with access to the applicable code, and typically signed by such an individual/entity”; program file (programs corresponding to JAVA/C/C++)), (Col. 17 lines 10-25 “In the header of a DEX file, two included fields are: the Adler32 checksum of the rest data, and the SHA-1 hash value of the rest data. When the APK is compiled using the Android SDK, the first checksum and the second hash value will all be valid regarding related data in the DEX file. This is seen in FIG. 19A, which is a representation of a portion of a DEX file from an original APK. When the APK is compiled/generated by other tools, the first checksum and/or the second hash value”; applying a hash function to a modified header of the program file ( header of DEX file includes SHA-1 hash value) to generate the second hash ( generated by [..] second hash value)),
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Xiao within the teachings of Kalika, Lum, Zimmermann and Roscoe for the reasons discussed in dependent claim 9 stated above.


Regarding Dependent Claim 17, claim 17 recite similar limitations to dependent claim 9 and the teachings of Kalika, Lum, Zimmermann, Roscoe and Xiao address all the limitations discussed in claim 9 and are thereby rejected under the same grounds. 


	Regarding Dependent Claim 15 (Original), the combination of Kalika, Lum, Zimmermann and Roscoe do not explicitly teach the method of claim 14, further comprising: applying, by the client device, a hash function to a modified header of the program file to generate the first hash.
	Wherein Xiao teaches the method of claim 14, further comprising: applying, by the client device, a hash function to a modified header of the program file to generate the first hash. (Col. 17 lines 28-35 “n the header of a DEX file, two included fields are: the Adler32 checksum of the rest data, and the SHA-1 hash value”; hash function to modified header of program file to generate first hash (header of DEX file includes hash value))
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Xiao to the teachings of Kalika, Lum, Zimmermann and Roscoe for the same reasons discussed in dependent claim 9 above. 

	Regarding Dependent Claim 16 (Original), the combination of Kalika, Lum, Zimmermann Roscoe do not explicitly teach the method of claim 15, further comprising: applying, by the signing server, the hash function to the modified header of the program file to generate the second hash.
	Wherein Xiao teaches the method of claim 15, further comprising: applying, by the signing server, the hash function to the modified header of the program file to generate the second hash. (Col. 2 lines 64-66 and Col 3 liens 1-5 “The term “application” is used throughout the Specification to collectively refer to programs, bundles of programs, manifests, packages, etc., irrespective of form/platform. As used herein, an “original” application is one built from source or other code (e.g., Java/C/C++), typically by an author, developer, maintainer, or other entity with access to the applicable code, and typically signed by such an individual/entity”; program file (programs corresponding to JAVA/C/C++)), (Col. 17 lines 10-25 “In the header of a DEX file, two included fields are: the Adler32 checksum of the rest data, and the SHA-1 hash value of the rest data. When the APK is compiled using the Android SDK, the first checksum and the second hash value will all be valid regarding related data in the DEX file. This is seen in FIG. 19A, which is a representation of a portion of a DEX file from an original APK. When the APK is compiled/generated by other tools, the first checksum and/or the second hash value”; applying a hash function to a modified header of the program file ( header of DEX file includes SHA-1 hash value) to generate the second hash ( generated by [..] second hash value)),
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Xiao to the teachings of Kalika, Lum, Zimmermann and Roscoe for the same reasons discussed in dependent claim 9 above. 

Claims 4  is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”), Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) and Xiao et al. (U.S No. 10547626, hereinafter referred to as “Xiao”) in further view of Wyatt et al. (U.S Pub. No. 20200285752, hereinafter referred to as “Wyatt”)

