Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This Office Action is in response to the application 17/780,139 filed on 11/30/2023.
Claims 1-8 have been examined and are pending.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 11/01/2023 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claims 1 and 8 are objected to because of the following informalities:
Regarding claims 1 and 8, claims 1 and 8 are objected to as the acronym “JS” is recited without spelling out in full at its first occurrence in the claims.
Appropriate correction is required.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claims 1-8 are rejected under 35 USC 101 as being directed to an abstract idea without being integrated into a practical application or being significantly more.
Regarding claims 1 and 8, the claims recite the limitations “determining a document format of the non-PE files;” “searching for a dictionary type …,” “inspecting whether a JE entry is included in the dictionary type;” and “substituting a value of the JS entry with an empty string by comparing the value of the JS entry with the empty string.” Broadly interpreted, the aforementioned steps are directed to mental processes as said steps could be performed in the human mind or by a human using a pen and paper (see MPEP §2106.04(a)). Therefore, the claims recite an abstract idea.
Said abstract idea and/or judicial exception is not integrated into a practical application as the claim does not recite any other active steps that could be considered that the abstract idea is being integrated into a practical application.
It’s also noted that the claims recite additional limitation/elements (i.e., server, communication unit, memory, processor, etc.,). However, said additional elements are recited at a high-level of generality (i.e., as a generic computing device performing a generic computer functions) such that it amounts no more than mere instructions to apply the exception or abstract idea using generic computer components. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea.
The claims do not include additional elements/limitations/embodiments that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional elements, said elements taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. As discussed above, the additional elements recited at a high-level of generality such that they amount no more than mere instructions to apply the exception using a generic computer component. Therefore, the claim is directed to non-statutory subject matter.
Regarding claims 2-7, claims 2-7 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims recite an abstract idea and the claims do not positively recite any other operations that could be considered as the abstract idea is being integrated into a practical application or significantly more. It’s noted that claim 3 recites the limitations: “identifying a first stream…;” “determining a compression and storage state …” and “comparing the first stream or the second stream with a basic value …” Said steps are either directed to mental processes and/or in a form of insignificant extra-solution activities; The aforementioned steps are not sufficient to consider that the abstract idea is being integrated into a practical application or significantly more. Therefore, claims 2-7 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2 are rejected under 35 U.S.C. 103 as being unpatentable over Xu et al., (“Xu,” US 10,169,579), in view of Park, Sang Hoon, (“Park,” KR 10-1860546, IDS submitted on 11/01/2023).
Regarding claim 1, Xu discloses a method of disarming, by a server, a non-portable executable (non-PE) file, the method comprising:
determining a document format of the non-PE file (Xu: col. 2, lines 34-44);
searching for a dictionary type of the non-PE file on the basis of basic elements of the non-PE file by circulating throughout the non-PE file, based on the document format being a PDF (Xu: Fig. 5, col. 4, lines 54-65 and col. 7, lines 17-33, Fig. 10; step 1004);
inspecting whether a JS entry is included in the dictionary type (Xu: Fig. 5; col. 4, lines 54-65); and
Xu discloses all limitations above, but does not explicitly disclose substituting a value of the JS entry with an empty string by comparing the value of the JS entry with the empty string.
However, Park discloses a method for disarming content contained in file, wherein substituting a value of the JS entry with an empty string by comparing the value of the JS entry with the empty string (Park: pars 0043-0047 and 0050-0053).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Park with the method/system of Xu to provide users with a means for protecting a user terminal from infection by malicious.
Regarding claim 2, Xu and Park discloses the method of claim 1. Park further discloses the basic element is an "obj" entity, and the dictionary type comprises a JavaScript action entity (Park: pars. 0047-0048).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Park with the method/system of Xu to provide users with a means for protecting a user terminal from infection by malicious.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Xu et al., (“Xu,” US 10,169,579), in view of Park, Sang Hoon, (“Park,” KR 10-1860546), and further in view of Lim et al., (“Lim,” US 2013/0305373).
Regarding claim 3, Xu and Park the method of claim 1, further comprising: identifying a first stream or a second stream, which is a target of the disarming (Park: pars. 0079-0081), based on the document format being an HWP format; determining a compression and storage state of the first stream or the second stream; and comparing the first stream or the second stream with a basic value based on the compression and storage state and substituting the first stream or the second stream with the basic value (Park: pars. 0083-0088).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Park with the method/system of Xu to provide users with a means for protecting a user terminal from infection by malicious.
Park and Xu does not explicitly disclose the document format being an HWP format.
However, Lim discloses a method for inspecting non-portable file, wherein the document format being an HWP format (Lim: par, 0046-0047; a non-PE file can include files having a file extension such as hwp, doc, pdf, jpg, js, html and the like)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Lim with the method/system of Xu and Park to provide users with a means for detecting the malicious code within the non-PE file.
