DETAILED ACTION
This Office Action is in response to the amendment filed on September 15, 2022
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1 and 3-20 are pending and herein considered.

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed on 09/15/2022 has been entered and fully considered.

Response to Arguments
In light of the Applicant’s amendment filed 09/15/2022, the 35 U.S.C 112(b) has been withdrawn.
Applicant’s arguments, see remark, filed 09/15/2022 with respect to 35 U.S.C. 103 of claims 1, 2-17 have been fully considered and are persuasive.  The rejection of claims 1, 2-17 has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of newly found prior art.
Applicant’s arguments, see remark, filed 09/15/2022 with respect to 35 U.S.C. 102 of claims 18-20 have been fully considered but they are not persuasive. For the following:
Applicant’s argument:
	“Nowhere in Tsai is it disclosed that the application store receives, from the vendor, the application and a hash of the application, and that the application store decrypts the hash using a public key of the vendor…Tsai fails to teach at least "receiving, by a computing system, a file and a first value from a first client device, the first value being encrypted based on contents of the file;" and "decrypting, by the computing system, the first value with use of a key of a document of the first client device" as recited in claim 18… Nowhere in Tsai is it disclosed that the TMS generates data in response to the match of the hash of the application image and the decrypted hash received from the downloading terminal, so as to enable download of the application by a second client device… Nowhere in Tsai is it disclosed that the app store (computing system) receives the app and a signed hash of the app from the app vendor (first device), decrypts the signed hash using a public key of the vendor, generates a hash of the app, compares the hashes, and, based on the hashes matching, generates data so as to enable the app to be downloaded by a downloading device (second device”.

In response:
The Examiner respectfully disagree. The Tsai’s reference teaches all limitation argued above and claim 18, receiving, by a computing system, a file and a first value from a first client device, the first value being encrypted based on contents of the file par. [0008] app is posted or uploaded into the app store… the user requests a download of the app from the app store… app image is hashed…create a hash value. The resulting hash value is then signed with the app store private key. In step 104 the app image is bundled with the signed application hash and transmitted to the user smart device; par [0016] a vendor uploads an application to said application store; par [0040] TMS 402 providing authentication for terminal 401 before installation and running of the app; par [0046] vendor 404 encrypts the one or more portions of the app code; with the teaching above, an app (i.e. a code of the app) and a first value (i.e. hash of app (i.e. hash of the code file of the app) and the hash image is bundled with the app, it is also encrypted (i.e. the first value (code file of the app is encrypted); decrypting, by the computing system, the first value with use of a key of a document of the first client device (par [0012] the application hash is encrypted using both the vendor private key and the app store private key, and decrypted using both the vendor public key and the app store public key; par [0043] TMS 402 … decrypts the received encrypted hash); as cited here, both vendor and app store can decrypt using both vendor and app store, therefore app store can also decrypt encrypted hash of the app code. The Examiner interpret the app store as within a computer system since computing system can be integrated devices. Generating, by the computing system, a second value for the file (par [0043] TMS 402 calculates a hash for the received app image using a stored hash function); determining, by the computing system, a match of the first value and the second value (par [0043] TMS 402 receives the signed app image, and decrypts the received encrypted hash…calculates a hash for the received app image using a stored hash function. In step 615, TMS 402 compares the two hash values); the Examiner interpret matching of hash value as authentication (i.e. first device, for instance, vendor), and 
generating, by the computing system, data in response to the match of the first value and the second value, so as to enable download of the file by a second client device (par [0020] downloading, by a terminal… from said application store; par [0040] TMS 402 providing authentication for terminal 401 before installation and running of the app; par [0043] TMS compares the two hash values. If the two hash values match each other, then in step 616 TMS 402 authenticates the app and authorizes the terminal 401 to install and run the app). As explain above, both vendor and app store can decrypt using both vendor and app store, therefore app store can also decrypt encrypted hash of the app code. Therefore, app store can decrypt the signed hash from vendor.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 6-7, 9-11, 14 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Tsai et al. (Tsai) U.S. Pub. Number 2021/0173902 in view of Shalunov et al. (Shalunov) U.S. Pub. Number 2017/0070841 and further in view of Whittaker U.S. Pub. Number 2022/0166633.
Regarding claim 1; Tsai discloses a method, comprising:
receiving, by a first client device, a file and data, the file having been previously uploaded by a second client device to a remote computing system and the data including a first hash value based on contents of the file previously uploaded by the second client device, [[ the first hash value encrypted based on a document of the second client device]] (par. [0008] app is posted or uploaded into the app store… the user requests a download of the app from the app store… app image is hashed…create a hash value. The resulting hash value is then signed with the app store private key. In step 104 the app image is bundled with the signed application hash and transmitted to the user smart device; par [0016] a vendor uploads an application to said application store; par [0040] TMS 402 providing authentication for terminal 401 before installation and running of the app; par [0046] vendor 404 encrypts the one or more portions of the app code); The Examiner interpret the app store is a remote computing system, the second client device as vendor.
decrypting, by the first client device, the first value with use of a key of the document of the second client device in response to validation of the document (par [0012] the application hash is encrypted using both the vendor private key and the app store private key, and decrypted using both the vendor public key and the app store public key; par [0043] TMS 402 … decrypts the received encrypted hash); 
determining, by the first client device, a second hash value for the received file [[the second hash value based on contents of the file received by the first client device]] (par [0043] TMS 402 calculates a hash for the received app image using a stored hash function).

