DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments, in view of the amended claim language, have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Bhimanaik (US 9,112,854 B1).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2-3, 9, 11-12, 13, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schluessler (US 2008/0244114 A1) in view of Fanton (US 2006/0150256 A1) and Bhimanaik (US 9,112,854 B1).

Regarding claim 1, Schluessler discloses: A non-transitory machine readable medium storing executable program instructions which when executed by a device cause the device to perform a method comprising: 
determining, by the device, an expected path of a code verification process for a first software component having a software type (any software is considered to inherently be at least of its own type; i.e., inherently having a "software type" based on its existence), wherein the code verification process has at least two paths which are different; 
Refer to at least FIG. 2, [0016]-[0017], and [0022]-[0025] of Schluessler with respect to information describing an expected execution path to be verified.
causing, by the device, the code verification process to perform a code verification on the first software component to determine whether the first software component is authentic; 
Refer to at least the abstract, [0012]-[0013], and [0026]-[0030] of Schluessler with respect to performing integrity verification via verifying software execution path(s).
comparing, by the device, the expected path to the path taken by the code verification process when the code verification on the first software component was performed; 
Refer to at least FIG. 3, [0012], and [0030]-[0033] of Schluessler with respect to comparing software execution path data to expected execution path data. 
causing a protective action to occur in response to determining from the comparison that the path taken does not match the expected path.
Refer to at least the abstract and [0034] of Schluessler with respect to remedial action(s).
Schluessler does not disclose: for different types of software components and the at least two paths include a first path for a first type of software component that checks a trust cache of software components from a software build and a second path for a second type of software component that evaluates a signature of a signed code for this software component, and the second type of software component is not from the software build. However, Schluessler in view of Fanton discloses: for different types of software components and the at least two paths include a first path for a first type of software component that checks a trust cache of software components and a second path for a second type of software component that evaluates a signature of a signed code for this software component.
Refer to at least FIG. 6, [0009], and [0011]-[0012] of Fanton with respect to first validating against an MRU cache and thereafter validating via content authenticator (hash value) comparison.
Schluessler-Fanton does not specify: software components from a software build of a vendor of the device; and the second type of software component is not from the software build. However, Schluessler-Fanton in view of Bhimanaik discloses: software components from a software build of a vendor of the device; and the second type of software component is not from the software build. 
Refer to at least the abstract and Col. 10, Ll. 32-46 of Bhimanaik with respect to differently verifying first party applications and third party applications, wherein they are respectively verified via trusted certificates (as stored in 227 of FIG. 2) or via secure key.
Refer to at least Col. 2, Ll. 23-36 of Bhimanaik with respect to a library loaded within the  respective applications. 
The teachings of Schluessler, Fanton, and Bhimanaik concern program validation and are considered to be within the same field of endeavor and combinable as such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Schluessler to further include firstly checking an MRU cache for at least the purposes discussed in [0055] of Fanton (i.e., performance enhancements and efficiency as discussed). It further would have been obvious to modify the teachings to include distinguishing between first party developer applications and third party developer applications because first party applications are more likely to be secure, have available security information at hand, and be in compliance with the platform (i.e., implementing a quicker, more readily-available verification where possible).

Regarding claim 2, Schluessler-Fanton-Bhimanaik discloses: The medium as in claim 1, wherein the code verification process record the path taken and the trust cache of software components includes hashes from at least a build of an operating system and platform applications.
Refer to at least [0050] of Fanton with respect to whitelisting common code modules associated with an operating system. 
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 3, Schluessler-Fanton-Bhimanaik discloses: The medium as in claim 1 wherein the expected path is determined by one of a first daemon which launches software components including software applications and software daemons or a trusted software component.
Refer to at least FIG. 1 of Fanton with respect to the Kernel Mode Driver and/or User Mode Service Layer. 
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 9, Schluessler-Fanton-Bhimanaik discloses: The medium as in claim 3 wherein an interprocess communication from a calling software to the first daemon is denied if the calling software does not include a hash in the trust cache.
Refer to at least [0034] of Schluessler with respect to remedial actions such as halting communications. 

Regarding independent claim 11, it is substantially similar to independent claim 1, but is the method executed via the CRM. Accordingly, it is rejected for substantially the same reasons as claim 1 above.

Regarding claim 12, it is substantially similar to claim 2 above, and is therefore likewise rejected. 

Regarding claim 13, it is substantially similar to claim 3 above, and is therefore likewise rejected. 

Regarding claim 19, it is substantially similar to claim 9 above, and is therefore likewise rejected. 

Claims 4-5 and 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schluessler-Fanton-Bhimanaik as applied to claims 1, 2-3, 9, 11-12, 13, and 19 above, and further in view of Spiegl (US 2017/0078182 A1).

