DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 06/30/2025 has been entered.
Response to Amendment
An objection to the drawings was raised in the Final Rejection mailed 03/31/2025. The current reply filed 06/30/2025 does not contain an amendment or argument pertaining to the objection of Figure 1B. Since the current reply filed 06/30/2025 appears to be bona fide, the omission is considered inadvertent and the Applicant is hereby respectfully reminded that there is an outstanding objection to the drawings.
Response to Arguments
Applicant's arguments, see pages 8-10, filed 06/30/2025, with regard to the rejection of claims 1-16 and 18-21 under 35 U.S.C. § 112(a) written description have been fully considered but they are not persuasive.
Applicant attests that paragraph [0003] of the originally filed disclosure adequately supports the claim limitation “applying code obfuscation techniques to at least one of the anomalous blocks of code to thereby create secured computer code” in independent claims 1, 9, and 18.
The Examiner respectfully disagrees.
Aside from the admission that the claimed code obfuscation techniques are “well-known”, there is nowhere in the specification is there any application of code obfuscation techniques. A mere statement that “well-known code obfuscation techniques” exist, as in the background section of the originally filed disclosure, without any further explanation, does not adequately support how the inventor intended to achieve the claimed function of “applying code obfuscation techniques to at least one of the anomalous blocks of code to thereby create secured computer code” as currently claimed. The rejection on the on the ground that the claim limitation at issue recites elements without support in the original disclosure will be maintained.
MPEP 2161.01, I, “It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015)
Applicant next attests that the limitation “determine effectiveness of the code obfuscation techniques by comparing anomaly measures of the blocks of code before and after applying the code obfuscation techniques” is well supported by the claim itself and the specification.
The Examiner respectfully disagrees.
The specification does not clearly describe how to compute the “effectiveness” value whatsoever. The disclosure recites passages such as “When used aposteriori on protected code, the implementations measure the effectiveness of the protection by looking for a reduction in the amount of anomalous code” in paragraph [0020] of the pre-grant publication no. US 2023/0214484 A1 and “The disclosed embodiments work even in the scenarios where absolutely no guidance on what code is security sensitive is provided by the user or by other systems. In this case, the measure of effectiveness is how well the technique identifies security sensitive code compared to random guessing. As described above, on sample data the disclosed implementations performed considerably better (30% vs. 17%). Additional embodiments can combine anomaly detection with other information, including explicit user guidance, through tagging for example, such as “this code *is* security sensitive”, “this code is *not* security sensitive”. Further, implicit user guidance (e.g., the code of interest is in this general part of the application) can be applied, and guidance derived from other techniques (machine learning, heuristics, etc…) can be applied. The additional guidance can be used to narrow the scope of code being inspected for anomalies, be used to set parameters for detecting anomalies, and/or might simply supplement the conclusions of the anomaly detection technique. Modelling is described above in a generic way that will work even if nothing is known about the code being analyzed. However, modelling (i.e., determining anomalies) can be improved via additional information in several ways. For example, if it is knowns that the code is for a game, training data from other games can be used to refine how anomalies are characterized. Also, any of input language, frameworks/libraries used (e.g., Unity), target platform, author, older versions of the same code, and more, can be used” in paragraphs [0065-0066] of the pre-grant publication. Neither of these specification excerpts adequately support “determining effectiveness of code obfuscation techniques by comparing anomaly measures of the blocks of code before and after applying the code obfuscation techniques”. There is no explanation of how the inventor intended to score the obfuscation, how the exemplary percentage scores provided were even derived, and there is no disclosure of how the claimed invention does any effectiveness measuring comparing the claimed “anomaly measures” outside of a mere recitation that it can be done using “an anomaly detection algorithm” (which is further unsupported on how the detection algorithm even functions as well).
Applicant finally attests that the claim limitation “parsing of the code based on the format of the computer code” is well supported by the originally filed disclosure claims that the specification is “replete with examples of how to parse code based on its format”.
The Examiner respectfully disagrees.