Tsai does not disclose, which Shalunov discloses determining, by the first client device, validity of the document of the second client device based on another document of the remote computing system (Shalunov: par [0037] the authenticity of apps distributed by the store, the app store can add its own signature to the file. The app is then distributed with the signature of original vendor, the signature of the store, and the certificate of the vendor. The recipient can then obtain the apps from any source since he can verify the signatures from the trusted app store and the app vendor);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai to provide validity of the certificate of the second client device based on another document of the remote computing system, as taught by Shalunov. The motivation would be to verify that the file in fact originates from an appropriate or legitimate source, e.g., the correct app store or verified by either an originating store or from a third-party system (i.e. Android requires that all apps be digitally signed with a certificate before they can be installed). 

The combination of Tsai and Shalunov does not disclose, which Whittaker discloses the first hash value encrypted based on a document of the second client device (Whittaker:  par [0089] At operation 304, a hashing algorithm is applied to the text 302 to produce a hash value 306; par [0090] At operation 308, the hash value 306 can be encrypted using a private key to generate a digital signature 310); the second hash value based on contents of the file received by the first client device (Whittaker: par [0093] Diagram 330 shows the resource locator 312. Resource locator includes text 302 and the digital signature 310. At operation 304, a hashing algorithm is applied to the text 302 to produce a hash value 336. The hashing algorithm can be the same hashing algorithm that is used to generate the digital signature), and 
determining, by the first client device, validity of the received file based on a match of the first hash value and the second hash value (Whittaker: par [0095] At operation 338, hash value 336 and hash value 334 can be compared by a comparator. Hash value 336 and hash value 334 either match or do not match. At operation 340, the digital signature 310 is validated if hash value 336 and hash value 334 match).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov to provide the first hash value encrypted based on a document of the second client device; the second hash value based on contents of the file received by the first client device and determining, by the first client device, validity of the received file based on a match of the first hash value and the second hash value, as taught by Whittaker. The motivation would be to improve the security of the content delivery and reducing the latency in delivering content to a client device.

