DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 11/07/2022 has been entered.
 
Response to Amendment
The Amendment filed on 11/07/2022 has been entered. 
Claims 1-24 are amended.
Claim 25 is new.
Claims 1-25 are pending of which claims 1, 9 and 17 are independent claims.

Response to Arguments
The applicant's arguments filed on 11/07/2022 regarding claims 1-24 have been fully considered and persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made.

Claim Objections
Claim 25 is objected because it terminated with a comma. The claim(s) should have been terminated by a period instead.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 22 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over BOULTON (Pub. No.: US 2020/0311281) in view of Doshi et al (Pub. No.: US 2020/0136994, hereinafter Doshi) and Pogorelik et al. (Pub. No.: US 2016/0162269, hereinafter Pogorelik).
Regarding claim 1: BOULTON  discloses A method, comprising: 
performing the following within a code vendor environment (BOULTON - Fig. 1, Software Developer Device 160 and Software Security Analyzer 122):
developing an executable target code (BOULTON - [0026]: the software developer can submit the binary software code in the configuration of object code … If the binary software code is submitted in an .exe file, the software service platform can determine that the binary software code is in an executable code configuration),
then associating the executable target code with one or more threat indicators and/or one or more behaviors (BOULTON - [0014]: The software security analyzer 122 … can be configured to analyze software code for security risks. In some implementations, the software security analyzer 122 can determine a security risk value for each security risk factor, as well as the corresponding security confidence level and the corresponding security risk indicator. The software security analyzer 122 can also generate a security label representing this information),
However, BOULTON doesn’t explicitly teach but Doshi discloses then creating a data set including the executable target code and the one or more associated threat indicators and/or behaviors (Doshi - [0040]: telemetry controller can generate an edge service composition. [0069]: the composition(s) 146, 156 associated with a software resource (e.g., one(s) of the resource(s) 149, 159) can be described, generally, by a manifest structure corresponding to one or more tags, such as one or more software identification (SWID) tags, one or more concise SWID (CoSWID) tags, etc., and/or a combination thereof); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of BOULTON with Doshi so that a manifest structure corresponding to one or more tags that associated with a software resource can be generated. The modification would have allowed the system to create a structure with software resource and tags.
However, the combination of BOULTON and Doshi doesn’t explicitly teach but Pogorelik discloses then releasing the data set from the code vendor environment by providing the data set including the executable target code and the one or more associated threat indicators and/or behaviors across a network from a first information handling system of the code vendor environment to at least one other different information handling system that comprises an endpoint information handling system or to a second information handling system that is different from each of the first information handling system and the endpoint information handling system, and that is coupled to and managing the endpoint information handling system (Pogorelik - [0011]: Fig. 1, receive an application installation package that includes a list or manifest to indicate which, if any, device resources may be accessed by the application. A table or database of weighted impact scores may be configured to indicate the relative impacts on security and/or privacy associated with each of one or more categories of accessed device resources).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of BOULTON and Doshi with Pogorelik so that the software package can be provided to the user platform. The modification would have allowed the system to enhance security for software installation.
Regarding claim 22: Boulton as modified discloses where the executable target code is a newly developed executable target code that is developed in a code vendor environment by the code creator; (BOULTON - [0022]: the binary software code can be submitted to the software service platform by a software developer, over a network. The binary software code can represent an application software, a system software (e.g., an operating system or a device driver), or a component thereof); 
where the data set including the executable target code and the one or more associated threat indicators and/or behaviors is also created is also created by the code creator (Doshi - [0040]: telemetry controller can generate an edge service composition. [0069]: the composition(s) 146, 156 associated with a software resource (e.g., one(s) of the resource(s) 149, 159) can be described, generally, by a manifest structure corresponding to one or more tags, such as one or more software identification (SWID) tags, one or more concise SWID (CoSWID) tags, etc., and/or a combination thereof);
where the releasing the data set from the code vendor environment comprises releasing the newly developed executable target code and the one or more associated threat indicators and/or behaviors from the code creator of the code vendor environment in the data set across the network from the first information handling system to the at least one other information handling system (Pogorelik - [0012]: A device or user platform 106 is shown, which may be configured to download application packages 104 from an application vendor 102).
Doshi and Pogorelik are combined with Boulton herein for similar obviousness reasons and motivation and the same rationale as stated for claim 1.
Regarding claim 25: BOULTON as modified discloses further comprising performing the following within a code vendor environment for the executable target code; 
establishing baseline behavior patterns as the behaviors for the executable target code (BOULTON - [0023]: determines a security risk value each of a plurality of security risk factors of the binary software code. Examples of the security risk factors can include a network connection factor, an open source software (OSS) factor, an application program interface (API) factor, a string factor, an exception handling factor, a complier defense factor, a code obfuscation factor, a cryptography factor); 
performing vulnerability testing to identify the threat indicators for the executable target code (BOULTON - [0064]: determining the security risk value, security confidence level, security risk indicator for different security risk factors); and 
then associating the executable target code with the established baseline behavior patterns of the behaviors and the identified threat indicators (BOULTON - [0064]: generating the security label can be performed by any computing device that analyzes or executes the binary software code);

Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over BOULTON (Pub. No.: US 2020/0311281) in view of Doshi et al (Pub. No.: US 2020/0136994, hereinafter Doshi) and Pogorelik et al. (Pub. No.: US 2016/0162269), hereinafter Pogorelik) and FERNANDER et al. (WO 0239693 A2, hereinafter FERNANDER).
Regarding claim 21: Boulton as modified doesn’t explicitly teach but SINHA discloses where the target code included within the data set comprises at least one of a word processing application, email application, photo editing application, Internet browser, computer game, PDF viewer, or spreadsheet application (SINHA - [0054]: a data object may be associated with a particular file type and/or format (e.g., a hypertext markup language (HTML) file, an extensible markup language (XML) file, a text file, a joint photographic experts group (JPEG) file, a portable network graphics (PNG) file, a motion photographic experts group (MPEG) file, an audio video interleave (AVI) file, a portable document format (PDF) file, a spreadsheet file, a word processing file, or the like)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of BOULTON, Doshi and Pogorelik with SINHA so that target code can be spreadsheet etc. The modification would have allowed the system to process specific file types. 


Allowable Subject Matter
Claims 2-8 and 23 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 
Claims 9-20 and 24 are allowed because claims 9 and 17 incorporated allowable subject matter of clam 2.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Quigley et al. (Pub. No.: US 2021/0264033) - Dynamic Threat Actionability Determination and Control System
Dinh et al. (Pub. No.: US 2021/0124830) - Code vulnerability remediation
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437