Aside from the admission contained in the footnote of page 9 of the remarks filed 06/30/2025 admitting that parsing of the code based on the format of the computer code “is well within the ken of a person of skill in the art”, nowhere in the specification is there disclosure of how the inventor intended to perform the claimed function of “parsing of the code based on the format of the computer code”. The cited paragraphs [0028-0044] of the pre-grant publication further demonstrate the point raised by the Examiner in the Final Rejection mailed 03/31/2025. The written description rejection at issue was made because the specification, taken as a whole, lacks any detail or implementation capable of parsing code of a variety of different computer code formats. Applicant’s argument that statements such as “every supported input format… can have a corresponding encoding module unique to that format… including a custom parser based on the grammar of the input format… the converting may include parsing of the code based on the format of the computer code” standing alone, provide sufficient written description is unpersuasive. The functioning of the described “customer parser” is critical to the functioning of the claimed invention in dependent claims 2 and 10, but the details regarding its implementation are completely absent from the originally filed disclosure.
It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015).
Applicant's arguments, see pages 10-14, filed 06/30/2025, with regard to the rejection of claims 1-16 and 18-21 under 35 U.S.C. § 103 have been fully considered but they are not persuasive.
Applicant first disparages the Byrne reference by stating that the cited portions in the Final Rejection mailed 03/31/2025 fail to teach or suggest “convert the blocks of code into a numeric description of characteristics of the code”.
The Examiner respectfully disagrees.
The Byrne reference in paragraphs [0034-0035] meets the broadest reasonable interpretation of the claimed “convert the blocks of code into a numeric description of characteristics of the code” as Byrne explicitly discloses using a function identifier and disassembler to first divide the binary code into labeled functions and disassemble the portions into a higher-level representation that is platform-independent.
In response to applicant's argument that the references fail to show certain features of the invention, it is noted that the features upon which applicant relies (i.e., “a transformation of code blocks into numerical representations based on extractable code properties”) are not recited in the rejected claim(s). Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Applicant’s arguments claiming that the Byrne reference “provides only the conclusory statement that a ‘function can be fingerprinted,’ without any disclosure of how this fingerprinting occurs or what form it takes” is particularly unpersuasive since the level of detail disclosed in the originally filed disclosure lacks such intricate detail and is recited at a high degree of generality. The high level of generality is evidenced in statements such as “Computer code converting module 212 may be configured to convert the computer code into a numeric description of characteristics of the code. The converting may include parsing of the code based on the format of the computer code.” and “The encoding phase can convert code (e.g., a function) into a numerical representation that is language agnostic. The representation is not necessarily an encoding of the code functionality, but of the code properties, for example the number of conditional instructions. While the output representation can be independent of the input format, the encoding method itself is likely not independent of the input format. Every supported input format (e.g., source code of a specific language, or an intermediate representation such as LLVM IR) can have a corresponding encoding module unique to that format. In some cases, the encoding method could be trivial, simply searching within a file. In other cases, it can be more complex, such as including a custom parser based on the grammar of the input format.” within paragraphs [0044] and [0028] respectively of the pre-grant publication.
Regarding the newly amended claim limitation “wherein the characteristics include at least one of: length of a function name, number of lines in a function, number of operations in a function body, number of parameters in a function signature, number of unique symbols, number of variables, or number of unique functions referenced by a function”, the Byrne reference does disclose this feature and will be presented in the rejection below.
Applicant next attests that the Desai “operates in an entirely different technical domain” and that “a person of ordinary skill in the art working in the code security field would have no reason to look to building utility management systems for guidance on detecting security-sensitive code portions”.
The Examiner respectfully disagrees.