Regarding claim 4; the combination of Tsai, Shalunov and Whittaker discloses the method of claim 1, wherein the data further includes an identifier of the second client device, and the method further comprises:
determining, by the first client device and using the identifier, that the key of the document of the second client device is available at the first client device (Tsai: par [0042] TMS 402 uses a different key to terminal 401 for decryption… where terminal 401 has a private key and sends the signature with a certification of its public key, so the TMS can verify and extract the terminal public key and use the terminal public key for verifying the signature.); and
using the available key to decrypt the first hash value (Tsai: par [0042] an asymmetric key arrangement is used, that is, where TMS 402 uses a different key to terminal 401 for decryption).

Regarding claim 6; the combination of Tsai, Shalunov and Whittaker discloses the method of claim 1, further comprising:
receiving, from the first client device, input data representing a request to download the file, wherein receiving the file and the data is in response to receiving the input data (Tsai: par [0008] user requests a download of the app from the app store; par [0043] TMS 402 receives the signed app image, and decrypts the received encrypted hash).

Regarding claim 9; the combination of Tsai, Shalunov and Whittaker discloses the method of claim 1, wherein the data further includes a document for the remote computing system and an identifier of the second client device (Shalunov: par [0037] app is then distributed with the signature of original vendor, the signature of the store, and the certificate of the vendor). The reason to combine Tsai and Shalunov is the same as claim 1, above.

Regarding claim 10; Tsai discloses a system, comprising:
a first client device (par [0016] a terminal management server (TMS));
a second client device (par [0016] a vendor); and
a remote computing system (par [0016] an application store), wherein the first client device includes at least a first processor, and at least a first computer-readable medium encoded with instruction which, when executed by the first processor, cause the first client device to:
receive a file and data, the file having been previously uploaded by the second client device to the remote computing system and the data including a first hash value based on contents of the file previously uploaded by the second client device, [[ the first hash value encrypted based on a document of the second client device]] (par. [0008] app is posted or uploaded into the app store… the user requests a download of the app from the app store… app image is hashed…create a hash value. The resulting hash value is then signed with the app store private key. In step 104 the app image is bundled with the signed application hash and transmitted to the user smart device; par [0016] a vendor uploads an application to said application store; par [0040] TMS 402 providing authentication for terminal 401 before installation and running of the app; par [0046] vendor 404 encrypts the one or more portions of the app code);
decrypt the first hash value with use of a key of the document of the second client device in response to validation of the document (par [0012] the application hash is encrypted using both the vendor private key and the app store private key, and decrypted using both the vendor public key and the app store public key; par [0043] TMS 402 … decrypts the received encrypted hash);
determine a second value for the received file, [[the second hash value based on contents of the file received by the first client device]] (par [0043] TMS 402 calculates a hash for the received app image using a stored hash function).

Tsai does not disclose, which Shalunov discloses determine validity of the document of the second client device based on another document of the remote computing system (Shalunov: par [0037] the authenticity of apps distributed by the store, the app store can add its own signature to the file. The app is then distributed with the signature of original vendor, the signature of the store, and the certificate of the vendor. The recipient can then obtain the apps from any source since he can verify the signatures from the trusted app store and the app vendor).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai to provide determine validity of the document of the second client device based on another document of the remote computing system, as taught by Shalunov. The motivation would be to verify that the file in fact originates from an appropriate or legitimate source, e.g., the correct app store or verified by either an originating store or from a third-party system (i.e. Android requires that all apps be digitally signed with a certificate before they can be installed). 

The combination of Tsai and Shalunov does not disclose, which Whittaker discloses the first hash value encrypted based on a document of the second client device (Whittaker:  par [0089] At operation 304, a hashing algorithm is applied to the text 302 to produce a hash value 306; par [0090] At operation 308, the hash value 306 can be encrypted using a private key to generate a digital signature 310); the second hash value based on contents of the file received by the first client device (Whittaker: par [0093] Diagram 330 shows the resource locator 312. Resource locator includes text 302 and the digital signature 310. At operation 304, a hashing algorithm is applied to the text 302 to produce a hash value 336. The hashing algorithm can be the same hashing algorithm that is used to generate the digital signature), and 
Determine validity of the received file based on a match of the first hash value and the second hash value (Whittaker: par [0095] At operation 338, hash value 336 and hash value 334 can be compared by a comparator. Hash value 336 and hash value 334 either match or do not match. At operation 340, the digital signature 310 is validated if hash value 336 and hash value 334 match).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov to provide the first hash value encrypted based on a document of the second client device; the second hash value based on contents of the file received by the first client device and determining, by the first client device, validity of the received file based on a match of the first hash value and the second hash value, as taught by Whittaker. The motivation would be to improve the security of the content delivery and reducing the latency in delivering content to a client device.

