Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is in response to application filed on 03/05/2024
Claims 1-20 are pending.
Priority
Acknowledgment is made of applicant’s claim for foreign priority under 35 U.S.C. 119 (a)-(d). The certified copy has been filed in parent Application No. PCT/US2021/050037, filed on 09/13/2021.
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
Claim Objections
Claim 1-20 are objected to because of the following informalities:
Claims 1 and 10 states an “obfuscated SDK”, where SDK is an acronym not defined in the claim. SDK is interpreted as a “software development kit” and recommendation to add “software development kit (SDK)” to the claim language.
The dependent claims 2-9 are also objected for incorporating the deficiency of their independent claim 1.
The dependent claims 11-16 are also objected for incorporating the deficiency of their independent claim 10.
Further, claim 17 states an “API call function”, where API is an acronym not defined in the claim. API is interpreted as an “application programming interface” and recommendation to add “application programming interface (API)” to the claim language.
The dependent claims 18-20 are also objected for incorporating the deficiency of their independent claim 17. Additionally, claim 18 states “SDK binary”, which as stated previously, “SDK” will need to be defined in the claim.
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 4-7, 8-10 and 11-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Crane et al. (US 20210157612 A1) hereinafter Crane in view of Chen (CN 107103211 A).
Regarding claim 1, Crane discloses
creating, by the computer, application source code that calls functions in the interface source code; (Crane [0081] discloses an application source code written by a developer including calls to functions which reside in libraries external to or outside of the application source code file. The calls include calls to functions in the original library, using the relocation data of the original library)
building, by the computer, an intermediate object comprising the interface source code and the application source code; and (Crane [0081] - [0083] discloses the compiler taking the application source code with calls to externally referenced functions in the original library and transformation library and produces an application object file. Further, the functions in the transformation/obfuscated library, are embedded in the application object code.)
creating, by the computer, the final application using the intermediate object and the obfuscated SDK binary. (Crane [0082] and [0021] the linker taking in as an input the application object file, original library, and the transformation library, to create a single executable program file to be executed on the target machine, where the “transformation library” is obfuscation or reorganization of the contents in the original library).
Crane lacks explicitly
obtaining, by a computer, an obfuscated SDK binary and an interface source code that comprises one or more functions that call obfuscated functions within the obfuscated SDK binary
Chen teaches
obtaining, by a computer, an obfuscated SDK binary and an interface source code that comprises one or more functions that call obfuscated functions within the obfuscated SDK binary (Chen abstract and pg. 17 paragraph 12 and 15 discloses an SDK encrypted using a cipher function, i.e. obfuscation, and an interface file that is comprised of interface and the interface function declaration included in the first SDK).
It would have been obvious to one ordinary skill in the art before the effective filing date of claimed invention to have modified Crane to incorporate the teachings of Chen to “obtaining, by a computer, an obfuscated SDK binary and an interface source code that comprises one or more functions that call obfuscated functions within the obfuscated SDK binary” in order for the second developer to receive the necessary SDK and function mapping to add those functions into their application.
Regarding claim 4, Crane discloses
The method of claim 1, wherein the interface source code is written in a human-readable programming language prior to building the intermediate object (Crane [0050] and [0081] discloses the library built from source code to an object code file with support for transformation, and as disclosed previously the transform library acts as the interface source code by mapping to functions in the original library. The library object code file is understood as a high-level procedural or object-oriented programming language, thus making it a human-readable programming language), wherein the application source code is written in a human-readable programming language prior to building the intermediate object (Crane [0081] and [0111] discloses application source code written by a programmer and the application source code being an object file before the linker stage turning it into an intermediate object. The application object file is understood as a high-level procedural or object-oriented programming language, thus making it a human-readable programming language), and wherein the obfuscated SDK binary is obfuscated code written in a low-level programming language including machine language instructions. (Crane [0083] discloses the executable program file is composed of machine code that calls to functions in the transformation library and calls to the original library and information corresponding to the relocation data from the original library, where the executable program file is the final application).
Regarding claim 5, Crane discloses
The method of claim 1
Crane lacks explicitly
Wherein the obfuscated SDK binary and the interface source code are obtained from a software development tool access computer
Chen teaches
Wherein the obfuscated SDK binary and the interface source code are obtained from a software development tool access computer (Chen page 5, paragraph 7 and page 13, paragraph 6 receiving from a development tool the obfuscated SDK and includes an interface file for the protected/obfuscated SDK, where the development tool provider can be a SDK provider server).
