RDETAILED ACTION
1. Claims 1-24 are pending in this examination.
Notice of Pre-AIA or AIA Status
2. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
3. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Response to Arguments
4. Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection.
Double Patenting
5.1. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
5.2. Claims 1-2, 4, 6-7, 10-12, 14-15, 17-19 and 21-22 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 5-6, 10, 18 of co-pending Application No. 18120807 in view of US Patent No. 7971255 issued to Kc et al (“Kc”).
Although the conflicting claims are not identical, they are not patentably distinct from each other because the subject matter claimed in the instant application is substantially similar in nature of co Application No. ‘807, in view of US Patent No. 7971255 issued to Kc et al (“Kc”); for example:
Instant application No. 18119714
Claims: 1-2, 4, 6-7, 10-12, 14-15, 17-19 and 21-22
Co-pending Application No. 18120807
Claims: 1, 5-6, 10, 18
1.A method comprising: obtaining, by circuitry of a network interface installable in a host computing system, contents of at least one region of memory associated with one or more processes being performed by a host computing system connected to the network interface, the at least one region of memory being usable by the one or more processes to allocate at least one portion of memory at runtime; and
Determining, using the circuitry network of interface whether any of the one or more processes is potentially malicious based at least in part on the contents.
Co Application No. ‘807 does not explicitly disclose however in the same field of endeavor, KC discloses the at least one region of memory being usable by the one or more processes to allocate at least one portion of memory at runtime (col. 4, 52-65 to col. 5 lines 1-15).
Motivation, please see below
2. The method of claim 1, further comprising: causing, by the network interface, information to be displayed when any of the one or more processes is determined to be potentially malicious.
4. The method of claim 1, wherein the network interface is at least one of out- of-band or agentless with respect to at least one processor of the host computing system performing the one or more processes.
6. The method of claim 5, wherein determining whether the assembly code is likely to implement the malicious process comprises classifying the assembly code as potentially being malware or as not being malware.
7. The method of claim 5, further comprising: causing, by the network interface, information to be displayed when the assembly code is determined to be likely to include malware.
Claims 10-12, 14-15, 17-19 and 21-22 same as stated above
1.A method comprising: obtaining, by a network interface, one or more machine code segments at least one of loaded or injected into a process; using a data structure to identify a region of memory used by the process to store the one or more machine code segments; obtaining, by the network interface, assembly code for the one or more machine code segments stored in the region of memory; and
determining, by the network interface, whether the assembly code is likely to perform at least one unauthorized task.
6. The method of claim 1, further comprising: identifying, by the network interface, the process based at least in part on contents of at least one memory region associated with the process.
5. The method of claim 1, further comprising: causing, by the network interface, information to be displayed when the assembly code is classified as potentially being malware.
18. The system of claim 9, wherein the one or more circuits are at least one of out-of-band or agentless with respect to the at least one host processor.
10. The system of claim 9, wherein determining whether the assembly code is likely to perform the at least one unauthorized task comprises using artificial intelligence to classify the assembly code as potentially being malicious or as not being malicious.
5. The method of claim 1, further comprising: causing, by the network interface, information to be displayed when the assembly code is classified as potentially being malware.
Claims 9, 13, 18, 19-20, 23 and 27 same as stated above
Motivation: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Co-pending Application No. 18120807 with the teaching of Kc by including the feature of a processes to allocate at least one portion of memory at runtime, in order for Co-pending Application No. 18120807’s system for detecting and halting execution of malicious code. a monitoring system for detecting and halting execution of malicious code, including a kernel-based system call interposition mechanism, and a libc function interception mechanism. The kernel-based system call interposition mechanism detects a system call request from an application, determines a memory region from which the system call request emanates, and halts execution of the code responsible for the call request if the memory region from which the system call request emanates is a data memory region. In one embodiment, the data memory region includes writable sections of memory. In another embodiment, the system call request includes a communication to an operating system kernel to request interaction with one or more resources (Kc, col. 4, lines 25-35).
This is a provisional double patenting rejection since the conflicting claims have not in fact been patented.
Claim Rejections - 35 USC § 103
6.1. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
6.2. Claims 1-2, 10,17-18 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. 7971255 issued to Kc et al (“Kc”) in view of US Patent Application No. 20080016572 to Burkhardt et al (“Burkhardt”) and in view of US Patent Application No. 20140177370 to Halbert et al (“Halbert”).
