DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-26 are pending.
Specification
The title of the invention is not descriptive. A new title is required that is clearly indicative of the invention to which the claims are directed.
Claim Rejections - 35 USC § 101
Claims 1-6, 8-16, and 18-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claims recite a monitoring device which is defined as being software in the specification. The monitoring device is disclosed in the specification to run on a “secure app, a virtualization software platform, and one or more virtual machines” (page 9, lines 10-11, Applicant’s original specification of 11/27/2023, see also Claim 3 of the instant application). Apps, virtualization software, and virtual machines are software and not hardware.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 2, 6, 8-10, 13-15, 22, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Unagami et al. (US 2011/0239297) in view of Krishnamurthy et al. (US 2018/0295036).
With respect to claim 1, Unagami discloses: A monitoring device comprising: three or more monitors that each monitor at least one of software or a communication log as a monitoring target ([0305], there are three update modules monitoring each other. The modules themselves are software, see e.g. Fig. 5 where the modules are loaded from the EEPROM to the RAM of the NIC),
wherein the three or more monitors include a first monitor, a second monitor, and a third monitor (Fig. 30, 131, 132, 134 correspond to first, second, and third monitors, for example),
the first monitor operates with a first execution privilege ([0431] and Fig. 30,131 monitors 132 and 134, 131’s execution privilege is interpreted to extend to monitoring modules 132 and 134),
the second monitor operates with a second execution privilege ([0431], Fig. 30, 132’s execution privilege is interpreted by the examiner to extend to monitoring 135 and 133),
the third monitor operates with a third execution privilege ([0431] and Fig. 30, Fig. 30, 134’s execution privilege is interpreted by the examiner to extend to monitoring 136),
the first monitor monitors software of the second monitor, and at least one of the first monitor or the second monitor monitors software of the third monitor (Fig. 30, the direction of the arrows indicates which module monitors and which modules is/are monitored).
Unagami does not specifically disclose: a second monitor that has a lower reliability level than that of the first execution privilege and a third monitor that has a same reliability level as that of the second execution privilege or has a lower reliability level than that of the second execution privilege.
However, Krinshanmurthi discloses: a second monitor that has a lower reliability level than that of the first execution privilege and a third monitor that has a same reliability level as that of the second execution privilege or has a lower reliability level than that of the second execution privilege ([0127]- [0129], Virtual Machines thread levels can be low, medium, or high. In this regard, the medium threat level virtual machine has a lower reliability than a virtual machine with a low threat level).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to incorporate the teachings of Krisnhamurti to detect malicious behavior before it causes significant damage by engaging in rapid containment and remediation actions.
With respect to claim 2, Unagami discloses: wherein the three or more monitors include four or more monitors, the four or more monitors include the first monitor, the second monitor, the third monitor, and a fourth monitor that operates with a fourth execution privilege (Fig. 30 more than 4 modules are illustrated, 137 is interpreted to corresponds to Applicant’s fourth monitor) and at least one of the first monitor, the second monitor, or the third monitor monitors software of the fourth monitor (([0431] and Fig. 30, 136’s execution privilege is interpreted by the examiner to extend to monitoring 137 ). Krishnamurti discloses: that has a same reliability level as that of the third execution privilege or has a lower reliability level than that of the third execution privilege ([0127]- [0129]),
With respect to claim 6, Unagami discloses: wherein each of the three or more monitors starts monitoring the monitoring target in accordance with a timing of an occurrence of an event including at least one of a predetermined time elapsing ([0152]), a predetermined time elapsing for an external network connection, a system startup, a system restart, an external network connection being established, or an external device connection.
With respect to claim 8, Unagami discloses: wherein each of the three or more monitors starts monitoring the monitoring target in accordance with a timing of reaching at least one of a total number of executions of monitoring processing by another monitor, a total number of times an anomaly is determined to have occurred in monitoring processing, or a total number of times a determination of normal has been made in monitoring processing ([0330]).
With respect to claim 9, Unagami discloses: wherein when the monitoring target is the software, each of the three or more monitors: obtains, as an obtained value, at least one piece of information among a hash value, a mask value, or a replication value of the software that is the monitoring target, the information being stored in a memory or storage; compares the obtained value with an expected value that is a correct value defined in advance; determines that the software is normal when the expected value and the obtained value match; and determines that the software is anomalous when the expected value and the obtained value do not match ([0255]-[0257]).
With respect to claim 10, Unagami discloses: wherein the software includes at least one combination among a combination of a program and a configuration file of the virtualization software platform ([0217]), a combination of a kernel program and a configuration file of each of the virtual machines, a combination of a program and a configuration file of a user app running on each of the virtual machines, or a combination of a program and a configuration file of each of the three or more monitors.
With respect to claim 13, Unagami discloses: wherein each of the three or more monitors changes at least one of a monitoring frequency of the monitoring target, a verification method of the monitoring target, or a selection method of the monitoring target in accordance with a priority set for each of monitoring targets that are each the monitoring target ([0330]).
With respect to claim 14, it is not given patentable weight as the limitation depends on a limitation of claim 13 that is recited in the alternative/optional format and that was not considered for prior art examination purposes.
With respect to claim 15, Unagami discloses: a manager that changes at least one of a priority included in monitoring information, or a monitoring configuration that is a combination of a monitoring entity included in the monitoring target and the monitoring target, in accordance with a state of a system in which the monitoring device operates or in accordance with an event ([0222]- [0224]).
With respect to claim 22, Unagami discloses: a monitoring server communicator that notifies the monitoring server of a monitoring result (S2001-S2003).
With respect to claim 26, it recites similar limitations as claim 1 and is therefore rejected under the same citations and rationale.
Allowable Subject Matter
Claims 23-25 are allowed.
The following is an examiner’s statement of reasons for allowance: Claim 23 recites similar limitations as claim 1. However, the “monitoring server includes a result display that receives the monitoring result and displays the monitoring result in a graphical user interface” is not taught in Unagami. Unagami discloses reporting the result through a notification to a determination unit (Fig. 14). It does not disclose displaying the result in a graphical user interface. While results in a graphical user interface exists in the prior art, it is not combinable with a Unagami without engaging in hindsight reasoning. Further, the monitoring results are from monitoring modules that themselves are monitoring other modules. It is not a mere result that is being displayed in a vacuum.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Claims 3-5, 7, 11, 12, and 16-21 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. McKeen et al. (US 2019/0251257): A ring system (a hierarchical protection domains referred to as protection rings (e.g., rings 0-3)) may protect memory regions reserved for applications running at a higher privilege level against unauthorized accesses by application running at a lower (or equal) privilege level, the ring system does not protect data used by an application of lower privilege level against accessing by an application running at higher privilege levels. In certain situations, the application running at a higher privilege level (e.g., the operating system or the virtual machine monitor (VMM)) may have been compromised by malicious attacks. The compromised applications may make furthers attacks on data used by an application running at a lower privilege level. In some implementations, a programmer may provide an application executed by a processor at a lower privilege level (e.g., ring 3) with an architecturally protected memory region to store code and data that is private to the application and cannot be accessed by a higher privilege level application (e.g., an application with a ring 0-2 privilege). Thus, a processor may execute at least a portion (or whole) of the less privileged application in the architecturally protected execution environment, protected against malicious originated from a higher privileged domain (e.g., the operating system).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WISSAM RASHID whose telephone number is (571)270-3758. The examiner can normally be reached Monday-Friday 8:00 am-5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Aimee Li can be reached at (571)272-4169. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/WISSAM RASHID/ Primary Examiner, Art Unit 2195
Prosecution Insights