Regarding claim 11; the combination of Tsai, Shalunov and Whittaker discloses the system of claim 10, wherein the second client device includes at least a second processor, and at least a second computer-readable medium encoded with instruction which, when executed by the second processor, cause the second client device to:
receive a request to upload the file to the remote computing system (Tsai: par [0020]           uploading, by a vendor, an application to an application store);
in response to the request to upload the file, generate a third hash value based on contents of the file to be uploaded, the third hash value encrypted using a private key of the second client device (Tsai: par [0060] prior to said upload, said vendor encrypts one or more portions of said application; Tsai: par [0012] hash is encrypted using both the app vendor's private key and the app store private key); and
send, to the remote computing system, the third hash value and the file to be uploaded (Tsai: par [0060] prior to said upload, said vendor encrypts one or more portions of said application).

Regarding claim 14; the combination of Tsai, Shalunov and Whittaker discloses the system of claim 10, wherein the data further includes an identifier associated with the second client device, and the first computer-readable medium is further encoded with additional instructions which, when executed by the first processor, further cause the first client device to:
determine, using the identifier, that the key of the document of the second client device is available at the first client device (Tsai: par [0042] TMS 402 uses a different key to terminal 401 for decryption… where terminal 401 has a private key and sends the signature with a certification of its public key, so the TMS can verify and extract the terminal public key and use the terminal public key for verifying the signature); and
use the available key to decrypt the first hash value (Tsai: par [0042] an asymmetric key arrangement is used, that is, where TMS 402 uses a different key to terminal 401 for decryption).

Regarding claim 16; the combination of Tsai, Shalunov and Whittaker discloses the system of claim 10, wherein the first computer-readable medium is further encoded with additional instructions which, when executed by the first processor, further cause the first client device to:
receive input data representing a request to download the file, wherein the file and the data are received in response to receiving the input data (Tsai: par [0008] user requests a download of the app from the app store; par [0043] TMS 402 receives the signed app image, and decrypts the received encrypted hash).

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Tsai et al. (Tsai) U.S. Pub. Number 2021/0173902 in view of Shalunov et al. (Shalunov) U.S. Pub. Number 2017/0070841 in view of Whittaker U.S. Pub. Number 2022/0166633 and further in view of Vanahalli et al. (Vanahalli) U.S. Pub. Number 2019/0289059.
Regarding claim 3; the combination of Tsai, Shalunov and Whittaker discloses the method of claim 1.
The combination above does not disclose, which Vanahalli discloses wherein: 
the data further includes a document of a certificate authority (CA) of the remote computing system (Vanahalli: par [0043] authenticator 255 may send a query to the certificate authority including the digital certificate to verify that the proper certificate authority issued the digital certificate for the public key generated by the sender device 210), and
determining the validity of the document of the second client device includes determining that the document has been signed by the CA (Vanahalli: par [0043] the authenticator 255 may authenticate the sender device 210 using the digital certificate… authenticator 255 may receive the digital certificate along with the identifier for the receiver device 215 and the public key generated by the sender device 210. The digital certificate may have been signed or generated by the certificate authority in assigning the public key to the sender device 210).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov and further in view of Whittaker to provide a document of a certificate authority (CA) of the remote computing system and determining the validity of the document of the second client device includes determining that the document has been signed by the CA, as taught by Vanahalli. The motivation would be to provide a secure authentication mechanism protection against security breaches and attacks from transferring files via public networks.