As per claim 1, Kc discloses a method comprising: obtaining, by a computer or more processes being performed by a host computing system comprising the computer (col. 4, 52-65 to col. 5 lines 1-15, detecting and halting execution of
malicious code, including interposing system calls by detecting a system call request from an application, determining a memory region from which the system call request emanates, and halting execution of the code responsible for the call request if the memory region from which the system call request emanates is a data memory region…); and
determining whether any of the one or more processes is potentially malicious based at least in part on the contents (col. 2, lines 15-35, also see runtime (col. 4, 52-65 to col. 5 lines 1-15, detecting and halting execution of malicious code, including interposing system calls by detecting a system call request from an application, determining a memory region from which the system call request emanates, and halting execution of the code responsible for the call request if the memory region from which the system call request emanates is a data memory region…).
Kc does not explicitly disclose however in the same field of endeavor, Burkhardt discloses determining, by circuitry of the network interface, whether any of the one or more processes is potentially malicious based at least in part on the contents obtained by the circuitry of the network interface ([0014]is an example computing environment for detecting malicious software via memory analysis. Various embodiments of malicious software detection are executable on a computing device. FIG. 2 and the following discussion provide a brief general description of a suitable computing environment in which such a computing device can be implemented. Although not required, various aspects of detecting malicious software
via memory analysis can be described in the general context of computer executable instructions, such as program modules, being executed by a computer, such as a client workstation or a server. Generally, program modules include routines, programs, objects, components, data structures and the like that perform particular tasks or implement particular abstract data types. Moreover, detecting malicious software via memory analysis can be practiced with other computer system configurations, including hand held devices, multi processor systems, microprocessor based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. Further, detecting malicious software via memory analysis also can be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules can be located in both local and remote memory storage devices. Also see [0004], [0024] FIG. 2 and associated text).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kc with the teaching of Burkhardt by including the feature of a potentially malicious, in order for Kc’s system to detect the presence of malicious software in a system, selected data in memory of the system is stored in a designated storage location and analyzed by a known safe operating system. In an example configuration, a snapshot of system memory is downloaded to a dedicated device coupled to the motherboard of the system. A clean, uncorrupted operating system is loaded into the dedicated device, and the snapshot is analyzed utilizing the clean operating system. If malicious software is detected, the system is repaired using the clean operating system. In an example embodiment, this process is initiated when the system goes into a hibernation state, and/or during a system restoration operation (Burkhardt, Abstract).
Kc and Burkhardt do not explicitly disclose however in the same field of endeavor, Halbert discloses, a network interface; circuitry of a network interface installable in a host computing system ([0035] DRAM 210 may include hardware connectors (not shown) that interface with corresponding hardware connectors (not shown) of memory controller 220. Memory access from host processor 240 typically goes through memory controller 220. In one embodiment, memory controller 220 is part of host processor 240. In an alternate embodiment, memory controller is part of a supporting "chipset" or hardware logic that provides an infrastructure for power and interface logic for a hardware platform of which host processor 240 is a part).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kc with the teaching of Burkhardt /Halbert by including the feature of a circuitry, in order for Kc’s system to improving the performance of DRAM. Techniques and mechanisms to facilitate an operational mode of a memory device to prepare for a targeted refresh of a row in memory. In an embodiment, the memory device performs one or more operations while in the mode to prepare for a future command from a memory controller, the command to implement, at least in part, a targeted refresh of a row in a first bank of the memory device. Prior to such a command, the memory device services another command from the memory controller. In another embodiment, servicing the other command includes the memory device accessing a second bank of the memory device while the memory device operates in the mode, and before completion of an expected future targeted row refresh (Halber, abstract).
As per claim 2, the combination of Kc, Burkhardt and Halber discloses the method of claim 1, further comprising: causing, by the network interface, information to be displayed when any of the one or more processes is determined to be potentially malicious (Burkhardt, [0048], [0051]). The motivation regarding the obviousness of claim 1 is also applied to claim 2.
Claims 10, 17, are rejected for similar reasons as stated above, and claim 1 including Burkhardt discloses a network interface that is separate from the at least one host processor ([0004], [0014], [0024] FIG. 2 and associated text). The motivation regarding the obviousness of claim 1 is also applied to claims 10, 17.