Claims 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over Xu et al., (“Xu,” US 10,169,579), in view of Park, Sang Hoon, (“Park,” KR 10-1860546) and Lim et al., (“Lim,” US 2013/0305373), and further in view of Brandis et al., (“Brandis,” Threat Modelling Adobe PDF. Defence Science and Technology Organisation. IDS submitted on 11/01/2023).
Regarding claim 4, Xu, Park, and Lim disclose the method of claim 3, but do not explicitly disclose the first stream is a DefaultJScript stream, and the second stream is a JScriptVersion stream.
However, Brandis discloses a threat Modelling Adobe PDF, wherein the first stream is a DefaultJScript stream, and the second stream is a JScriptVersion stream (Brandis: page 15; section 4.1 and pages 20, 22).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Brandis with the method/system of Xu, Park, and Lim to makes the function's intent clearer code.
Regarding claim 5, Xu, Park, and Lim disclose the method of claim 3, but do not explicitly disclose the first stream comprises a JavaScript code, and the second stream comprises version information of the JavaScript.
However, Brandis discloses a threat Modelling Adobe PDF, wherein the first stream comprises a JavaScript code, and the second stream comprises version information of the JavaScript (Brandis: page 15; section 4.1 and pages 20, 22).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Brandis with the method/system of Xu and Park to makes the function’s intent clearer code.
Regarding claim 6, Xu, Park, and Lim disclose the method of claim 3.
Lim further disclose document having the HWP format (Lim: par, 0046-0047; a non-PE file can include files having a file extension such as hwp, doc, pdf, jpg, js, html and the like).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Lim with the method/system of Xu and Park to provide users with a means for detecting the malicious code within the non-PE file.
Xu. Park and Lim do not explicitly disclose wherein the basic value is a value corresponding to the first stream or second stream of a new document.
However, Brandis discloses a threat Modelling Adobe PDF, wherein the basic value is a value corresponding to the first stream or second stream of a new document (Brandis: pages 1-4 ).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Brandis with the method/system of Xu, Park and Lim to makes the function’s intent clearer code.
Regarding claim 7, Xu, Park, Lim, and Brandis disclose the method of claim 6.
Brandis further discloses wherein the basic value has a compression and storage state identical with a compression and storage state of a value of the first stream and/or the second stream (Brandis: pages 1-4, 41, 56, and 64).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Brandis with the method/system of Xu, Park and Lim to make it easier to read and identify malicious code.
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Xu et al., (“Xu,” US 10,169,579), in view of Park, Sang Hoon, (“Park,” KR 10-1860546), and further in view of Gou et al., (“Gou,” US 9,686,304).
Regarding claim 8, Xu discloses a server for disarming a non-portable executable (non- PE) file, comprising: a communication unit; a memory comprising a contents disarm [[and reconstruction (CDR)]] engine for performing the disarming (Xu: Fig. 5); and a processor configured to functionally control the communication unit and the memory, wherein the processor is configured to determine a document format of the non-PE file (Xu: Fig. 5, col. 4, lines 54-65 and col. 7, lines 17-33, Fig. 10; step 1004), search for a dictionary type of the non-PE file on the basis of basic elements of the non-PE file by circulating throughout the non-PE file, based on the document format being a PDF (Xu: Fig. 5; col. 4, lines 54-65), inspect whether a JS entry is included in the dictionary type Xu: Fig. 5; col. 4, lines 54-65.
Xu discloses all limitations above, but does not explicitly disclose substitute a value of the JS entry with an empty string by comparing the value of the JS entry with the empty string.
However, Park discloses a method for disarming content contained in file, wherein substitute a value of the JS entry with an empty string by comparing the value of the JS entry with the empty string (Park: pars 0043-0047 and 0050-0053).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Park with the method/system of Xu to provide users with a means for protecting a user terminal from infection by malicious.
Xu and Pard do not explicitly disclose a memory comprising reconstruction (CDR).
However Gou disclose a methos/system for healing infected document files; wherein a memory comprising reconstruction (CDR) (Gou: col. 4, lines 45-51; Figs. 1 and 2; a reconstruction module 110).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teachings of Gou with the method/system of Xu and Park to provide users with a means for analyzing or deobfuscating malicious JavaScript and allowing existing anti-virus solutions that focus solely on JavaScript to be employed directly without modification.
Conclusion
The prior art made of record on form PTO-892 and not relied upon is considered pertinent to applicant's disclosure. Applicant is required under 37 C.F.R. § 1.111(c) to consider these references fully when responding to this action.
It is noted that any citation to specific, pages, columns, lines, or figures in the prior art references and any interpretation of the references should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. In re Heck, 699 F.2d 1331, 1332-33,216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275,277 (CCPA 1968)).
Inquiries
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LINH K PHAM whose telephone number is (571)270-3230. The examiner can normally be reached Monday-Thursday from 8:00 AM to 6:00 PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William L Bashore can be reached on (571) 272-4088. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/LINH K PHAM/
Primary Examiner
Art Unit 2174