DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim status
Claims 1-14 are currently pending for examination.
Claim Objections
Claims 2 and 9 are objected to because of the following informalities: “determine the each of the list…….of the each for the list…” should be “determine that each of the list…….of each for the list…”. Appropriate correction is required.
Claims 4 and 11 are objected to because of the following informalities: “the plurality of other application” should be “the plurality of other applications”. Appropriate correction is required.
Claim 5 is objected to because of the following informalities: “the claim must end with (a period)” and “one or more character(s)” should be “one or more characters”. Appropriate correction is required.
Claims 6 and 13 are objected to because of the following informalities: “the plurality of application” in line 6 should be “the plurality applications”. Appropriate correction is required.
Claim 7 is objected to because of the following informalities: “locationspoofing” in line 5 should be “location-spoofing” and “application name” in line 10 should be “application names”. Appropriate correction is required.
Claim 9 is objected to because of the following informalities: “locationspoofing” in line 10 should be “location-spoofing”. Appropriate correction is required.
Claim 12 is objected to because of the following informalities: “locationspoofing” in line 5 should be “location-spoofing”. Appropriate correction is required.
Claim Rejections - 35 USC § 101
4. 35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.
Claim 1-7 are rejected under 35 U.S.C 101 because the claimed invention is directed to non-statuary subject matter.
Claims 1-7 are drawn to a “computer program", per se, therefore, fail(s) to fall within a statutory category of invention.
A claim directed to a computer program itself is non-statutory because it is not: A process, or A machine, or A manufacture, or A composition of matter.
Claim Rejections - 35 USC § 103
5. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
7. Claims 1-14 are rejected under 35 U.S.C. 103 as being unpatentable over Lie (WO 2021/053647; provided in the IDS) in view of Cannings et al. (Cannings; US 2021/0200872; provided in the IDS).
For claim 1, Lie discloses an apparatus for determining a location-spoofing application [E.g. 0011, 0018], the apparatus comprising:
at least one processor [E.g. 0035-0037]; and
at least one memory including computer program code [E.g. 0035-0037]:
the at least one memory and the computer program code configured to, with at least one processor, cause the apparatus at least to:
generate an application name of an application used for generating a geolocation position signal of a user from a list of application names relating to a plurality of other applications capable of generating a geolocation position signal of a user [E.g. 0017: the collected information includes information indicating pre-installed system packages and user-installed applications, using one or more mobile application programming interfaces. The information can include: vendor name, application name, timestamp of installation, timestamp of recent updates, and user permissions given. According to some embodiments, the collected information includes device-specific information collected using one or more mobile application programming interfaces. The device-specific information can include: CPU information, build Information, network information, battery information, graphics information, device settings, and unique identification strings, 0032: According to some embodiments, following are examples of how data can be collected for the malicious tools usage analysis: (1) collect information about pre-installed system packages and user-installed applications through mobile APIs (such as Android and iOS), including but not limited to vendor names, application names, timestamps of installation, timestamps of recent updates and user permissions given; and (2) collect device-specific information through mobile APIs (such as Android and iOS), including but not limited to CPU information, build information, network information, battery information, graphics information, device settings and unique identification strings. Examples of the types of data collected include: (1) system packages and user applications; (2) device identifiers; (3) network-related and location-related device information; and (4) other device attributes, 0033: According to some embodiments, a database, collection or library of malicious tools and associated device attributes variations 162 is generated. Device information is fed into a machine learning algorithm to perform feature extraction and dimensionality reduction to identify obscure software/hardware traits linked to the usage of different malicious tools. Containerization, virtualization and spoofing approaches are recognized by the intelligence platform through feature selection and classified under specific malicious tools. Established features and the corresponding weights and biases are fed into the global device intelligence library to detect the usage of malicious tools from incoming device fingerprints in real-time. According to some embodiments, library 162 includes a trained model comprised of features (e.g. vectors of coefficients and weightings) and procedures (logic) to identify the usage of malicious tools. According to some embodiments, processing system 164 of protection company 160 uses one or more machine learning model(s), 0036: FIG. 3 is a block diagram illustrating some aspects of generating and updating a library of malicious tools on mobile devices and associated device attributes, according to some embodiments. The blocks shown in FIG. 3 can take place at a remote autonomous risk intelligence platform, such as on the servers of a cyber protection company such as shown in FIG. 1. In block 310, information about pre-installed system packages and user-installed applications are collected through mobile APIs (such as Android and iOS). The collected information can include, but is not limited to: vendor names; application names; timestamps of installation; and timestamps of recent updates and user permissions given. In block 311, device-specific information is collected through mobile APIs (such as Android and iOS). The collected information can include, but is not limited to: CPU information, build Information, network information, battery information, graphics information, device settings and unique identification strings, 0015]; and
determine a prediction on whether the application is a location-spoofing application [E.g. 0033: According to some embodiments, a database, collection or library of malicious tools and associated device attributes variations 162 is generated. Device information is fed into a machine learning algorithm to perform feature extraction and dimensionality reduction to identify obscure software/hardware traits linked to the usage of different malicious tools. Containerization, virtualization and spoofing approaches are recognized by the intelligence platform through feature selection and classified under specific malicious tools. Established features and the corresponding weights and biases are fed into the global device intelligence library to detect the usage of malicious tools from incoming device fingerprints in real-time. According to some embodiments, library 162 includes a trained model comprised of features (e.g. vectors of coefficients and weightings) and procedures (logic) to identify the usage of malicious tools. According to some embodiments, processing system 164 of protection company 160 uses one or more machine learning model(s), 0037: In block 312, device information is fed into the machine learning algorithm to perform feature extraction and dimensionality reduction to identify obscure software/hardware traits linked to the usage of different malicious tools. In block 313, containerization, virtualization and spoofing approaches are recognized by the intelligence platform through feature selection and classified under specific malicious tools. In block 314, established features and the corresponding weights and biases are fed into a global device intelligence library (e.g. library 162 in FIGs.1 and 2) to allow for the detection of the usage of malicious tools from incoming device fingerprints in real-time. According to some embodiments, the flow from blocks 310 and 311 through to block 314 is performed repeatedly (e.g. either continuously, frequently, or regularly) so that the library is kept up-to-date. By ensuring the library is continuously updated, the risk associated output can be performed relatively quickly and in real-time, 0034-0036, 0038].
