CONTROL FLOW INTEGRITY MONITORING FOR APPLICATIONS RUNNING ON PLATFORMS

DETAILED ACTION Claims 1-20 are pending in the current application. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant’s arguments, see Remarks, filed 9/29/25, with respect to the rejection of claim 1 under 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Copty et al. (Pub. No. US 2018/0232523 A1) [0059] lines 1-17 and [0086] lines 1-12 which shows the ability to determine a coverage metric associated with a model, including control flow graph representation of execution coverage, where the determined coverage metric can be a plurality of things including percentage of the instruction of the program invoked during execution, viewed as all/total number of path that can be made in light of path coverage of the control flow graph/the coverage of all the execution paths of the CFG, viewed as the determined/observed number of processes/paths represented in the generated control flow graph in light of the all the instruction/paths executed by the program/application as a percentage, and viewed as a type of confidence score/coverage goal value associated with the control flow graph. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 3, 8-9, 11, 15-16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Zawadowskiy et al. (Pub. No. US 2020/0004954 A1), in view of Copty et al. (Pub. No. US 2018/0232523 A1) and further in view of Katkoori et al. (Pub. No. US 2023/0020547 A1). As to claim 1, Zawadowskiy discloses a method for monitoring a computing system, comprising: determining an observation phase for observing execution of processes on the computing system, wherein the processes executed during the observation phase include valid transfers that are allowed to be executed (Zawadowskiy [0036] lines 1-13, [0037] lines 1-9, [0058] lines 2-5, [0059] lines 1-13, [0068] lines 1-7 and [0070] lines 1-10; which shows that during a learning phase/viewed as the observation phase, where during the learning phase the program is executed and all possible transitions are learned/observed from the executing program/process viewed as including valid/secure transfers, viewed as ones that are allowed to be executed); determining telemetry, during the observation phase, representing execution of the processes (Zawadowskiy [0070] lines 1-8; which shows as part of the generation/building of the finite state machine, viewed as a type of control flow graph, for the application being able to use and thus have determine associated enhanced security telemetry data and as done as part of the generation/building/learning phase viewed as being done in the observation phase); generating a control flow directed graph representing execution sequences of an application based on the telemetry (Zawadowskiy [0070] lines 1-10; which shows the specifics of a finite state machine for an executing program to be generated/built, viewed as generating/build the control flow graph, that represent execution sequence of an application program and is built/generated based on telemetry data to learn/cover all possible transitions/paths of the program/application viewed as the goal for completely generated graph/model); monitoring, using the control flow directed graph, transfers of instruction pointers at the computing system (Zawadowskiy [0036] lines 1-6, [0037] lines 1-9, [0064] lines 1-4 and [0070] lines 1-17; which shows being able to monitor the instruction points of the executing application with its ability to monitor for specific instruction pointer with the control flow graph/finite state machine to identify if they are invalid); and determining an invalid transfer based at least in part on the control flow directed graph (Zawadowskiy [0025] lines 1-15, [0036] lines 1-6, [0037] lines 1-9, [0064] lines 1-4 and [0070] lines 1-17; which shows that after the generation of the control flow graph/finite state machine where the program is executed a monitored later it is evaluated against the learned control flow graph/finite state machine information to determine an invalid instruction pointer, viewed as an invalid transfer); performing a remediation action associated with the invalid transfer (Zawadowskiy [0025] lines 9-15, [0046] lines 1-23 and [0064] lines 4-15; which shows based on a determination/detection of an invalid/mismatch transfer and performing actions responses such as stop, raise interrupts, raise alarms/alerts/indications of the issue viewed as a type of performing a remediation actions associated with the detected invalid/not consistent information) Zawadowskiy does not specifically disclose determining an observed number of the processes observed in the observation phase and represented in the control flow graph; determining a confidence score associated with the control flow directed graph by comparing the observed number of the processes that were observed in the observation phase as compared to a total number of total processes associated with the application. However, Copty discloses determining an observed number of the processes observed in the observation phase and represented in the control flow graph; determining a confidence score associated with the control flow directed graph by comparing the observed number of the processes that were observed in the observation phase as compared to a total number of total processes associated with the application (Copty [0059] lines 1-17 and [0086] lines 1-12; which