Halbert discloses a network interface to be connected to at least one host processor and a host memory within a host computing system, circuitry of a network interface installable in a host computing system (Halbert, [0035] DRAM 210 may include hardware connectors (not shown) that interface with corresponding hardware connectors (not shown) of memory controller 220. Memory access from host processor 240 typically goes through memory controller 220. In one embodiment, memory controller 220 is part of host processor 240. In an alternate embodiment, memory controller is part of a supporting "chipset" or hardware logic that provides an infrastructure for power and interface logic for a hardware platform of which host processor 240 is a part).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kc with the teaching of Burkhardt /Halbert by including the feature of a circuitry, in order for Kc’s system to improving the performance of DRAM. Techniques and mechanisms to facilitate an operational mode of a memory device to prepare for a targeted refresh of a row in memory. In an embodiment, the memory device performs one or more operations while in the mode to prepare for a future command from a memory controller, the command to implement, at least in part, a targeted refresh of a row in a first bank of the memory device. Prior to such a command, the memory device services another command from the memory controller. In another embodiment, servicing the other command includes the memory device accessing a second bank of the memory device while the memory device operates in the mode, and before completion of an expected future targeted row refresh (Halber, abstract).
As per claim 18, the combination of Kc, Burkhardt and Halber discloses the processor of claim 17, wherein the processor is comprised in at least one of a network interface (Burkhardt, [0004], [0014]). The motivation regarding the obviousness of claim 1 is also applied to claim 18.
6.3. Claims 3, 5, 11, 13, 20 are rejected under 35 U.S.C. 103 as being unpatentable over Kc, Burkhardt and Halber as applied to claim above, and in view of US Patent No. 9588829 issued to Turbin et al (“Turbin”).
As per claim 3, the combination of Kc, Burkhardt and Halber discloses the invention as described above. Kc, Burkhardt and Halber do not explicitly disclose however, In the same field of endeavor, Turbin discloses the method of claim 1, further comprising: causing the contents to be scanned to produce scan results, wherein a determination of whether any of the one or more processes is potentially malicious is based at least in part on the scan results (Turbin, col. 4, line 55 through col. 5, line 2, antivirus application analyzes the disassembled code and scans for any suspicious actions, then accordingly generates a warning message to be displayed upon the presence of an existing a suspicious instruction,).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kc, Burkhardt, and Halber with the teaching of Turbin by including the feature of a scan, in order for Kc’s system protecting a computer against malware infection. It is an object of the present invention to provide an improved defence against computer malware infection arising from a removable storage device. This object is achieved by inspecting the contents of MBR code of aremovable storage device during normal operation of a computer to which the device is attached, in order to identify suspicious MBR code, and taking appropriate action to prevent cross infection if such suspicious code is identified, Turbin, col. 2, lines 12-25).
As per claim 5, the combination of Kc, Burkhardt, Halber and Turbin discloses the method of claim 1, further comprising, when a suspect process of the one or more processes is determined to be potentially malicious: identifying, by the network interface, one or more machine code segments at least one of loaded or injected into the suspect process; obtaining, by the network interface, assembly code for the one or more machine code segments; and determining, by the network interface, whether the assembly code is likely to implement a malicious process (Turbin, col. 4, lines 49-61 wherein the code is in the form of machine code instructions (i.e., process), and col. 4, lines 55-61, the machine codes instructions are then checked for any suspicious actions (i.e., loaded or injected with undesirable commands). The motivation regarding the obviousness of claim 3 is also applied to claim 5.
As per claim 11, the combination of Kc, Burkhardt, Halber and Turbin discloses the system of claim 10, the network interface comprising a network interface card (Burkhardt, [0004], [0014]). The motivation regarding the obviousness of claim 1 is also applied to claim 11.
Claims 13, 20, are rejected for similar reasons as stated above, and claim 5.
6.3. Claims 4, 7, 12, 15, 19 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Kc, Burkhardt, Halber and Turbin as applied to claim above, and in view of US Patent Application No. 11,042,637 to Davis et al (“Davis”).
As per claim 4, the combination of Kc, Kc, (Burkhardt, [0004], [0014])., Halber and Turbin discloses the invention as described above. Kc, (Burkhardt, [0004], [0014])., Halber and Turbin do not explicitly disclose however, In the same field of endeavor, Davis discloses the method of claim 1, wherein the network interface is at least one of out-of-band or agentless with respect to at least one processor of the host computing system performing the one or more processes (Davis, col. 4, lines 26-34 and as shown in Figure 1, items #102 for the enterprise security operations centers along with the client devices #104-1 to 104-M).
