System and Method for Providing Emergency Operations

§102 §103 §DP

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This office action is in response to the communication filed on 02/24/2026. Claims 1-19 are pending. Claims 2, 3, 10-14, 19 are withdrawn. Claims 1, 4-9, 15-18 are examined. Response to Arguments For independent claims 1, 7, 16, applicant argues that Jayanthi does not teach “the initiation signal received directly from a user input.” The examiner respectfully disagrees and submits that Jayanthi teaches this limitation ([0025], in response to a malware attach, an attack signal may be communicated by a network administrator or other authorized user (referred to as a `big red button`) to initiate the transition. The attack signal can be any electronic communication configured to initiate a transition from the antivirus mode to the whitelist mode in hosts on the network.) For claims 4, 5, 8, 17, applicant argues that the switch of Pinto does not signal that the user is worried about an intrusion. The examiner respectfully disagrees. Pinto was cited to teach an initiation signal to activate a secure mode comprises invoking a program from a home screen or a task bar, while Jayanthi already teaches the initiation signal is based on the user worried about an intrusion (Jayanthi, [0025]). Pinto also teaches that the activating of the secure mode can be after the system has been infected ([0017]). For claims 6, 9, 15, 18, applicant argues about the meaning of “a secure whitelist” being a more secure and more restricted whitelist. However, a more secure and more restricted whitelist is not recited in the claims. Therefore, given broadest reasonable interpretation, a secure whitelist can be read as an encrypted whitelist (Kelly, fig. 6,). Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 1, 4-9, 15-18 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1, 4-6, 8-10, 16-19 of copending Application No. 18/437,381 (reference application). Although the conflicting claims are not identical, they are not patentably distinct from each other because: For claims 1, 4-6, claims 1, 4-6 of the reference application disclose all limitations except “a restricted whitelist” instead of “a secure whitelist”. However, “a secure whitelist” is broad and does not entail processes that make the whitelist secure. A restricted whitelist can be read a secure whitelist since restricting some items in the whitelist can be read as securing the whitelist. For claims 7-9, 15-18, claims 8-10, 16-19 of the reference application disclose all limitations (“A restricted whitelist” in the reference application can be read “a secure whitelist” in the claims since restricting some items in the whitelist can be read as securing the whitelist.) This is a provisional obviousness-type double patenting rejection because the conflicting claims have not in fact been patented. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claim(s) 1, 7, 8, 16, 17 is/are rejected under AIA 35 U.S.C. 102(a)(1) as being anticipated by Jayanthi et al. (US 2013/097708, “Jayanthi”). As to claim 1, Jayanthi discloses a system for initiating actions when potential of intrusion by malware of a computer is realized, the computer having a processor (fig. 1), the system comprising: computer instructions running on the processor receive an initiation signal indicating that the intrusion by the malware has been realized, the initiation signal received directly from a user input ([0025], an attack signal may be communicated by a network administrator or other authorized user (referred to as a `big red button`) to initiate the transition. The attack signal can be any electronic communication configured to initiate a transition from the antivirus mode to the whitelist mode in hosts on the network); and responsive to the initiation signal, the computer instructions execute one or more security actions selected from a group consisting of: changing a whitelist to a secure whitelist, terminating all programs that are running on the processor and are not in the whitelist, setting of a firewall to restrict communications, capturing logfile information and transmitting the logfile information to a security server, setting the firewall to restrict communications access of the computer to only certain IP addresses, and blocking operations of a second subset of programs ([0016], If a network is under attack (e.g., infected with malware that has not been blocked) or if a network is suspected of being under attack, the system can transition the network, or a designated segment thereof, from the normal mode (e.g., running an antivirus engine) to a whitelist mode that only allows processes in the whitelist to operate and terminates the rest, and/or at least logs processes whose process memory has been modified in [0053]). As to claim 7, Jayanthi discloses a device having a processor, a tangible memory, a display, a human input device, and security software running on the processor, the security software running on the processor from the tangible memory (fig. 1, [0016], antivirus engine) comprising: computer instructions running on the processor that wait for an initiation signal indicative of a suspected malware activity, the initiation signal received directly from a user input ([0025], an attack signal may be communicated by a network administrator or other authorized user (referred to as a `big red button`) to initiate the transition. The attack signal can be any electronic communication configured to initiate a transition from the antivirus mode to the