Systems and Methods for a Radio Interface Layer Defense

§102 §103 §112

Response to Amendment Claim Rejections - 35 USC § 112 The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 1, 13, 20 and corresponding dependent claims are rejected under 35 U.S.C. 112(a) as failing to comply with the enablement requirement. The specification, while being enabling for certain aspects of monitoring SMS-related communications in a mobile device, does not reasonably enable the full scope of the claimed invention without undue experimentation because the claim recites an arrangement that a person of ordinary skill in the art (POSITA) could not make or use as written. In particular, claim 1 recites: “monitoring, by a security software component in an abstraction layer of a computing device … wherein the abstraction layer is located between a radio hardware of the computing device and an application layer of the computing device.” The recited “application layer” is, by its nature, a logical/software layer of an operating system stack and not a physical component possessing a spatial location. Thus, requiring the “abstraction layer” to be “located between” the radio hardware (a physical component) and an “application layer” (a logical construct) defines a configuration that is not physically realizable as claimed. The specification provides no teaching that renders such a configuration operative, nor is there evidence that the art recognizes a way to physically position a software abstraction layer “between” a hardware device and a logical layer. The specification does not provide sufficient guidance to enable a POSITA to practice the claimed invention with the above “located between … and an application layer” limitation without undue experimentation. Wands factor analysis demonstrating undue experimentation: Quantity of experimentation necessary: Substantial. To satisfy “located between … and an application layer,” a POSITA would have to devise a novel architectural construct that assigns a spatial/physical relation to a logical software layer—something the art does not provide. This goes beyond routine implementation. Amount of direction or guidance in the specification: Minimal to none The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1, 13, 20 and corresponding dependent claims are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 13, 20 each recite ……a security software component in an abstraction layer of a computing device configured to access a radio network, data related to SMS interactions over the radio network, wherein the abstraction layer is located between a radio hardware of the computing device and an application layer of the computing device, and wherein the monitoring of the data comprises monitoring communications across an interface between a cellular processor in the radio hardware, and an application processor configured to execute user-space applications in the application layer; There are several issues with the newly amended claims. First, the layers model is a logical/conceptual framework of a complex systems of software and hardware interaction. Layers are not the same as layers of cake for example. Although physical components may belong to a specific layer, the Layers do not represent physical locations. The limitation “wherein the abstraction layer is located between a radio hardware of the computing device and an application layer of the computing device” is contradictory because radio hardware is a physical thing while the application layer is logical/conceptual abstraction, therefore the abstraction layer cannot be located between hardware and the application layer, therefore the limitation renders the claim indefinite. Second, the limitation “a security software component in an abstraction layer of a computing device configured to access a radio network” appears to state the that software is located in a conceptual layer, while in reality software is contained in the memory of a device. Therefore, this limitation is contradictory to what software is and how software works in a computing system. Regarding applicant’s arguments below: Nothing in McKay teaches, discloses, suggests, or motivates at least "a cellular processor in the radio hardware, and an application processor configured to execute user-space applications in the application layer," (emphasis added), and therefore McKay cannot teach, disclose, suggest, or motivate "monitoring communications across an interface between a cellular processor and an application processor," (emphasis added), as recited in amended claim 1. …..As illustrated, the "wireless network point-of-presence (4020)" of McKay is located outside the "wireless device 4100." Accordingly, McKay does not teach "a security software component in an abstraction layer of a computing device wherein the abstraction layer is located between a radio hardware of the computing device and an application layer of the computing device," (emphasis added), as recited in amended claim 1. Examiner respectfully disagrees for at least the following reasons: McKay, discloses in fig. 4 a firewall operating between transmitters, SIM card and CPU, Applications. Applications are part of the application layer and SIM and transmitter are part of the physical layer, therefore McKay reads on the limitation on "a security software component in an abstraction layer of a computing device wherein the abstraction layer is located