Regarding claim 4, Schluessler-Fanton does not fully disclose: wherein the first daemon is the first user process launched in user space after a set of one or more kernel software components establish a kernel space during a secure boot up procedure which verifies code signatures in a chain of trust starting from a boot ROM. However, Schluessler-Fanton-Bhimanaik in view of Spiegl discloses: wherein the first daemon is the first user process launched in user space after a set of one or more kernel software components establish a kernel space during a secure boot up procedure which verifies code signatures in a chain of trust starting from a boot ROM.
Refer to at least 205-209 in FIG. 2 , [0011], and [0038]-[0039] of Spiegl with respect to launching a user space monitoring agent, secure boot verification, and further starting the agent early in the startup sequence. 
The teachings of Schluessler-Fanton-Bhimanaik and Spiegl concern application monitoring and monitoring agents and are considered to be within the same field of endeavor and combinable as such. Further, at least FIG. 1 and [0032] of Fanton concern a user-level service to augment the kernel driver.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Schluessler-Fanton-Bhimanaik to further include the integrity measurement module as a user space monitoring agent for at least the reasons specified in the cited portions of Spiegl (i.e., compatibility).

Regarding claim 5, Schluessler-Fanton-Bhimanaik-Spiegl discloses: The medium as in claim 4 wherein the first daemon determines the expected path from a source of a request to launch the first software component, wherein the source is either a property list that specifies a storage location for the first software component or a user application that presents a graphical user interface which shows icons to allow a user to select an icon to launch the application represented by that icon.
Refer to at least [0025] of Schluessler with respect to a manifest associated with code to be verified.

Regarding claims 14-15, they are substantially similar to claims 4-5 above, and are therefore likewise rejected.

Claims 6-8 and 16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schluessler-Fanton-Bhimanaik-Spigel as applied to claims 4-5 and 14-15 above, and further in view of Dewan (US 2016/0182238 A1).

Regarding claim 6, Schluessler-Fanton-Spigel discloses: The medium as in claim 5 wherein if the source is the property list then the expected path is the first path. 
Refer to at least [0025] of Schluessler with respect to a manifest associated with code to be verified.
Schluessler-Fanton-Bhimanaik-Spigel does not fully disclose: if the source is a third party application displayed in the user application then the expected path is the second path. However, Schluessler-Fanton-Bhimanaik-Spigel in view of Dewan discloses: if the source is a third party application displayed in the user application then the expected path is the second path.
Refer to at least FIG. 7 and [0044] of Dewan with respect to verifying a third-party application. 
The teachings of Schluessler-Fanton-Bhimanaik-Spiegl concern firmware and software verification and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Schluessler-Fanton-Bhimanaik-Spiegl to further include support for third party application verification for at least the purpose of additional compatibility with third party applications. 

Regarding claim 7, it is rejected for substantially the same reasons as claims 5-6 above.

Regarding claim 8, it is rejected for substantially the same reasons as claim 9 above.

Regarding claims 16-18, they are substantially similar to claims 6-8 above, and are therefore likewise rejected.

Claims 10 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Schluessler-Fanton-Bhimanaik as applied to claims 1, 2-3, 9, 11-12, 13, and 19 above, and further in view of El-Moussa (US 2016/0203313 A1).

Regarding claim 10, Schluessler-Fanton-Bhimanaik discloses: The medium as in claim 3 wherein the comparison of the expected path to the path taken is done after the first software component begins executing, 
Refer to at least the abstract, [0012]-[0013], and [0026]-[0030] of Schluessler with respect to performing integrity verification via verifying software execution path(s).
Schlueesler-Fanton-Bhimanaik does not disclose: the trust cache is static for the build and is contained in a signed file and wherein an update to any part of the operating system or a platform application requires a new trust cache for a new build which remains static for the new build. However, Schuessler-Fanton-Bhimanaik in view of El-Moussa discloses: wherein the trust cache is static for the build and is contained in a signed file and wherein an update to any part of the operating system or a platform application requires a new trust cache for a new build which remains static for the new build.
Refer to at least 605-610 in FIG. 6 of Fanton with respect to the MRU cache being checked. 
Refer to at least the abstract and FIG. 2 of El-Moussa with respect to updating a whitelist for new versions of programs. 
The teachings of Schluessler-Fanton-Bhimanaik and El-Moussa concern program validation and are considered to be within the same field of endeavor and combinable as such. 
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Schluessler to further include updating the MRU cache for at least the purpose of enabling compatibility with newer versions of programs, since it is known in the art to frequently update software. 

Regarding claim 20, it is substantially similar to claim 10 above, and is therefore likewise rejected. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: i.e., it concerns vendor/first party application verification in contrast with third party application verification.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/            Examiner, Art Unit 2432