shows being able to determine a coverage metric associated with a model, including control flow graph representation of execution, where the determined coverage metric can be a plurality of things including percentage of the instruction of the program invoked during execution, viewed as all/total number of path that can be made in light of path coverage of the control flow graph/ the coverage of all the execution paths according to the CFG, viewed as the determined/observed number of processes represented in the generated control flow graph in light of the all the instruction executed by the program/application as a percentage, and viewed as a type of confidence score/coverage goal value associated with the control flow graph, where the teachings of Zawadowskiy above discloses the specifics of the goal for coverage of the graph/model being one that all paths/transitions are learned/covered by the model viewed as the goal). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Copty showing the specifics of determine a coverage based on control flow graph and total application information, into the software analysis of Zawadowskiy for the purpose of improving generated control flow graph coverage model so that further/additional paths are determined and covered and included in the control flow graph and increase its coverage and thus increase the overall accuracy of the generated control flow graph, as taught by Copty [0059] lines1-4 and [0087] lines 1-5 Zawadowskiy as modified by Copty do not specifically disclose determining to transition from the observation phase into a monitoring phase based at least in part on the control flow directed graph and the confidence score. However, Katkoori disclose determining to transition from the observation phase into a monitoring phase based at least in part on the control flow directed graph and the confidence score (Katkoori [0003] lines 1-16 and [0049] lines 1-7; which shows that after an analysis/observation phase is performed that is used to build an approximate control flow graph it transitions into an enforcement/monitoring phase of the control flow graph, where in light of the teachings of Copty and Zawadoskiy above showing the generation and determination and improvement of coverage associated with a control flow graph associated with a coverage goal/completeness/finished can together be viewed as showing determining to transition from the observation phase into a monitoring phase based at least in part on the control flow directed graph and the confidence score) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Katkoori showing the specifics of after the generation of a control flow graph applying and enforcing the generated control flow graph into the control flow graph generation of Zawadowskiy as modified by Copty for the purpose of improving security by leveraging the generated control flow graph against control flow attacks, as taught by Katkoori [0003] lines 1-16. As to claim 2, Zawadowskiy does not specifically disclose, however, Copty disclose wherein determining the confidence score comprises determining a proportion of the processes represented in the control flow directed graph and wherein determining the monitoring phase is in response to the confidence score being able a threshold (Copty [0059] lines 1-17 and [0086] lines 1-12; which shows being able to determine a coverage metric/confidence score associated with a model, including control flow graph representation of execution, where the determined coverage metric can be a plurality of things including percentage/proportion of the instruction of the program invoked during execution, viewed as all/total number of path that can be made in light of path coverage of the control flow graph/ the coverage of all the execution paths according to the CFG, viewed as the determined/observed proportion/percentage of processes of the application represented/included in the CFG where the coverage metrics can also include a coverage goal/target/threshold type value, that in light of the teachings of Katkoori above showing the specifics of the transition from an observation/monitoring phase to an enforcement/active monitoring phase once the associated CFG is built generated and where the teachings of Zawadowskiy above showing the graph/model is generated to cover all possible transition/execution paths of the software and thus together can show determining the confidence score comprises determining a proportion of the processes represented in the control flow directed graph and wherein determining the monitoring phase is in response to the confidence score being able a threshold) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Copty showing the specifics of determine a coverage based on control flow graph and total application information, into the software analysis of Zawadowskiy for the purpose of improving generated control flow graph coverage model so that further/additional paths are determined and covered and included in the control flow graph and increase its coverage and thus increase the overall accuracy of the generated control flow graph, as taught by Copty [0059] lines1-4 and [0087] lines 1-5 As to claim 3, Zawadowskiy discloses wherein generating the control flow directed graph is based on observed transfers during the observation phase, wherein the observed transfers during the observation phase are considered valid transfers (Zawadowskiy [0070] lines 