In response to applicant's argument that the Desai reference is nonanalogous art, it has been held that a prior art reference must either be in the field of the inventor’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the inventor was concerned, in order to be relied upon as a basis for rejection of the claimed invention. See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992). In this case, the Desai reference is reasonably pertinent to the particular problem with which the inventor was concerned. The Desai reference was relied upon to specifically teach the claimed “ranking of blocks of code with an anomaly measure by applying an anomaly detection algorithm to the blocks of code”. The broadest reasonable interpretation in light of the originally filed disclosure includes using an “anomaly measure” (broadly defined in the pre-grant publication paragraph [0064]) obtained by “applying an anomaly detection algorithm” (broadly defined as including machine learning algorithms such as isolation forest in pre-grant publication paragraph [0018]: “Disclosed implementations can use isolation forest and other known anomaly detection algorithms.”). Therefore, since the Desai reference explicitly teaches the use of machine learning algorithms to detect anomalies (Desai [0043-0044] isolation forest explicitly taught) and select anomalies based on a threshold score (Desai [0046-0047]), the Desai reference is analogous art as it is reasonably pertinent to the problem being solved.
Finally, Applicant attests that Nicolson “operates on a completely different principle than the claims for measuring obfuscation effectiveness”.
The Examiner respectfully disagrees.
The claim limitation at issue, “determine effectiveness of the code obfuscation techniques by comparing anomaly measures of the blocks of code before and after applying the code obfuscation techniques” still lacks written description support in the originally filed disclosure. Applicant’s notion that “the claims recognize that reducing the anomalous characteristics that make code appear suspicious or unusual provides a more direct measure of obfuscation success” is not required by the currently amended claims, and if it were required, would further lack written description in the originally filed disclosure. The teaching of Nicolson meets the broadest reasonable interpretation of the claims at issue as the cited portions of Nicolson determine the effectiveness of the code obfuscation by comparison of before and after the code obfuscation took place.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-16 and 18-21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Independent claims 1, 9, and 18 recite the limitation “applying code obfuscation techniques to at least one of the anomalous blocks of code to thereby create secured computer code” which is new matter and is rejected on the ground that it recites elements without support in the original disclosure. The specification is silent with regard to how the claimed invention applies code obfuscation.
It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed function to satisfy the written description requirement. See, e.g., Vasudevan Software, Inc. v. MicroStrategy, Inc., 782 F.3d 671, 681-683, 114 USPQ2d 1349, 1356, 1357 (Fed. Cir. 2015).
Independent claim 1 recites the limitation “determine effectiveness of the code obfuscation techniques by comparing anomaly measures of the blocks of code before and after applying the code obfuscation techniques” There is no support in the disclosure regarding how the inventor intended to perform these various claimed functionalities. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function reciting in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention.
Regarding Claims 1, 8, 9, 16, and 18:
Claims 1, 8, 9, 16, and 18 recite “determine a corresponding ranking of at least some of the blocks of code with an anomaly measure by applying an anomaly detection algorithm to the blocks of code”. There is no support in the disclosure regarding how the inventor intended to perform these various claimed functionalities. The algorithm or steps/procedures for these claimed functions is not explained at all or is not explained in sufficient detail (simply restating the function reciting in the claim is not necessarily sufficient) so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention.
Regarding Claims 2 and 10:
Dependent claims 2 and 10 recite the limitation “parsing of the code based on the format of the computer code”. The specification is not commensurate with the full scope of the claim because it is silent regarding how the claimed parsing based on the format of the computer code is actually performed. Paragraph [0025] of the disclosure recites “Computer code converting module 212 may be configured to convert the computer code into a numeric description of characteristics of the code. The converting may include parsing of the code based on the format of the computer code”; and paragraph [0037] only nominally mentions a custom parser without disclosing an algorithm, motivation, or method step in regards to how the inventor intended the claimed invention to perform the claimed functionality.
The dependent claims fall together accordingly.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-16 and 18-21 are rejected under 35 U.S.C. 103 as being unpatentable over Byrne et. al. (US Publication No. US 2020/0394028 A1) hereinafter Byrne, in view of Desai et. al. (US Publication No. US 2020/0265119 A1) hereinafter Desai, further in view of Nicolson et. al. (US Publication No. US 2009/0119515 A1) hereinafter Nicolson.