It would have been obvious to a person of ordinary skill in the before the effective filing date of the claimed invention to have been motivated apply a remote system that can process multiple clients are once. The teachings of Davis et al disclose of determining measures of code sharing between software modules utilizing fingerprinting of assembly function code that is processed from a plurality of client devices on the network used to detect malicious software modules, col. 2, lines 37-54, Davis et al similarly discloses of a disassembler module for generating assembly code for threat detection and remediation (col. 5, lines 42-46), wherein the teachings of Burkhardt, Halber and Turbin / KC et al would have found this scalable approach of Davis et al beneficial since the teachings only monitor a single system, whereby the teachings of Davis et al are applied to multiple client devices that exist out-of-band, or external to the SOC for threat detection and mitigation.
As per claim 7, the combination of Kc, Burkhardt, Halber, Turbin and Davis discloses the invention method of claim 5, further comprising: causing, by the network interface, information to be displayed when the assembly code is determined to be likely to include malware (Turbin, col. 4, line 55 through col. 5, line 2, anti-virus application analyzes the disassembled code and scans for any suspicious actions, then accordingly generates a warning message to be displayed upon the presence of an existing a suspicious instruction,). The motivation regarding the obviousness of claim 1 is also applied to claim 7.
Claims 12 and 19 are rejected for similar reasons as stated above, and claim 4.
Claims 15 and 22 are rejected for similar reasons as stated above, and claim 7.
6.4. Claims 6, 14, 16, 21 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over Kc, Burkhardt, Halber, and Turbin as applied to claim above, and in view of US Patent Application No. 20230161879 to Koo et al (“Koo”).
As per claim 6, the combination of Kc, Burkhardt, Halber, and Turbin discloses the invention as described above. Kc, Burkhardt, Halber, and Turbin do not explicitly disclose however, In the same field of endeavor, Koo discloses the method of claim 5, wherein determining whether the assembly code is likely to implement the malicious process comprises classifying the assembly code as potentially being malware or as not being malware (col. 4, lines 55-65 and col. 6, lines 3-10, anti-virus application analyzes the disassembled code and scans for any suspicious actions).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kc with the teaching of Burkhardt, Halber, and Turbin/ koo by including the feature of classifying, in order for Kc’s system for detecting a malicious code based on an assembly language model. Disclosed herein a method and apparatus for detecting a malicious code based on an assembly language model. According to an embodiment of the present disclosure, there is provided a method for detecting a malicious code. The method comprising: generating an instruction code sequence by converting an input file, for which a malicious code is to be detected, into an assembly code; embedding the instruction code sequence by using a prelearned assembly language model for instruction code embedding and outputting an embedding result of the instruction code sequence; and detecting whether or not the input file is a malicious code, by using a prelearned malicious code classification model with the embedding result as an input (Koo, [0007]).
As per claim 16, the combination of Kc, Burkhardt, Halber, Turbin, and Koo discloses the system of claim 13, wherein determining whether the assembly code is likely to implement the malicious process comprises performing inferencing with respect to the assembly code using at least one Natural Language Processor (Ko, [0007], [0046]-[0049]). The motivation regarding the obviousness of claim 6 is also applied to claim 16.
Claims 14, and 21 are rejected for similar reasons as stated above, and claim 6.
Claim 23, is rejected for similar reasons as stated above, and claim 16.
6.5. Claims 8, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Kc, Burkhardt, and Halber as applied to claim above, and in view of US Patent Application No. 20200104498 to Smith et al (“Smith”).
As per claim 8, the combination of Kc, Burkhardt, and Halber discloses the invention as described above. Kc, Burkhardt, and Halber do not explicitly disclose however, In the same field of endeavor, Smith discloses the method of claim 1, further comprising: performing, for each period in a series of periods, the obtaining of the contents and determining of whether any of the one or more processes is potentially malicious based at least in part on the contents, wherein, for each period in the series of periods, the obtaining and determining are completed within the period (Abstract, claim 14; [0016]-[0017], [0022]; Due to the processing efficiencies gained by the processes described above, the average time to complete the processing of the snapshots was less than thirty five seconds per snapshot; for a feature vector extraction, the average time for generating all images or extracting the byte sequences was less than ten seconds when executed on a 2.5 GHz machine as graphically shown in FIG. 2. Faster systems and the efficiencies described above render real-time detections, para.17, claim 14; detect malware by training a rule-based model, a functional based model, and a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device. The system extracts a feature set from a second memory snapshot captured
from an operating state of the monitored device and processes the feature set by the rule-based model, the functional-based model, and the deep learning-based model).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kc with the teaching of Smith/ Burkhardt, and Halber by including the feature of a time, in order for Kc’s system to detecting software that disrupts, damages, or gains unauthorized access to a device and specifically, to agnostic malware detection. A system and method (referred to as the system) detect malware by training a rule-based model, a functional based model, and a deep learning-based model from a memory snapshot of a malware free operating state of a monitored device. The system extracts a feature set from a second memory snapshot captured from an operating state of the monitored device and processes the feature set by the rule-based model, the functional-based model, and the deep learning-based model. The system identifies identifying instances of malware on the monitored device without processing data identifying an operating system of the monitored device, data associated with a prior identification of the malware, data identifying a source of the malware, data identifying a location of the malware on the monitored device, or any operating system specific data contained within the monitored device (Smith, abstract).