between a radio hardware of the computing device and an application layer of the computing device," and further reads on "monitoring communications across an interface between a cellular processor and an application processor,". Hence the rejection is maintained as follows: Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claims 1-6, 8, 10, 11, 13, 14, 17-21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by McKay et al (US 20090325615 A1; hereinafter “McKay”). Regarding claim 1, McKay discloses a computer-implemented method for defending, preventing, and/or mitigating short message service (SMS) based activities (see KcKay, ¶0021 “When using this technique, device control to prevent undesired use of the device, such as to improperly disclose information, is generally limited as well. Methods that operate on the device to detect, capture, store and relay SMS message traffic are needed.”, further see figure 11), comprising: monitoring, by a security software component in an abstraction layer of a computing device configured to access a radio network, data related to SMS interactions over the radio network (see McKay, [0104] In other exemplary implementations, the device software is adapted to the requirements of the particular hardware using dynamically loadable libraries (DLLs), such as, for example, the MOBILE WINDOWS OS…… “Thus, in some embodiments the SMS Firewall is inserted into the flow in a way that permits it to perform its intended functions by replacement of one or more of the DLLs used to interface with the device's data reception hardware, transfer data to device processes such as the SMS Queue Insertion process, or used in the transfer of SMS data from the receiving hardware to components of the SMS message reception and processing flow”); network, wherein the abstraction layer is located between a radio hardware of the computing device and an application layer of the computing device (see 35 USC 112b), and wherein the monitoring of the data comprises monitoring communications across an interface between a cellular processor in the radio hardware, and an application processor configured to execute user-space applications in the application layer (see McKay, fig. 4 firewall, cpu, sim card, applications); based on the monitoring, detecting a potential activity associated with an SMS interaction (see McKay, fig. 10, 11, 14); and providing an indication of the potential activity (see McKay, ¶[0163] Actions associated with rules for outgoing SMS Simple Text messages can include, for example and without limitation: discarding the matching SMS message, permitting normal processing of the matching SMS message without checking additional rules, saving the SMS message to the exfiltration cache, use of an audible, vibratory or visual alert to indicate sending of the message, modification of the message data, forwarding of the message to one or more additional recipients, with or without the knowledge of the current recipient, or, when not deployed covertly, asking the device user for authorization to send the message. As indicated by the process flow of FIG. 15, when a Simple Text SMS message matches a plurality of rules, a plurality of actions can be processed for the message.). Regarding claim 13, the limitations have been addressed in the rejection of claim 1. Regarding claim 20, the limitations have been addressed in the rejection of claim 1. Regarding claim 2, McKay discloses the computer-implemented method of claim 1, further comprising: mitigating a potential malicious activity (see McKay, fig. 10, 11, 14). Regarding claim 3, the computer-implemented method of claim 2, wherein the mitigating of the potential malicious activity further comprises one of blocking, allowing, rewriting, or forwarding of the SMS interaction (see McKay, fig. 10, 11, 14). Regarding claim 4, the computer-implemented method of claim 1, wherein the providing of the indication of the potential activity further comprising: generating an alert associated with a potential malicious activity (see McKay, fig. 10, 11, 14). Regarding claim 5, the computer-implemented method of claim 1, wherein the providing of the indication of the potential activity further comprising: identifying that the SMS interaction is a malicious activity initiated by a particular computing device (see McKay, ¶0023 Originator Address (OA) (1150) specifies the address of the originator of the message.); and triggering an action to mitigate the malicious activity (see McKay, fig. 10, 11, 14). Regarding claim 6, the computer-implemented method of claim 1, further comprising: identifying a source of an outbound SMS based on inter-process communication calls to a user-space application (see McKay, table 2, ¶0011, 12, 0168,0170). Regarding claim 8, the computer-implemented method of claim 1, further comprising: interacting with one or more user-space applications to track a context associated with the SMS interaction (see McKay, table 2, ¶0011, 12, 0168,0170, fig. 7-14). Regarding claim 10, the computer-implemented method of claim 1, wherein the data related to the SMS interactions comprises context data (see McKay, table 2, ¶0011, 12, 0168,0170, fig. 7-14). Regarding claim 11, the computer-implemented method of claim 10, further comprising: retrieving the context data from a system layer, wherein the context data is associated with a broadcast station, and wherein the context data relates to one or