1-10; which shows that during a learning phase/observation phase all a program is executed and all possible transitions/transfers learned/observed to create/generate the control flow graph/finite state machine where these are the transactions used later for comparison and thus viewed as the valid transfers/transitions). As to claim 8, Zawadowskiy discloses a system comprising: one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising (Zawadowskiy [0058] lines 2-5 and [0059] lines 1-13). The remaining limitations of claim 8 are comparable to claim 1 above and rejected under the same reasoning. As to claim 9 it is comparable to claim 2 above and rejected under the same reasoning. As to claim 11, it is comparable to claim 3 above and rejected under the same reasoning. As to claim 15, Zawadowskiy discloses one or more non-transitory computer-readable media storing computer- readable instructions that, when executed by one or more processors, cause the one or more processors to: determine an observation phase for observing execution of processes by the one or more processors, wherein the processes executed during the observation phase include valid transfers that are allowed to be executed (Zawadowskiy [0036] lines 1-13, [0037] lines 1-9, [0058] lines 2-5, [0059] lines 1-13, [0068] lines 1-7 and [0070] lines 1-10; which shows that during a learning phase/viewed as the observation phase, where during the learning phase the program is executed and all possible transitions are learned/observed from the executing program/process viewed as including valid/secure transfers, viewed as ones that are allowed to be executed); determine telemetry, during the observation phase, representing execution of the processes (Zawadowskiy [0070] lines 1-8; which shows as part of the generation/building of the finite state machine, viewed as a type of control flow graph, for the application being able to use and thus have determine associated enhanced security telemetry data and as done as part of the generation/building/learning phase viewed as being done in the observation phase); generate a control flow directed graph representing execution sequences of an application based on the telemetry (Zawadowskiy [0070] lines 1-8; which shows the specifics of a finite state machine for an executing program to be generated/built, viewed as generating/build the control flow graph, that represent execution sequence of an application program and is built/generated based on telemetry data where the model/graph is able represent all paths/transitions of the program/application when complete viewed as complete coverage goal); convey the control flow directed graph to a computing device for monitoring execution of processes by the computing device based at least in part on the control flow directed graph (Zawadowskiy [0025] lines 1-15, [0036] lines 1-6, [0037] lines 1-9, [0042] lines 1-18, [0064] lines 1-4 and [0070] lines 1-17; which shows being using, and thus viewed as having been conveyed, the generated control flow graph to monitor the instruction points of the executing application with its ability to monitor for specific instruction pointer with the control flow graph/finite state machine to identify if they are invalid). Zawadowskiy does not specifically disclose determine an observed number of the processes observed in the observation phase and represented in the control flow graph; determine a score associated with the control flow directed graph by comparing the observed number of the processes that were observed in the observation phase as compared to a total number of total processes associated with the application. However, Copty discloses determine an observed number of the processes observed in the observation phase and represented in the control flow graph; determine a score associated with the control flow directed graph by comparing the observed number of the processes that were observed in the observation phase as compared to a total number of total processes associated with the application (Copty [0059] lines 1-17 and [0086] lines 1-12; which shows being able to determine a coverage metric associated with a model, including control flow graph representation of execution, where the determined coverage metric can be a plurality of things including percentage of the instruction of the program invoked during execution, viewed as all/total number of path that can be made in light of path coverage of the control flow graph/ the coverage of all the execution paths according to the CFG, viewed as the determined/observed number of processes represented in the generated control flow graph in light of the all the instruction executed by the program/application as a percentage, and viewed as a type of confidence score/coverage goal value associated with the control flow graph, where the teachings of Zawadowskiy above shows the specifics of the coverage goal for the generated model/graph being complete cover all execution and transitions learned and incorporated of the program). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Copty showing the specifics of determine a coverage based on control flow graph and total application information, into the software analysis of Zawadowskiy for the purpose of improving generated control flow graph coverage model so that further/additional paths are determined and covered and included in the control flow graph and increase its coverage and thus increase the overall accuracy of the generated control flow graph, as taught by Copty [0059] lines1-4 and [0087] lines 1-5 Zawadowskiy as modified by Copty do not specifically disclose that the convey the control flow graph to a computer device for monitoring is based at least in part on the control flow graph and in response to the score being above a threshold. However, Katkoori disclose the specifics of the convey the control flow graph to a computer device for monitoring is based at least in part on the control flow graph and in response to the score being above a threshold (Katkoori [0003] lines 1-16, [0004] lines 1-4 and [0049] lines 1-7; which shows that after an analysis phase is performed that is used to build an approximate control flow graph it transitions/conveys into an enforcement/monitoring phase on a system/platform for the execution of software, viewed as a computer device, of the control flow graph after a trusted control flow graph is built/generated, where in light of the teachings of Copty above showing the generation and determination and improvement of coverage/trust score/value associated with a control flow graph associated with a coverage goal/completeness/finished and the teachings of Zawadowskiy showing the generation of the graph/model that covers all possible transitions/executions of the program thus determined/generating thus with determine complete coverage threshold value and thus together can be viewed as showing the specifics of the convey the control flow graph to a computer device for monitoring is based at least in part on the control flow graph and in response to the score being above a threshold) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Katkoori showing the specifics of after the generation of a control flow graph applying and enforcing the generated control flow graph into the control flow graph generation of Zawadowskiy as modified by Copty for the purpose of improving security by leveraging the generated control flow graph against control flow attacks, as taught by Katkoori [0003] lines 1-16. As to claim 16, Zawadowskiy does not specifically disclose, however, Copty discloses wherein the instructions to generate the control flow directed graph comprise further instructions to determine completion of the observation phase based at least in part on the control flow directed graph representing at least a threshold portion of application processes (Copty [0059] lines 1-17 and [0086] lines 1-12; which shows being able to determine a coverage metric/confidence score associated with a model, including control flow graph representation of execution, where the determined coverage metric can be a plurality of things including percentage/proportion of the instruction of the program invoked during execution, viewed as all/total number of path that can be made in light of path coverage of the control flow graph/ the coverage of all the execution paths according to the CFG, viewed as the determined/observed proportion/percentage of processes of the application represented/included in the CFG where the coverage metrics can also include a coverage goal/target/threshold type value, that in light of the teachings of where the teachings of Zawadowskiy above showing the graph/model is generated to cover all possible transition/execution paths of the software, viewed as the set goal/threshold and thus together can show wherein the instructions to generate the control flow directed graph comprise further instructions to determine completion of the observation phase based at least in part on the control flow directed graph representing at least a threshold portion of application processes). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Copty showing the specifics of determine a coverage based on control flow graph and total application information, into the software analysis of Zawadowskiy for the purpose of improving generated control flow graph coverage model so that further/additional paths are determined and covered and included in the control flow graph and increase its coverage and thus increase the overall accuracy of the generated control flow graph, as taught by Copty [0059] lines1-4 and [0087] lines 1-5 As to claim 19 it is comparable to claim 2 above and rejected under the same reasoning. Claims 4, 10 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Zawadowskiy, Copty and Katkoori as applied to claims 1, 8 and 15 above, and further in view of Sasikumar et al. (Patent No. US 8,407,322 B1). As to claims 4, 10 and 18, Zawadowskiy as modified by Copty and Katkoori do not specifically disclose wherein determining the telemetry, during the observation phase, comprises: dividing underlying code associated with the processes into a plurality of workloads; assigning the plurality of workloads to two or more computing devices associated with the computing system for observation; and aggregating observation data from the two or more computing devices, the observation data representing the telemetry. However, Sasikumar discloses wherein determining the telemetry, during the observation phase, comprises: dividing underlying code associated with the processes into a plurality of workloads; assigning the plurality of workloads to two or more computing devices associated with the computing system for observation; and aggregating observation data from the two or more computing devices, the observation data representing the