Regarding Claim 1, 9, and 18:
Claim 1. Byrne discloses a system comprising: one or more hardware processors configured by machine-readable instructions to (Byrne [0019], Fig. 8): partition computer code into blocks of code (Byrne [0032] function identifier can divide the code into individual labelled functions); convert the blocks of code into a numeric description of characteristics of the code (Byrne [0032-0036]) wherein the characteristics include at least one of: length of a function name, number of lines in a function, number of operations in a function body, number of parameters in a function signature, number of unique symbols, number of variables, or number of unique functions referenced by a function (Byrne [0032] function name, library name, library version, register and memory values).
Byrne does not disclose determine a corresponding ranking of at least some of the blocks of code with an anomaly measure by applying an anomaly detection algorithm to the blocks of code; select anomalous blocks of the blocks of code by applying a threshold to the rankings; and apply code obfuscation techniques to at least one of the anomalous blocks of code to thereby create secured computer code; and determine effectiveness of the code obfuscation techniques by comparing anomaly measures of the blocks of code before and after applying the code obfuscation techniques.
Desai teaches determine a corresponding ranking of at least some of the blocks of code with an anomaly measure by applying an anomaly detection algorithm to the blocks of code (Desai [0046] anomaly score, Fig. 1A-1C various models used to determine what are anomalies); select anomalous blocks of the blocks of code by applying a threshold to the rankings (Desai [0047] select anomalies based on the score satisfying a threshold).
Desai does not teach and apply code obfuscation techniques to at least one of the anomalous blocks of code to thereby create secured computer code; and determine effectiveness of the code obfuscation techniques by comparing anomaly measures of the blocks of code before and after applying the code obfuscation techniques.
Nicolson teaches and apply code obfuscation techniques to at least one of the anomalous blocks of code to thereby create secured computer code (Nicolson Fig. 6 and 8, [0084-0089], [0102]; Applicant admitted it is well-known to one of ordinary skill in the art); and determine effectiveness of the code obfuscation techniques by comparing anomaly measures of the blocks of code before and after applying the code obfuscation techniques (Nicolson Fig. 5 and 7-11, [0090-0095] and [0097-0109] obfuscation feedback loop taught).
It would have been obvious to one having ordinary skill in the art before the time the invention was effectively filed to combine the code partitioning and conversion of Byrne with the anomaly score assignment, anomaly threshold measuring, taught by Desai, and finally with the code obfuscation and evaluation as taught by Nicolson. The motivation for this combination would be to ensure that the blocks of code which trigger the anomaly threshold are partitioned and separated, and the partitioned pieces of code may be sufficiently obfuscated and re-evaluated to ensure that the obfuscation as a whole was successful which is important as described by Nicolson (Nicolson [0041-0044] “Therefore, there is an unmet need for, and it would be highly useful to have, a system and method that can evaluate the quality of an obfuscation, or more specifically, a control flow graph obfuscation that replaces original code with obfuscated code that implements a more complex control flow, containing dummy code (that is, code that is never executed), fake-robust dummy code (code that is never executed but nonetheless appears to be valid), and clones of active code with different obfuscations, then feedback to the obfuscation process the results of this evaluation to enable the obfuscation process to produce more suitable results. The design of such a feedback system should be performed in a generic manner so that can be applied to any suitable existing or new obfuscation technique”).
Independent claims 9 and 18 recite substantially the same content and are therefore rejected under the same rationales. Byrne discloses a method in paragraphs [0019] and [0085].
Regarding Claim 2 and 10:
Claim 2. The combination of Byrne, Desai, and Nicolson further teaches the system of claim 1 (Byrne [0019], Fig. 8), wherein the converting includes parsing of the code based on the format of the computer code (Byrne [0038] the function identifier can utilize a disassembler that is compatible with different binary languages such as C or C++ and output a platform-independent representation for further use; Applicant admitted is well-known to one of ordinary skill in the art), wherein the format can be determined from one of an encoding or grammar of the code (Byrne [0038] the function identifier can utilize a disassembler that is compatible with different binary languages such as C or C++ and output a platform-independent representation for further use; Applicant admitted is well-known to one of ordinary skill in the art).