more of a signal strength or a broadcast parameter (see McKay, ¶0023 discloses identifying the originator and type of message). Regarding claim 14, the computing device of claim 13, further comprising an application processor configured to execute the OS (see McKay, fig. items 5120 a, b, c, ¶0013 “Typically a handset comprises user interface subsystems, one or more receivers and transmitters, at least one processor (CPU), and the wireless mobile device's operating system. The construction of wireless mobile devices such as telephony devices is well understood to those skilled in the art.”). Regarding claim 17, the computing device of claim 13, the operations further comprising: mitigating a potential malicious activity (see McKay, fig. 10, 11, 14). Regarding claim 18, the computing device of claim 13, wherein the operations providing the indication of the potential activity further comprising: generating an alert associated with a potential malicious activity (see McKay, fig. 10, 11, 14). Regarding claim 19, the computing device of claim 13, the operations further comprising: interacting with one or more user-space applications to track a context associated with the SMS interaction (see McKay, table 2, ¶0011, 12, 0168,0170). Regarding claim 21, the non-transitory computer-readable medium of claim 20, wherein the computing device comprises an application processor configured to execute an operating system (OS) of the computing device (see McKay, fig. items 5120 a, b, c, ¶0013 “Typically a handset comprises user interface subsystems, one or more receivers and transmitters, at least one processor (CPU), and the wireless mobile device's operating system. The construction of wireless mobile devices such as telephony devices is well understood to those skilled in the art.”). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over McKay in view of Applicant Admitted Prior Art (paragraph 76 of applicant’s unpublished spec) (hereinafter “AAPA”). Regarding claim 7, the computer-implemented method of claim 1, further comprising: McKay fails to specifically disclose monitoring baseband traffic from based on a diagnostic interface, however based on AAPA, monitoring baseband traffic from based on a diagnostic interface (applicant’s admission, “note that the diagnostic interface (e.g., /dev/diag in QUALCOMM* devices) is prevalent among heterogeneous ANDROID* and iOS* devices. Publicly available libraries support, baseband monitoring of major vendors (e.g., QUALCOMM*, SAMSUNG*, and MEDIATEK*” having a diagnostic interface is well known in the art). It would have been obvious to someone with ordinary skill in the art prior to the effective filing date of the claimed invention to modify McKay to include a diagnostic interface to monitor functions as disclosed by AAPA, thereby creating a more efficient system. Claims 9, 12, 15, 16 are rejected under 35 U.S.C. 103 as being unpatentable over McKay in view of Zhukov et al (US 8387141 B1; hereinafter Zhukov) Regarding claim 9, the computer-implemented method of claim 1, McKay fails to specifically disclose wherein the detecting of the potential activity comprises detecting a baseband-only malicious attack. In the same field of endeavor, Zhukov discloses wherein the detecting of the potential activity comprises detecting a baseband-only malicious attack (Col 10, lines 4-10 “The exemplary system can also protect against SMS eavesdropping by third party applications by registration of the new message respective AT command from the baseband processor. Then, the system deals with the respective SMS at the level of the operation system applications. The system can further include filtering calls and SMS messages by filtering the respective AT commands from the baseband processor.”). Given that McKay and Zhukov each are related to protecting mobile devices from malicious interference, and given that Zhukov is further monitoring SMS messages for potential harm, it would have been obvious to someone with ordinary skill in the art prior to the effective filing date of the claimed invention to modify McKay with baseband detection of SMS attacks as disclosed by Zhukov thereby creating a more secure system. Regarding claim 12, the computer-implemented method of claim 1, McKay fails to specifically disclose a specific operating system, however, Zhukov discloses wherein an operating system (OS) of the computing device comprises an Android-based OS or an Apple-based OS (see McKay, Col 2 lines 60-65). It would have been obvious to someone with ordinary skill in the art prior to the effective filing date of the claimed invention to modify McKay with the specification of an Android operating system as disclosed by Zhukov thereby conforming to Android standards. Regarding claim 15, the limitations have been addressed in the rejection of claim 12. Regarding claim 16, the computing device of claim 14, wherein the OS comprises an Android-based OS (addressed in the rejection of claim 12), and wherein the abstraction layer comprises a radio interface layer (RIL) (see McKay, ¶0104). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to VLADIMIR MAGLOIRE whose telephone number is (571)270-5144. The examiner can normally be reached 9-5 PM M-F. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Thomas can be reached at (571) 272-8004. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /VLADIMIR MAGLOIRE/Supervisory Patent Examiner, Art Unit 3648