Regarding Dependent Claim 4 (Original), the combination of Kalika, Lum and Roscoe do not explicitly teach the computing device of claim 2, wherein the header field is a software version number, and wherein the defined string is a dummy software version number.
Wherein Wyatt teaches the computing device of claim 2, wherein the header field is a software version number, and wherein the defined string is a dummy software version number. (Par. (0151) “headers of communications from the device (e.g., these headers may data regarding what service application the device is attempting to access), what operating system version the device is using, the IP address of the device, etc.”; header field is software version number (header corresponding to application/operating system version)), (Par. (0879) “the first application comprises identifying applications having at least one of an identical package identifier, code similarity, identical strings, similar strings, identical media assets, and similar media assets”; defined string), (Par.  (0478) “a trusted/untrusted channel BEFORE the install, DURING the install, or AFTER the install. [..] getInstallerPackageName(java.lang.String” ; defined string)), (Par. (0885) “the sending of a notification to a mobile device 149 in order to alert the user that the new application 1013 may be fraudulent or a tampered version”; dummy software version number (fraudulent version of application)), (Par. (0913) “to the developer of a prior, known-good version of an application (e.g., to alert the developer that a fraudulent version of the application was identified).”; dummy software version number (good version of application in contrast to fraudulent version of application))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Wyatt within the teachings of Kalika, Lum Roscoe and Xiao to include the header field is a software version number, and wherein the defined string is a dummy software version number because of the analogous concept of software development stages and secure protection of program files using signatures and hashes.  Wyatt includes an implementation of the header field including a software version number and a defined string including a dummy software version number. This is important because it discourages unauthorized users from predicting the correct program file and causes confusion as to which header is accurately displaying the authentic software version number. By implementing two contrasting headers the program file is securely protected from malicious content, malware and other vulnerabilities because of the string that corresponds to the dummy software version number that is used to maintain the integrity of data exchanged by the client and server and in return allows the final production of software applications to be unaltered or modified because of this extra layer of secure protection. 

Claims 10 and 18  is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”), Zimmermann et al. (U.S Pub. No. 20190065171, hereinafter referred to as “Zimmermann”), Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) and Xiao et al. (U.S No. 10547626, hereinafter referred to as “Xiao”) in further view of Wyatt et al. (U.S Pub. No. 20200285752, hereinafter referred to as “Wyatt”)

Regarding Dependent Claim 10 (Original), the combination of Kalika, Lum,  Zimmermann and Roscoe teach the non-transitory machine-readable storage medium of claim 8, Kalika further teaches the non-transitory machine-readable storage medium of claim 0, (Col. 1 lines 35-45 “In general, in one or more aspects, the invention relates to a non-transitory computer readable medium that comprises computer readable program code for: receiving, from a host server in a serverless computing architecture, a list of functions comprising a deployed function on the host server,”; non-transitory machine (computer) readable storage medium))
However Kalika, Lum, Zimmermann and Roscoe do not explicitly teach wherein the header field is a software version number, and wherein the defined string is a dummy software version number.
Wherein Wyatt teaches wherein the header field is a software version number, and wherein the defined string is a dummy software version number. ((Par. (0151) “headers of communications from the device (e.g., these headers may data regarding what service application the device is attempting to access), what operating system version the device is using, the IP address of the device, etc.”; header field is software version number (header corresponding to application/operating system version)), (Par. (0879) “the first application comprises identifying applications having at least one of an identical package identifier, code similarity, identical strings, similar strings, identical media assets, and similar media assets”; defined string), (Par.  (0478) “a trusted/untrusted channel BEFORE the install, DURING the install, or AFTER the install. [..] getInstallerPackageName(java.lang.String” ; defined string)), (Par. (0885) “the sending of a notification to a mobile device 149 in order to alert the user that the new application 1013 may be fraudulent or a tampered version”; dummy software version number (fraudulent version of application)), (Par. (0913) “to the developer of a prior, known-good version of an application (e.g., to alert the developer that a fraudulent version of the application was identified).”; dummy software version number (good version of application in contrast to fraudulent version of application))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Wyatt within the teachings of Kalika, Lum, Zimmermann, Roscoe and Xiao to include the header field is a software version number, and wherein the defined string is a dummy software version number because of the analogous concept of software development stages and secure protection of program files using signatures and hashes.  Wyatt includes an implementation of the header field including a software version number and a defined string including a dummy software version number. This is important because it discourages unauthorized users from predicting the correct program file and causes confusion as to which header is accurately displaying the authentic software version number. By implementing two contrasting headers the program file is securely protected from malicious content, malware and other vulnerabilities because of the string that corresponds to the dummy software version number that is used to maintain the integrity of data exchanged by the client and server and in return allows the final production of software applications to be unaltered or modified because of this extra layer of secure protection. 