telemetry (Sasikumar Col. 9 lines 40-45 and Col. 12 lines 10-36; which shows the ability for software code being able to identify and divide the code into specific code blocks, for different workload/logical operations performed where the different code block are assigned to different to different computer devices for performing and processing their assigned information and the ability to share and aggregate their individual determined information together, which in light of the teachings of Zawadowskiy above for the observation/analysis phase of execution code to determine/identify associated telemetry data and thus together show during the observation phase, comprises: dividing underlying code associated with the processes into a plurality of workloads; assigning the plurality of workloads to two or more computing devices associated with the computing system for observation; and aggregating observation data from the two or more computing devices, the observation data representing the telemetry). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Sasikumar showing the specific of dividing code into separate code blocks for analysis into the software analysis of Zawadowskiy as modified by Copty and Katkoori for the purpose of increasing the adaptability of the system by being able facilitate the determination and execution of divided code blocks on a plurality of different computing devices, as taught by Sasikumar Col. 1 lines 36-44 and Col. 9 lines 40-45. Claims 5, 12 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Zawadowskiy, Copty and Katkoori as applied to claims 1, 8 and 15 above, and further in view of Magi et al. (Patent No. US 11, 809,535 B2). As to claims 5, 12 and 17, Zawadowskiy as modified by Copty and Katkoori does not specifically disclose wherein determining the confidence score comprises: determining a first threshold for the confidence score, wherein the first threshold is used for determining the monitoring phase; and determining a second threshold for the confidence score, the second threshold lower than the first threshold, wherein the second threshold is based at least in part on receiving one or more policy allowance conditions associated with determining the monitoring phase. However, Magi discloses wherein determining the confidence score comprises: determining a first threshold for the confidence score, wherein the first threshold is used for determining the monitoring phase; and determining a second threshold for the confidence score, the second threshold lower than the first threshold, wherein the second threshold is based at least in part on receiving one or more policy allowance conditions associated with determining the monitoring phase (Magi Col. 12 lines 54- Col. 13 line 14 and Col. 14 lines 48- 67 and claim 1; which shows being able to have multiple levels set for a threshold that can be used to trigger specific action performance where the different levels for threshold use can be based on further received conditions, seen specifically as other measured values of confidence that can be used together with the first measured confidence score value to trigger the same specific action, where the threshold confidence levels can be different and thus viewed as being lower, and together with the specific teachings of Katkoori and Copty above showing the specific of how coverage metric/confidence score and associated goal can be used to show the trigger switch between an observation/analysis phase and a monitoring/enforcement phase that together are viewed as showing wherein determining the confidence score comprises: determining a first threshold for the confidence score, wherein the first threshold is used for determining the monitoring phase; and determining a second threshold for the confidence score, the second threshold lower than the first threshold, wherein the second threshold is based at least in part on receiving one or more policy allowance conditions associated with determining the monitoring phase). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Magi showing the specific of using a plurality of thresholds for analysis of information given different criteria provided into the software analysis of Zawadowskiy as modified by Copty and Katkoori for the purpose of increasing the adaptability of the system by being having adjustable threshold condition based on additional factors used to make decisions, as taught by Magi Col. 4 lines 11-21. Claims 6 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Zawadowskiy, Copty and Katkoori as applied to claim 1 above, and further in view of Neill (Patent No. US 11,018,959 B1). As to claim 6, Zawadowskiy as modified by Copty and Katkoori do not specifically disclose wherein the telemetry comprises central processing unit (CPU) telemetry, and wherein generating the control flow directed graph comprises normalizing the CPU telemetry into a control flow directed graph representation. However, Neill discloses wherein the telemetry comprises central processing unit (CPU) telemetry, and wherein generating the control flow directed graph comprises normalizing the CPU telemetry into a control flow directed graph representation (Neill Col. 2 lines 48-54 and Col. 9 lines 44-60; which shows being able to collect/monitor telemetry data from a plurality of different sources that can include processor/cpu sources and thus CPU telemetry and being to normalize that collected telemetry data for