Regarding claim 13; the combination of Tsai, Shalunov and Whittaker discloses the system of claim 10.
 The combination above does not disclose, which Vanahalli discloses wherein the second client device includes at least a second processor, and at least a second computer-readable medium encoded with instruction which, when executed by the second processor, cause the second client device to:
receive a request to register for a file sharing using the remote computing system (Vanahalli: par [0034] To initiate sending, transfer, copying or sharing of the file 235 from the sender device 210 to the receiver device 215, the transceiver 225A of the sender device 210 may connect to the network 205A); and in response to the request to register for file sharing, initiate a document authorization process with a CA for the remote computing system by causing the second client device to:
generate a key pair including a private key and a public key for the second client device (Vanahalli: par [0037] In connection with establishing communications with the authentication server 220, the key manager 240A may generate a key pair for authenticated communications. The key pair may include a private key and a public key for encrypting and decrypting communications),
 generate a document including the public key and information identifying the second client device, send the document to the CA for signature (Vanahalli: par [0043] the authenticator 255 may authenticate the sender device 210 using the digital certificate… authenticator 255 may receive the digital certificate along with the identifier for the receiver device 215 and the public key generated by the sender device 210. The digital certificate may have been signed or generated by the certificate authority in assigning the public key to the sender device 210), and
receive a signed document from the CA, the signed document indicative of the private key being authorized to encrypt data sent by the second client device to the remote computing system (Vanahalli: par [0043] receive the digital certificate along with the identifier for the receiver device 215 and the public key generated by the sender device 210. The digital certificate may have been signed or generated by the certificate authority in assigning the public key to the sender device 210).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov and further in view of Whittaker to provide receive a request to register for a file sharing using the remote computing system, generate a key pair including a private key and a public key for the second client device, generate a document including the public key and information identifying the second client device, send the document to the CA for signature and receive a signed document from the CA, the signed document indicative of the private key being authorized to encrypt data sent by the second client device to the remote computing system, as taught by Vanahalli. The motivation would be to provide a secure authentication mechanism protection against security breaches and attacks from transferring files via public networks and the inclusion of the server may result in a significant increase of consumption of bandwidth, processing resources.

Claims 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Tsai et al. (Tsai) U.S. Pub. Number 2021/0173902 in view of Shalunov et al. (Shalunov) U.S. Pub. Number 2017/0070841, in view of Whittaker U.S. Pub. Number 2022/0166633 and further in view of Luque et al. (Luque) U.S. Pub. Number 2016/0149910. 
Regarding claim 5; the combination of Tsai, Shalunov and Whittaker discloses the method of claim 1, wherein the data further includes an identifier of the second client device, and the method further comprises:
receiving, by the first client device and from the remote computing system, the key of the document of the second client device (Tsai: par [0060] vendor encrypts one or more portions of said application, and said terminal obtains a decryption key from said TMS to decrypt said encrypted one or more portions after said authentication and authorization); and
using the received key to decrypt the first hash value (Tsai: par [0043] TMS 402 receives the signed app image, and decrypts the received encrypted hash).

The combination above does not disclose, which Luque discloses determining, by the first client device and using the identifier, that the key of the document of the second client device is not available at the first client device (Luque: par [0049] a decision may be made whether the software key is available (operation 404) for the network element. When the result of operation 404 is NO, method 400-1 may request (operation 408) that the software key is obtained from the vendor);
sending, from the first client device to the remote computing system, a request for the key of the document of the second client device (Luque: par [0049] a decision may be made whether the software key is available (operation 404) for the network element. When the result of operation 404 is NO, method 400-1 may request (operation 408) that the software key is obtained from the vendor).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov and further in view of Whittaker to determining, by the first client device and using the identifier, that the key of the document of the second client device is not available at the first client device and sending, from the first client device to the remote computing system, a request for the key of the document of the second client device, as taught by Luque. The motivation would be to provide secured distributing software keys from a vendor (i.e. to a customer purchasing a software license for a network element and to ensure that distributing software keys may be used to distribute software updates to specific network elements).