Regarding Dependent Claim 18 (Original), claim 18 recite similar limitations to dependent claim 10 and the teachings of Kalika, Lum, Zimmermann Roscoe and Wyatt address all the limitations discussed in claim 10 and are thereby rejected under the same grounds. 


Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”) and Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”) Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”), Xiao et al. (U.S No. 10547626, hereinafter referred to as “Xiao”) and Wyatt et al. (U.S Pub. No. 20200285752, hereinafter referred to as “Wyatt”) in further view of Mahaffey et al. (U.S Pub. No. 20110047620, hereinafter referred to as “Mahaffey”)

Regarding Dependent Claim 5 (Original), the combination of Kalika and Lum do not explicitly teach the computing device of claim 5, wherein the client device and the signing server are associated with different software version numbers.
Wherein Mahaffey teaches the computing device of claim 4, wherein the client device and the signing server are associated with different software version numbers. (Par. (0025-0026) “mobile communication device 101 may also be referred to as a "mobile client device," "client device," "device," or "client," and may be referred to in the singular or plural form. The one or more servers 151 may have access to a data storage 111 that stores security information for the one or more mobile communication devices 101 [..] In an embodiment, server 151 operates as an HTTP server and the device 101 operates as an HTTP client. To secure the data in transit, mobile communication device 101 and server 151 may use Transaction Layer Security ("TLS").”; client device associated with server), (Par. (0092-0093) “server 151 grants a data object a high level of trust if the data object can be attributed to a trusted vendor or trusted applications through data available to server 151 such as the data object's cryptographic signer, package name, or marketplace metadata. [..] server 151 uses distribution data and application data to establish trust for an application. For example, if a popular application, such as Google.RTM. Maps, is installed on millions of mobile communication devices and there are multiple previous versions of the application all having the same cryptographic signer and similar distribution characteristics, subsequent versions of the application with that cryptographic signer would be deemed to have a high level of trust. If server 151 encounters another application that has the same name as a popular application, such as Google.RTM. Maps, is installed on only a few devices, and uses a different cryptographic signer, server 151 may grant the low-distribution application a low level of trust.”; signing server (server corresponding to cryptographic signing)), (Par. (0166) “server 151 may use application data such as file paths, version numbers, package names, cryptographic signers, installer source, and other information to determine that a group of data objects pertain to a particular version of an application and/or that one or more data objects or group of data objects belong to different versions of an application.”; associated with different software version numbers ( server corresponding to version numbers and different versions of an application.))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Mahaffey within the teachings of Kalika, Lum, Roscoe, Xiao and Wyatt to include client device and the signing server are associated with different software version numbers because of the analogous concept of software development stages and secure protection of program files using cryptographic signatures. Mahaffey includes a process of a client device and signing server associated with different version numbers. This is important because confidential information corresponding to the building of code of software applications would not be intercepted, tampered with or compromised in any way while being transmitted. By implementing different software version numbers there is parity in the system and discourages unauthorized users from predicting program files used and interfering with the contents before they are signed. This in return saves time and money in the development stages of the software and allows user/ developers to have authenticated and accurate production of their contents in the finals stages and deployment. 


Claim 11  is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”), Zimmermann et al. (U.S Pub. No. 20190065171, hereinafter referred to as “Zimmermann”), Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”), Xiao et al. (U.S No. 10547626, hereinafter referred to as “Xiao”) and Wyatt et al. (U.S Pub. No. 20200285752, hereinafter referred to as “Wyatt”) in further view of Mahaffey et al. (U.S Pub. No. 20110047620, hereinafter referred to as “Mahaffey”)