As per claim 9, the combination of Kc, Burkhardt, Halber and Smith discloses the method of claim 8, wherein each period in the series of periods has a duration no greater than 5 seconds (Smith, [0016]-[0017], also see [0022]). The motivation regarding the obviousness of claim 8 is also applied to claim 9.
6.6. Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Kc, Burkhardt, and Halber as applied to claim above, and in view of US Patent Application No. 20120151211 to Kreiner et al (“Kreiner”).
As per claim 24, the combination of Kc, Burkhardt, and Halber discloses the invention as described above. Kc, Burkhardt, and Halber do not explicitly disclose however, In the same field of endeavor, Smith discloses the method of claim 1, wherein the determining whether any of the one or more processes is potentially malicious based at least in part on the contents is performed without involving resources of a host processor of the host computing system (Kreiner, [0014]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kc with the teaching of Burkhardt, / Halber/ Kreiner by including the feature of a resources in order for Kc’s system for obtaining the application(s) via network download (e.g., Internet download) motivate the software developers to employ one or more minor hosts to handle network demands for the application(s) so that the software developer does not have to purchase expensive networking hardware (e.g., server farms) to handle application distribution. Methods and apparatus are disclosed to apply permissions to applications. A disclosed example method includes navigating to a first network address of a first network entity and downloading an application from the first network entity, disabling all network address communication except for the first network address, sending an authorization request to a second network entity via the first network address, and authorizing the application to execute when an indication of authentication is received from the second network entity via the first network address (Kreiner, Abstract).
7.1. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art discloses many of the claim features (See PTO-form 892).
7.2. Milburn et al., US Patent Application no 20210255890, discloses [0025] In some embodiments, the application memory 120 and the metadata memory 125 may be physically separate, and the host processor 110 may have no access to the metadata memory 125. In this manner, even if an attacker succeeds in injecting malicious code into the application memory 120 and causing the host processor 110 to execute
the malicious code, the metadata memory 125 may not be affected. However, it should be appreciated that aspects of the present disclosure are not limited to storing application data and metadata on physically separate memories. Additionally, or alternatively, metadata may be stored in a same memory as application data, and a memory management component may be used that implements an appropriate protection scheme to prevent instructions executing on the host processor 110 from modifying the metadata. Additionally, or alternatively, metadata may be intermingled with application data in a same memory, and one or more policies may be used to protect the metadata.
Vincent, U.S. Patent 10,817,606 is relied upon for disclosing of a malware detection system that can be situated off-line or out-of-band to detection malware contained in data at rest or to perform deeper forensic analysis of content, col. 16, lines 1-6. The teachings additionally disclose of being directed towards assembly code, col. 17, lines 4-6.
Jain et al, US 2024/0045662 is relied upon for disclosing of an assembly authorized list that indicates functions that are authorized to use assembly code, see paragraph 0063.
Pak et al, US 2003/0033536 is relied upon for disclosing of using C-like language for virus detection requires runtime environment that may be too large for thin clients, this is because the program is written in C. The C code becomes assembly code, which then becomes machine code. A few lines of C code results in many lines of machine code, requiring a substantial amount of processing power and memory, see paragraph 0109.
Gupta et al, U.S. Patent 8,510,596 is relied upon for disclosing of converting machine code of a file being loaded into memory into assembly code, col. 12, lines 30-33. The teachings are directed towards the field of memory corruption attacks triggered by malicious attackers, col. 1, lines 35-37.
Conclusion
8. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached at (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
HARUNUR . RASHID
Primary Examiner
Art Unit 2497
/HARUNUR RASHID/Primary Examiner, Art Unit 2497