Regarding claim 15; the combination of Tsai, Shalunov and Whittaker discloses the system of claim 10, wherein the data further includes an identifier for the second client device, and the first computer-readable medium is further encoded with additional instructions which, when executed by the first processor, further cause the first client device to:
use the received key to decrypt the first value (Tsai: par [0060] vendor encrypts one or more portions of said application, and said terminal obtains a decryption key from said TMS to decrypt said encrypted one or more portions after said authentication and authorization).
The combination above does not disclose, which Luque discloses determine, using the identifier, that the key of the document of the second client device is not available at the first client device (Luque: par [0049] a decision may be made whether the software key is available (operation 404) for the network element. When the result of operation 404 is NO, method 400-1 may request (operation 408) that the software key is obtained from the vendor);
send, to the remote computing system, a request for the key of the document of the second client device (Luque: par [0049] a decision may be made whether the software key is available (operation 404) for the network element. When the result of operation 404 is NO, method 400-1 may request (operation 408) that the software key is obtained from the vendor);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov and further in view of Whittaker to determine, using the identifier, that the key of the document of the second client device is not available at the first client device and send, to the remote computing system, a request for the key of the document of the second client device, as taught by Luque. The motivation would be to provide secured distributing software keys from a vendor (i.e. to a customer purchasing a software license for a network element and to ensure that distributing software keys may be used to distribute software updates to specific network elements).

Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Tsai et al. (Tsai) U.S. Pub. Number 2021/0173902 in view of Shalunov et al. (Shalunov) U.S. Pub. Number 2017/0070841 in view of Whittaker U.S. Pub. Number 2022/0166633 and further in view of Garcia et al. (Garcia) U.S. Pub. Number 2010/0235826. 
Regarding claim 7; the combination of Tsai, Shalunov and Whittaker discloses the method of claim 1, further comprising:
determining that the first client device is to download the file in response to uploading of the file to the remote computing system, wherein receiving the file [[and the data is in response to detecting that the file]] is uploaded to the remote computing system (Tsai: par [0008] user requests a download of the app from the app store; par [0070] a vendor uploads either a patch to an application to said app store, or an upgrade to an application to said application store, wherein said terminal downloads said patch or said upgrade via said network, and wherein after said downloading by said terminal, said TMS authorizes said terminal to install and run said patch or said upgrade).
The combination above does not disclose, which Garcia discloses in response to detecting (Garcia: par [0052] the download module 318 automatically downloads the code updates in response to the monitor module 214 determining that one or more new code updates are available on the update websites).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov and further in view of Whittaker to provide in response to detecting, as taught by Garcia. The motivation would be to provide robustness for a system without intervention from user (i.e. determine whether the components are already using the most current version of the firmware, or whether she needs to download a code update).

Regarding claim 17; the combination of Tsai, Shalunov and Whittaker discloses the system of claim 10, wherein the first computer-readable medium is further encoded with additional instructions which, when executed by the first processor, further cause the first client device to:
determine that the first client device is [[to automatically download the file]]after upload of the file to the remote computing system, wherein the file and the data are received in response to detecting that the file is uploaded to the remote computing system (Tsai: par [0070] a vendor uploads … an upgrade to an application to said application store, wherein said terminal downloads said patch or said upgrade via said network, and wherein after said downloading by said terminal, said TMS authorizes said terminal to install and run said patch or said upgrade).