	Regarding Dependent Claim 11 (Original), the combination of Kalika, Lum, Zimmermann and Roscoe do not explicitly teach the non-transitory machine-readable storage medium of claim 10, wherein the client device and the signing server are associated with different software version numbers.
	Wherein Mahaffery teaches the non-transitory machine-readable storage medium of claim 10, wherein the client device and the signing server are associated with different software version numbers. (Par. (0022) “a computer readable medium such as a computer readable storage medium containing computer readable instructions or computer program code, or as a computer program product comprising a computer usable medium”; machine-readable storage medium)
(Par. (0025-0026) “mobile communication device 101 may also be referred to as a "mobile client device," "client device," "device," or "client," and may be referred to in the singular or plural form. The one or more servers 151 may have access to a data storage 111 that stores security information for the one or more mobile communication devices 101 [..] In an embodiment, server 151 operates as an HTTP server and the device 101 operates as an HTTP client. To secure the data in transit, mobile communication device 101 and server 151 may use Transaction Layer Security ("TLS").”; client device associated with server), (Par. (0092-0093) “server 151 grants a data object a high level of trust if the data object can be attributed to a trusted vendor or trusted applications through data available to server 151 such as the data object's cryptographic signer, package name, or marketplace metadata. [..] server 151 uses distribution data and application data to establish trust for an application. For example, if a popular application, such as Google.RTM. Maps, is installed on millions of mobile communication devices and there are multiple previous versions of the application all having the same cryptographic signer and similar distribution characteristics, subsequent versions of the application with that cryptographic signer would be deemed to have a high level of trust. If server 151 encounters another application that has the same name as a popular application, such as Google.RTM. Maps, is installed on only a few devices, and uses a different cryptographic signer, server 151 may grant the low-distribution application a low level of trust.”; signing server (server corresponding to cryptographic signing)), (Par. (0166) “server 151 may use application data such as file paths, version numbers, package names, cryptographic signers, installer source, and other information to determine that a group of data objects pertain to a particular version of an application and/or that one or more data objects or group of data objects belong to different versions of an application.”; associated with different software version numbers ( server corresponding to version numbers and different versions of an application.))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Mahaffey within the teachings of Kalika, Lum, Zimmermann, Roscoe, Xiao and Wyatt to include the client device and the signing server are associated with different software version numbers because of the analogous concept of software development stages and secure protection of program files using cryptographic signatures. Mahaffey includes a process of a client device and signing server associated with different version numbers. This is important because confidential information corresponding to the building of code of software applications would not be intercepted, tampered with or compromised in any way while being transmitted. By implementing different software version numbers there is parity in the system and discourages unauthorized users from predicting program files used and interfering with the contents before they are signed. This in return saves time and money in the development stages of the software and allows user/ developers to have authenticated and accurate production of their contents in the finals stages and deployment. 


Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”) and Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) in further view of Yao et al. (U.S Pub. No. 20170076099, hereinafter referred to as “Yao”)