whitelist mode in hosts on the network); and responsive to the initiation signal, the computer instructions perform one or more security actions for preventing actions of a suspected malware program, the one or more security actions comprising at least terminating all running programs that are not in a whitelist stored in the tangible memory of the device ([0016]). As to claim 8, Jayanthi discloses the initiation signal is selected from a group consisting of a preset key sequence from the human input device, a combination of keys pressed on the human input device, activation of a dedicated switch, invoking a program from a home screen of the display, and invoking an application from a task bar on the display ([0025], big red button). As to claim 16, Jayanthi discloses a method of protecting a device from malware, the device having a processor and storage, the method comprising: determining, by a user of the device, that there is an opportunity for intrusion by the malware ([0055]); signaling an initiation signal after suspecting that there is the opportunity for intrusion by the malware, the initiation signal received directly from a user input ([0025], during a malware attack, an attack signal may be communicated by a network administrator or other authorized user (referred to as a `big red button`) to initiate the transition. The attack signal can be any electronic communication configured to initiate a transition from the antivirus mode to the whitelist mode in hosts on the network); and responsive to the initiation signal, performing one or more security actions for preventing actions of the malware comprising at least terminating all running programs that are not in a whitelist stored on the storage of the device ([0016]). As to claim 17, Jayanthi discloses the initiation signal is selected from a group consisting of the user invoking a preset key sequence from a human input device that is operatively interfaced to the device, the user invoking a combination of keys pressed on the human input device that is operatively interfaced to the device, the user invoking a dedicated switch that is operatively interfaced to the device, the user invoking a program from a home screen of a display that is operatively interfaced to the device, and the user invoking the program from a task bar on the display ([0025], during a malware attack, an attack signal may be communicated by a network administrator or other authorized user (referred to as a `big red button`) to initiate the transition). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 4, 5 is/are rejected under AIA 35 U.S.C. 103 as being unpatentable over Jayanthi in view of Silva Pinto et al. (US 2016/0381026, “Pinto”). As to claim 4, Jayanthi does not disclose the initiation signal comprises invoking a program from a home screen of a display of the computer. Pinto discloses the initiation signal comprises invoking a program from a home screen of a display of the computer ([0055], user can activate secure mode from the home screen when infected by malware). It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Pinto’s teachings secure mode activation from a home screen to Jayanthi’s teaching of a “big red button” in order to provide “easy-to-use” choices for users to activate secure modes or the big red button (Pinto, [0055]). As to claim 5, Jayanthi does not disclose the initiation signal comprises invoking a program from a task bar on a display of the computer. Pinto discloses the initiation signal comprises invoking a program from a task bar on a display of the computer ([0055], user can enable secure mode from the notification bar when infected by malware). It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Pinto’s teachings secure mode activation from a task bar to Jayanthi’s teaching of a “big red button” in order to provide “easy-to-use” choices for users to activate secure modes or the big red button (Pinto, [0055]). Claim(s) 6, 9, 15, 18 is/are rejected under AIA 35 U.S.C. 103 as being unpatentable over Jayanthi in view of Kelly et al. (US 2012/0090033, “Kelly”). As to claims 9, 18, Jayanthi does not disclose the one or more security actions comprise computer instructions running on the processor that change the whitelist to a secure whitelist. Kelly discloses the one or more security actions comprise computer instructions running on the processor that change the whitelist to a secure whitelist (fig. 6, encrypting a whitelist). It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Kelly’s teachings of securing a whitelist to Jayanthi’s system in order to protect the whitelist of Jayanthi from tampering. As to claims 6, 15, Jayanthi does not disclose changing the whitelist to a secure whitelist. Kelly discloses changing the whitelist to a secure whitelist (fig. 6). It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to apply Kelly’s teachings of securing a whitelist to Jayanthi’s system in order to protect the whitelist of Jayanthi from tampering. Jayanthi-Kelly further render obvious the secure whitelist comprises entries that are required for operation of the device and entries that are required for operation of security software on the device (Jayanthi, [0016], [0024], [0025], known, trusted processes are included in the whitelist, such as system and antivirus). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to HIEU T HOANG whose telephone number is (571) 270-1253. The examiner can normally be reached Mon-Fri 9 AM -5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HIEU T HOANG/Primary Examiner, Art Unit 2449