The combination above does not disclose, which Garcia discloses automatically download the file (Garcia: par [0052] the download module 318 automatically downloads the code updates in response to the monitor module 214 determining that one or more new code updates are available on the update websites).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai, in view of Shalunov and further in view of Whittaker to provide automatically download the file, as taught by Garcia. The motivation would be to provide robustness for a system without intervention from user (i.e. determine whether the components are already using the most current version of the firmware, or whether she needs to download a code update).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Tsai et al. (Tsai) U.S. Pub. Number 2021/0173902 in view of Vanahalli et al. (Vanahalli) U.S. Pub. Number 2019/0289059.
Regarding claim 19; Tsai discloses the method of claim 18.
Tsai does not disclose, which Vanahalli discloses wherein the data further includes a certificate authority (CA) signature of a document of the computing system, and an identifier of the first client device (Vanahalli: the authenticator 255 may send a query to the certificate authority including the digital certificate to verify that the proper certificate authority issued the digital certificate for the public key generated by the sender device 210. The certificate authority in turn may check the digital certificate against the local database).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Tsai to provide a certificate authority (CA) signature of a document of the computing system, and an identifier of the first client device, as taught by Vanahalli. The motivation would be to provide a secure authentication mechanism protection against security breaches and attacks from transferring files via public networks and the inclusion of the server may result in a significant increase of consumption of bandwidth, processing resources.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim 18 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by Tsai et al. (Tsai) U.S. Pub. Number 2021/0173902.
Regarding claim 18; Tsai discloses a method, comprising:
receiving, by a computing system, a file and a first value from a first client device, the first value being encrypted based on contents of the file (par. [0008] app is posted or uploaded into the app store… the user requests a download of the app from the app store… app image is hashed…create a hash value. The resulting hash value is then signed with the app store private key. In step 104 the app image is bundled with the signed application hash and transmitted to the user smart device; par [0016] a vendor uploads an application to said application store; par [0040] TMS 402 providing authentication for terminal 401 before installation and running of the app; par [0046] vendor 404 encrypts the one or more portions of the app code);
decrypting, by the computing system, the first value with use of a key of a document of the first client device (par [0012] the application hash is encrypted using both the vendor private key and the app store private key, and decrypted using both the vendor public key and the app store public key; par [0043] TMS 402 … decrypts the received encrypted hash);
generating, by the computing system, a second value for the file (par [0043] TMS 402 calculates a hash for the received app image using a stored hash function);                  
determining, by the computing system, a match of the first value and the second value (par [0043] TMS 402 receives the signed app image, and decrypts the received encrypted hash…calculates a hash for the received app image using a stored hash function. In step 615, TMS 402 compares the two hash values); and 
generating, by the computing system, data in response to the match of the first value and the second value, so as to enable download of the file by a second client device (par [0020] downloading, by a terminal… from said application store; par [0040] TMS 402 providing authentication for terminal 401 before installation and running of the app; par [0043] TMS compares the two hash values. If the two hash values match each other, then in step 616 TMS 402 authenticates the app and authorizes the terminal 401 to install and run the app).

Allowable Subject Matter
Claims 8, 12 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Examiner’s remarks to overcome the rejection above
 The Examiner also encourage Applicant to contact the Examiner to discuss claim’s amendment before responding to this Office Action. 

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. Number 2003/0114144 to Minemura-Minemura teaches terminal finds the hash value of the application downloaded to the download section, presents the signature for the authentication module along with the hash value, and the authentication module checks with the information held in the TRM section whether or not the signature can be generated from the hash value or the hash value matches a hash value obtained by decrypting the signature. 
U.S. Pub. Number 2009/0319796 to Kim-Kim teaches certificate is signed by the trusted CA using the trusted CA private key, that is, the hash value of the certificate is encrypted using the CA's private key. The encrypted hash value of the certificate may then be decrypted and then compared with the plaintext hash value of the certificate. In this manner the certificate is verified using the CA's public key. Only this public key can decrypt the signed certificate. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708. The examiner can normally be reached M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/VU V TRAN/Primary Examiner, Art Unit 2491