later, which in light of the teachings of Zawadowskiy above showing the specifics of using the telemetry data to build the finite state machine/control flow graph can together be viewed as wherein the telemetry comprises central processing unit (CPU) telemetry, and wherein generating the control flow directed graph comprises normalizing the CPU telemetry into a control flow directed graph representation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Neill showing normalizing collected telemetry data into the software analysis with telemetry data of Zawadowskiy as modified by Copty and Katkoori for the purpose of improving data consistency by normalizing the used data, at taught by Neill Col. 7 lines 2-7 and Col. 9 lines 44-60. As to claim 7, Zawadowskiy discloses wherein the monitoring phase is performed using a hardware device of the computing system and wherein determining the invalid transfer is based at least in part on identifying an instruction sequence in the CPU telemetry that is not present in the control flow directed graph (Zawadowskiy [0025] lines 1-15, [0036] lines 1-6, [0037] lines 1-9, [0064] lines 1-4 and [0070] lines 1-17; which show being able to use the determine telemetry data tied to the cpu still in the monitoring phase to determine/identify when there is different/unexpected telemetry data viewed as invalid and as the telemetry data can be tied to specific instruction pointers viewed as being able to identify an invalid instruction sequence that does not match the finite state machine/control flow graph information). Claims 13-14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zawadowskiy, Copty and Katkoori as applied to claims 8 and 15 above, and further in view of Pulla et al. (Patent No. US 8,682,985 B2). As to claim 13, Zawadowskiy as modified by Copty and Katkoori do not specifically disclose wherein the one or more processors comprise one or more processors across organizational boundaries. However, Pulla discloses wherein the one or more processors comprise one or more processors across organizational boundaries (Pulla Col. 3 lines 11-17 and line 57-Col. 4 line 3, Col. 9 lines 40-48 and Col. 12 lines 23-34; which shows an environment for cross boundary tracking of information, where computer devices including processors can be on both sides of an organizational boundary). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Pulla showing normalizing collected telemetry data into the software analysis with telemetry data of Zawadowskiy as modified by Copty and Katkoori for the purpose of increase effective use of tracking and monitoring system by being able to track and monitor data from a plurality of organizations, as taught by Pulla Col. 1 lines 21-27 and Col. 3 lines 11-17. As to claim 14, Zawadowskiy as modified by Copty and Katkoori do not specifically disclose, however, Pulla discloses wherein determining the telemetry comprises aggregating observation data from the one or more processors, the observation data representing the telemetry (Pulla Col. 3 lines 11-17 and line 57-Col. 4 line 3, Col. 9 lines 40-48 and Col. 12 lines 23-34; which shows an environment for cross boundary tracking of information, where the collected/determined/tracked data is aggregated together, that in light of the teachings of Zawadowskiy above is viewed as including tracked/observation data representing the telemetry). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Pulla showing normalizing collected telemetry data into the software analysis with telemetry data of Zawadowskiy as modified by Copty and Katkoori for the purpose of increase effective use of tracking and monitoring system by being able to track and monitor data from a plurality of organizations, as taught by Pulla Col. 1 lines 21-27 and Col. 3 lines 11-17. As to claim 20, Zawadowskiy as modified by Copty and Katkoori do not specifically disclose, however, Pulla discloses wherein: the one or more processors comprise one or more processors across organizational boundaries; and determining the telemetry comprises aggregating observation data from the one or more processors, the observation data representing the telemetry (Pulla Col. 3 lines 11-17 and line 57-Col. 4 line 3, Col. 9 lines 40-48 and Col. 12 lines 23-34; which shows an environment for cross boundary tracking of information, where computer devices including processors can be on both sides of an organizational boundary and for the cross boundary environment being able to track information, where the collected/determined/tracked data is aggregated together, that in light of the teachings of Zawadowskiy above is viewed as including tracked/observation data representing the telemetry). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Pulla showing normalizing collected telemetry data into the software analysis with telemetry data of Zawadowskiy as modified by Copty and Katkoori for the purpose of increase effective use of tracking and monitoring system by being able to track and monitor data from a plurality of organizations, as taught by Pulla Col. 1 lines 21-27 and Col. 3 lines 11-17. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADFORD F WHEATON whose telephone number is (571)270-1779. The examiner can normally be reached Monday-Friday 8:00-5:00 EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached at 571-272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /BRADFORD F WHEATON/Examiner, Art Unit 2193