	Regarding Dependent Claim 6 (Original), the combination of Kalika, Lum and Roscoe do not explicitly teach the computing device of claim 1, the instructions executable by the processor to:  perform a scan of an original version of the program file, the scan to identify the malicious content, wherein the received program file is the original version of the program file.
	Wherein Yao teaches the computing device of claim 1, the instructions executable by the processor to:  (Par. (0096) “The electronic device traditionally comprises a processor 1210 and a computer program product or a computer readable medium in the form of a memory 1220. The memory 1220 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read-only memory), an EPROM, a hard disk or a ROM. The memory 1220 has a memory space 1230 for a program code 1231 for carrying out any method steps in the methods as described above. For example, the memory space 1230 for a program code may comprise individual program codes 1231 for carrying out individual steps”; processor with instruction executable)
perform a scan of an original version of the program file, the scan to identify the malicious content, wherein the received program file is the original version of the program file. (Par. (0064-0066) “security scanning may further be performed on the application program file package before the application program file package is installed, to guarantee the security of the application program file package, and reduce the possibility of installing a malicious application program. [..] deep security scanning is performed on the application program file package before installing the application program file package. The deep security scanning comprises, but is not limited to, Trojan virus scanning, adware scanning, and vulnerability scanning. For example, for the Trojan virus scanning, it can match the application program file package with features in a pre-stored malicious program library, and when the application program file package matches a feature in the malicious program library, prompt that the application program file package is a malicious program”; perform a scan of an original version of the program file (deep security scanning performed on the application program before installing the application); scan to identify malicious content ( Trojan virus scanning [..] matches a feature in the malicious program))), (Par. (0041) “the configuration information file in an application program file package comprises: decompressing an application program file based on the Android platform, obtaining an encrypted configuration information file described by a global variable from the decompressed application program file, namely, an AndroidManifest.xml file, and decrypting the encrypted configuration information file to obtain a decrypted original configuration information file: an AndroidManifest.xml file; and scanning the permission description portion in the AndroidManifest.xml file, to obtain a list of behavior permissions applied for by the application program”; wherein the received program file ( obtained program file) is the original version of the program file (obtain a decrypted original confirmation information file)), (Par. (0027) “an existing application program to a user and configuration information of the application program are carried in a configuration information file of the application program. Since the configuration information file is generated by an application program developer via a signature, the behavior permissions applied for by the application program cannot be changed by parsing the configuration information file and modifying the parsed configuration information file.”; configuration information file corresponding to original version of program file (existing application [..] application program carried in confirmation information file))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Yao within the teachings of Kalika, Lum and Roscoe because of the analogous concept of software development stages and secure protection of program files from malicious content. Yao includes a process of performing a scan of an original version of the program to identify malicious content and the received program file being an original version of the program file. This is important because by conducting or performing a scan for malicious content software developers can be assured no modified, tampered with, or altered content of the program file is inserted before the signing, final production and deployment of the contents. This provides high credibility and confidence to the software development system and stages as a whole by effectively implementing a faster method to identify malicious content, save time and money and ultimately protect program files from exposure when transmitted externally. 

Claims 13 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”), Zimmermann et al. (U.S Pub. No. 20190065171, hereinafter referred to as “Zimmermann”) and Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) in further view of Yao et al. (U.S Pub. No. 20170076099, hereinafter referred to as “Yao”)

Regarding Dependent Claim 13 (Original), the combination of Kalika, Lum, Zimmermann and Roscoe teach the non-transitory machine-readable storage medium of claim 8, Kalika further teaches the non-transitory machine-readable storage medium of claim 8, wherein the instructions cause the processor to: ((Col. 1 lines 35-45 “In general, in one or more aspects, the invention relates to a non-transitory computer readable medium that comprises computer readable program code for: receiving, from a host server in a serverless computing architecture, a list of functions comprising a deployed function on the host server,”; non-transitory machine (computer) readable storage medium))
	However Kalika, Lum, Zimmermann and Roscoe do not explicitly teach perform a scan of the original version of the program file, the scan to identify malicious content, in the original version of the program file.
Wherein Yao teaches perform a scan of the original version of the program file, the scan to identify malicious content, in the original version of the program file. (Par. (0064-0066) “security scanning may further be performed on the application program file package before the application program file package is installed, to guarantee the security of the application program file package, and reduce the possibility of installing a malicious application program. [..] deep security scanning is performed on the application program file package before installing the application program file package. The deep security scanning comprises, but is not limited to, Trojan virus scanning, adware scanning, and vulnerability scanning. For example, for the Trojan virus scanning, it can match the application program file package with features in a pre-stored malicious program library, and when the application program file package matches a feature in the malicious program library, prompt that the application program file package is a malicious program”; perform a scan of an original version of the program file (deep security scanning performed on the application program before installing the application); scan to identify malicious content ( Trojan virus scanning [..] matches a feature in the malicious program))), (Par. (0041) “the configuration information file in an application program file package comprises: decompressing an application program file based on the Android platform, obtaining an encrypted configuration information file described by a global variable from the decompressed application program file, namely, an AndroidManifest.xml file, and decrypting the encrypted configuration information file to obtain a decrypted original configuration information file: an AndroidManifest.xml file; and scanning the permission description portion in the AndroidManifest.xml file, to obtain a list of behavior permissions applied for by the application program”; is the original version of the program file (obtain a decrypted original confirmation information file that is scanned for behaviors)), (Par. (0027) “an existing application program to a user and configuration information of the application program are carried in a configuration information file of the application program. Since the configuration information file is generated by an application program developer via a signature, the behavior permissions applied for by the application program cannot be changed by parsing the configuration information file and modifying the parsed configuration information file.”; configuration information file corresponding to original version of program file (existing application [..] application program carried in confirmation information file))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Yao within the teachings of Kalika, Lum, Zimmermann and Roscoe to include performing a scan of the original version of the program file, the scan to identify malicious content, in the original version of the program file because of the analogous concept of software development stages and secure protection of program files from malicious content. Yao includes a process of performing a scan of an original version of the program to identify malicious content and the received program file being an original version of the program file. This is important because by conducting or performing a scan for malicious content software developers can be assured no modified, tampered with, or altered content of the program file is inserted before the signing, final production and deployment of the contents. This provides high credibility and confidence to the software development system and stages as a whole by effectively implementing a faster method to identify malicious content, save time and money and ultimately protect program files from exposure when transmitted externally. 