Claim 10 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claim 3, 11, and 19:
Claim 3. The combination of Byrne, Desai, and Nicolson further teaches the system of claim 1 (Byrne [0019], Fig. 8), wherein the characteristics of the code include one or more of a length of a function name, a number of lines in a function, a number of operations in a function body, a number of parameters in a function signature, a number of unique symbols, a number of number of variables, a number of unique functions referenced a function, a number of errors encountered while parsing code, and/or a number of times particular symbols or strings of symbols are encountered (Byrne [0035] function can be fingerprinted).
Claims 11 and 19 recite substantially the same content and are therefore rejected under the same rationales.
Regarding Claim 4, 12, and 20:
Claim 4. The combination of Byrne, Desai, and Nicolson further teaches the system of claim 1 (Byrne [0019], Fig. 8), wherein determining a corresponding ranking includes building an unsupervised learning model for determining anomalies of the computer code (Desai Fig. 1A-1C various models used to determine what are anomalies).
Claims 12 and 20 recite substantially the same content and are therefore rejected under the same rationales.
Regarding Claim 5 and 13:
Claim 5. The combination of Byrne, Desai, and Nicolson further teaches the system of claim 4 (Byrne [0019], Fig. 8), wherein the model is an isolation forest model (Desai [0043] isolation forest model).
Claim 13 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claim 6, 14, and 21:
Claim 6. The combination of Byrne, Desai, and Nicolson further teaches the system of claim 1 (Byrne [0019], Fig. 8), wherein determining a corresponding ranking includes assigning a score to each code block and ranking the code blocks based on the score (Desai [0047] select anomalies based on the score satisfying a threshold, and apply to the code blocks disclosed by Byrne).
Claims 14 and 21 recite substantially the same content and are therefore rejected under the same rationales.
Regarding Claim 7 and 15:
Claim 7. The combination of Byrne, Desai, and Nicolson further teaches the system of claim 1 (Byrne [0019], Fig. 8), wherein the selecting is applied only to code blocks exceeding a threshold rank (Desai [0047] select anomalies based on the score satisfying a threshold).
Claim 15 recites substantially the same content and is therefore rejected under the same rationales.
Regarding Claim 8 and 16:
Claim 8. The combination of Byrne, Desai, and Nicolson further teaches the system of claim 1, wherein the one or more hardware processors configured by machine-readable instructions to (Byrne [0019], Fig. 8): partition the secured computer code into blocks of secured computer code (Nicolson Fig. 8-11 the now-obfuscated code is partitioned into blocks, [0089-0095]); convert the blocks of secured code into a numeric description of characteristics of the secured code (Nicolson Fig. 8-11 the now-obfuscated code is partitioned into blocks and information such as code coverage and executions enumerated, [0089-0095]); determine a corresponding ranking of at least some of the blocks of secured code with an anomaly measure by applying an anomaly detection algorithm to the blocks of secured code (Nicolson Fig. 8-11, [0089-0095], [0097-0109] obfuscation feedback loop taught, [0198] scores taught); and compare the corresponding ranking of the at least some of the blocks of secured code with the corresponding ranking of at least some of the blocks of code (Nicolson Fig. 8-11, [0089-0095], [0097-0109] obfuscation feedback loop taught, [0198] scores taught) to thereby determine effectiveness of code protection (Nicolson Fig. 8-11, [0089-0095], [0097-0109] obfuscation feedback loop, [0133-0136] taught to identify re-obfuscation candidates, [0198] scores taught).
Claim 16 recites substantially the same content and is therefore rejected under the same rationales.
Conclusion
The prior art made of record in the submitted PTO-892 Notice of References Cited and not relied upon is considered pertinent to applicant’s disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MIGUEL A LOPEZ whose telephone number is (703)756-1241. The examiner can normally be reached 8:00AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 5712727624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.A.L./ Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/ Supervisory Patent Examiner, Art Unit 2496