Lie fails to expressly disclose generate a numeric representation of an application name using a variable derived from a list and that the predication is based on scale of the generated numeric representation of the application name.
However, as shown by Cannings, it was well known in the art of determining spoofing to include generating a numeric representation of an application name using a variable derived from a list and that the predication is based on scale of the generated numeric representation of the application name [E.g. 0034-0041, 0004-0008, claim 1].
It would have been obvious to one of ordinary skill in the art of determining spoofing before the effective filling date of the claimed invention modify Lie with the teaching of Cannings in order to better capture the relationship between application names and known malicious app and thereby enhance the system security, also it is merely combining prior art elements according to known methods to yield predicable results.
For claim 2, Lie discloses wherein the at least one memory and the computer program code is further configured with the at least one processor to: extract the list of application names relating to the plurality of other applications stored in a database [E.g. 0011, 0017, 0020, 0033, 0036-0037]; modify the variable [E.g. 0015, 0017, 0036-0037, 0011].
Lie fails to expressly disclose that the operation happens at every fixed time interval; generate a numeric representation of each of the list of application names relating to the plurality of other applications using the modified variable; and determine the each of the list of application names is a location-spoofing application based on a scale of the numeric representation of the each for the list of application names.
However, as shown by Cannings, it was well known in the art of determining spoofing to include an operation that happens at every fixed time interval; generate a numeric representation of each of the list of application names relating to the plurality of other applications using the modified variable; and determine the each of the list of application names is a location-spoofing application based on a scale of the numeric representation of the each for the list of application names [E.g. 0004-0008, 0030-0031, 0012-0014].
It would have been obvious to one of ordinary skill in the art of determining spoofing before the effective filling date of the claimed invention modify Lie with the teaching of Cannings in order to better capture the relationship between application names and known malicious app and thereby enhance the system security, also it is merely combining prior art elements according to known methods to yield predictable results.
For claim 3, Lie in view of Cannings further teaches wherein the at least one memory and the computer program code is further configured with the at least one processor to: generate a numeric representation of a character of the application name of the application using the variable derived from the list of application names relating to the plurality of other applications, wherein the numeric representation of the application name is generated based on the numeric representation of the character of the application name [E.g. Cannings; 0030-0037].
For claim 4, Lie in view of Cannings further teaches wherein the at least one memory and the computer program code is further configured with the at least one processor to: generate a numeric representation of a character combination of the character and one or more characters of the application name prior to and/or following the character using the variable derived from the list of application names relating to the plurality of other application; and wherein the numeric representation of the application name is generated further based on the numeric representation of the character combination [E.g. Cannings; 0030-0037].
For claim 5, Lie in view of Cannings further teaches wherein, when processing one or more characters, the at least one memory and the computer program code is configured with the at least one processor to: identify a pre-set numeric representation of the one or more characters; and apply the variable derived from the list of application names relating to the plurality of other applications to the pre-set numeric representation of the one or more characters to generate a numeric representation of the one or more character(s) [E.g. Cannings; 0030-0041].
For claim 6, Lie discloses the at least one memory and the computer program code is configured with the at least one processor to: receive a plurality of application names corresponding to a plurality of applications used by one or more users within a time period for generating a geolocation position signal, wherein the plurality of application comprises the application and the plurality of other applications [E.g. 0015, 0017, 0031-0032, 0036].
For claim 7, Lie discloses wherein at least one memory and the computer program code is configured with the at least one processor to: compare each of the plurality of received application names against a list of application names stored in a database, wherein the list of application names corresponds to a list of location-spoofing applications, and each of the list of location-spoofing applications is either disallowed from being used for generating a geolocation position signal of a user or allowed from being used for generating a geolocation position signal of a user with a number of users less than a preconfigured number of users [E.g. 0011, 0033-0035, 0038]; determine if one of the plurality of received application names matches one of the list of application name corresponding to the list of location-spoofing applications [E.g. 0008, 0016, 0037-0038]; and generate the list of application names relating to the plurality of other applications to comprise the one of the plurality of received application names in response to the determination [E.g. 0008, 0016, 0033-0038].
For claim 8, is interpreted and rejected as discussed with respect to claim 1.
For claim 9, is interpreted and rejected as discussed with respect to claim 2.
For claim 10, is interpreted and rejected as discussed with respect to claim 3.
For claim 11, is interpreted and rejected as discussed with respect to claim 4.
For claim 12, is interpreted and rejected as discussed with respect to claim 5.
For claim 13, is interpreted and rejected as discussed with respect to claim 6.
For claim 14, is interpreted and rejected as discussed with respect to claim 7.
Conclusion
8. The prior art made of record and not relied upon is considered pertinent to Applicant's disclosure: see PTO-892 Notice of Reference Cited.
9. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMED BARAKAT whose telephone number is (571)270-3696. The examiner can normally be reached on 9:00am-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Davetta Goins can be reached on (571) 272-2957. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMED BARAKAT/
Primary Examiner, Art Unit 2689