Regarding Dependent Claim 19 (Original), claim 19 recite similar limitation to dependent claim 13 and the teachings of Kalika, Lum, Zimmermann, Roscoe and Yao address all the limitations discussed in claim 13 and are thereby rejected under the same ground. 

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”) and Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) in further view of Harron et al. (U.S Pub. No. 20110246966, hereinafter referred to as “Harron”)

Regarding Dependent Claim 7 (Original), the combination of Kalika, Lum and Roscoe teach the computing device of claim 1, Kalika further teaches the computing device of claim 1, wherein the program file is a program archive file, (Col. 3 lines 58-64 “the executable files are stored in an archive file in the deployment package (118).”; program file (executable files) is a program archive files (archive file)), (Col. 6 lines 13-17 “the deployment package is generated by collecting the set of executable files and metadata into an archive file that forms the deployment package.”; program file (executable files) is a program archive file (into an archive file)),
However Kalika,  Lum and Roscoe do not explicitly teach wherein the client device is to embed the signed second hash into the program archive file.
Wherein Harron teaches wherein the client device is to embed the signed second hash into the program archive file. (Par. (0020-0022) “a system for appending an archive of original source files into a program symbol file in accordance with one implementation of the present invention [..] The output file, which includes symbol data, is referred to as source file archive 114, and can be appended to the object files 112. [..] object data from the object files 112 and symbol data from the source file archive 114 to produce library files 122 and output source file archive 124. In the merging process, the library archiving unit 120 discards the duplicates of the symbol data and/or the source files. [..] the symbol files 114, the library files 122, and/or the output source file archive 124 to generate an executable file 132 including symbol data. The symbol data generated in this phase can be stored in the executable file or in a separate symbol file. The output file that includes the symbol data is referred to as output source file archive 134”; program archive file ( source file archive corresponding to program file, object files and library files)), (Par. (0026) “However, if the source file is not found in the hash index of the source file archive, then the source file is compressed using a compression technique such as LZMA or ZIP. The compressed source file bytes are inserted into the source file archive and the hash value is inserted into the hash index. If the file system path of the source file is not in the path index of the source file archive, then the file system path of the source file is inserted into the path index.”; embed the signed second hash ( hash value is inserted into program archive file (source file archive)), (Par. (0028) “Each source file in each ISFA is considered for insertion into the OSFA. The hash values for each input source file do not need to be re-calculated, since the ISFA already includes hash values”; second signed hash (multiple hash values)), (Par. (0035) “Some implementations include one or more computer programs executed by one or more computing devices. In general, the computing device includes one or more processors, one or more data-storage components”; client device (computing device))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Harron within the teachings of Kalika, Lum and Roscoe to include the client device is to embed the signed second hash into the program archive file because of the analogous concept of software development stages and secure protection of program files by using cryptographic hashes and signatures. Harron includes a process where the client device embeds or inserts a signed second hash into the program archive file, this is important because by implementing the second hash corresponding to the program file the client device can externally transmit to the server a means for comparison where the second hash can be matched with the accurate and valid hash from the entity receiving the program file and thus fully authenticate the program file. By embedding the hash into the program file software developers and users provide a solution to slow completion and production times in regards to the signing process and save time and money in the development stages. This in returns leads to less exposure and susceptibility to risk and harm of program files because the hash embed in the program file should rightfully correspond to the recipient in communication. 


Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kalika et al. (U.S No. 10979440, hereinafter referred to as “Kalika”), Lum et al. (U.S Pub. No. 20200279044, hereinafter referred to as “Lum”), Zimmermann et al. (U.S Pub. No. 20190065171, hereinafter referred to as “Zimmermann”) and Roscoe et al. (U.S Pub. No. 20210194702, hereinafter referred to as “Roscoe”) in further view of Harron et al. (U.S Pub. No. 20110246966, hereinafter referred to as “Harron”)


Regarding Dependent Claim 20 (Original), the combination of Kalika, Lum, Zimmermann and Roscoe do not explicitly teach the method of claim 14, further comprising: embedding, by the client device, the signed second hash in the original program file.
Wherein Harron teaches the method of claim 14, further comprising: embedding, by the client device, the signed second hash in the original program file. ((Par. (0020-0022) “a system for appending an archive of original source files into a program symbol file in accordance with one implementation of the present invention [..] The output file, which includes symbol data, is referred to as source file archive 114, and can be appended to the object files 112. [..] object data from the object files 112 and symbol data from the source file archive 114 to produce library files 122 and output source file archive 124. In the merging process, the library archiving unit 120 discards the duplicates of the symbol data and/or the source files. [..] the symbol files 114, the library files 122, and/or the output source file archive 124 to generate an executable file 132 including symbol data. The symbol data generated in this phase can be stored in the executable file or in a separate symbol file. The output file that includes the symbol data is referred to as output source file archive 134”; program archive file ( source file archive corresponding to program file, object files and library files)), (Par. (0026) “However, if the source file is not found in the hash index of the source file archive, then the source file is compressed using a compression technique such as LZMA or ZIP. The compressed source file bytes are inserted into the source file archive and the hash value is inserted into the hash index. If the file system path of the source file is not in the path index of the source file archive, then the file system path of the source file is inserted into the path index.”; embed the signed second hash ( hash value is inserted into program archive file (source file archive)), (Par. (0028) “Each source file in each ISFA is considered for insertion into the OSFA. The hash values for each input source file do not need to be re-calculated, since the ISFA already includes hash values”; second signed hash (multiple hash values)), (Par. (0035) “Some implementations include one or more computer programs executed by one or more computing devices. In general, the computing device includes one or more processors, one or more data-storage components”; client device (computing device))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Harron within the teachings of Kalika, Lum, Zimmermann and Roscoe to include the client device is to embed the signed second hash into the program archive file because of the analogous concept of software development stages and secure protection of program files by using cryptographic hashes and signatures. Harron includes a process where the client device embeds or inserts a signed second hash into the program archive file, this is important because by implementing the second hash corresponding to the program file the client device can externally transmit to the server a means for comparison where the second hash can be matched with the accurate and valid hash from the entity receiving the program file and thus fully authenticate the program file. By embedding the hash into the program file software developers and users provide a solution to slow completion and production times in regards to the signing process and save time and money in the development stages. This in returns leads to less exposure and susceptibility to risk and harm of program files because the hash embed in the program file should rightfully correspond to the recipient in communication. 

Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Hallenstål; Magnus (U.S Pub. No. 20210297893) “Method And Network Nodes For Handling End-to-End Delays For Voice Calls In A Communication Network”. Considered this reference because it addressed the concept and use of dummy software version numbers much like in the claims

EL-MOUSSA; Fadi. (U.S Pub. No. 20210168164) “DETECTING MALICIOUS CONFIGURATION CHANGE FOR WEB APPLICATIONS”. Considered this application because it relates to the detection of malicious content but in regards to program files of applications as well as the use of different software version numbers between the client and the server.

Munoz; Alvaro (U.S Pub.  No. 20170223043) “DETERMINE VULNERABILITY USING RUNTIME AGENT AND NETWORK SNIFFER”. Considered this application because it was an application that relates to program files and detecting vulnerability from possible malicious or malware contents that is from the same assignee. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H.A.H./Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497