It would have been obvious to one ordinary skill in the art before the effective filing date of claimed invention to have modified Crane to incorporate the teachings of Chen to “wherein the obfuscated SDK binary and the interface source are obtained from a software development tool access computer” in order for the second developer to have the necessary functions and mapping, allowing the second developer to make their own application using the provided tools.
Regarding claim 6, Crane discloses
The method of claim 1
Crane lacks explicitly
wherein the computer is a second development computer, and wherein a first development computer creates the obfuscated SDK binary and the interface source code and provides the obfuscated SDK binary and the interface source code to a software development tool access computer.
Chen teaches
the computer is a second development computer (Chen page 12, paragraph 4-6 discloses the application developer receiving the SDK with the protected library and interface file from the development tool, demonstrating this developer being the second development computer and the development tool access computer being the first development computer), and wherein a first development computer creates the obfuscated SDK binary and the interface source code and provides the obfuscated SDK binary and the interface source code to a software development tool access computer. (Chen page 5, paragraph 7 and page 13, paragraph 6 receiving from a development tool the obfuscated SDK and includes an interface file for the protected/obfuscated SDK, where the development tool provider can be an SDK provider server which would be the first development computer).
It would have been obvious to one ordinary skill in the art before the effective filing date of claimed invention to have modified Crane to incorporate the teachings of Chen to “wherein the computer is a second development computer, and wherein a first development computer creates the obfuscated SDK binary and the interface source code and provides the obfuscated SDK binary and the interface source code to a software development tool access computer” in order for the second developer to have the necessary functions and mapping, allowing the second developer to make their own application using the provided tools.
Regarding claim 7, Crane discloses
The method of claim 6, wherein during creating the obfuscated SDK binary and the interface source code, the first development computer creates SDK source code, compiles the SDK source code into SDK binary (Crane [0050] discloses source code being compiled using different compiler options can make the versions different at the binary level. Using the relocation data, it relates to the exact version of the original version. This process demonstrates before the binary transformation step on Crane [0055] that the source code is first compiled into a binary file first before randomly reordering machine code portions of an original library), obfuscates the SDK binary into obfuscated SDK binary, and creates the interface source code based on obfuscating the SDK binary into obfuscated SDK binary. (Crane [0021] and [0028] discloses that a binary transformation is defined by one or more functions in the transformation library that causes obfuscation and re-mapped appropriately to respective transformed libraries, thus demonstrating the obfuscated SDK and mapping of obfuscated functions)
Regarding claim 8, Crane discloses
The method of claim 1, wherein the final application includes one or more obfuscated function calls that call the one or more functions in the interface source code, which are also obfuscated. (Crane [0083] discloses the executable program file includes calls to functions in the transformation library and call to original library and information corresponding to the relocation data from the original library).
Regarding claim 9, Crane discloses
The method of claim 1 further comprising: providing, by the computer, the final application to a digital distribution platform, where the digital distribution platform provides the final application to one or more user devices upon request, wherein upon receiving the final application, a user device of the one or more user devices executes the final application. (Crane [0082]-[0083] and [0087] discloses the executable program file, transformation library, and the original library, can be combined to make a distribution package, where the distribution package may be placed on a storage medium connected to a target system for use by a user upon request of the original library and executed on a target machine).
Regarding claim 10, it’s directed to a machine having similar limitations cited in claim 1. Thus claim 10 is also rejected under the same rationale as cited in the rejection of claim 1 above.
Regarding claim 11, Crane discloses
The computer of claim 10, wherein obtaining the obfuscated SDK binary and the interface source code further comprises: providing, by the computer, a software development kit request message to a software development tool access computer requesting the obfuscated SDK binary and the interface source code (Crane [0040] discloses a request of a transformation of the original library); and receiving, by the computer, a software development kit response message from the software development tool access computer comprising the obfuscated SDK binary and the interface source code(Crane [0040] discloses in response to this request, the original library is subjected to a transformation and resulting library is stored in daemon. This process provides a library with functions that have been muddled or obfuscated. While Crane lacks explicitly a software development tool access computer, this was previously shown in Chen page 5, paragraph 7 and page 13, paragraph 6 where sending this obfuscated SDK binary and interface source code is by a software development tool access computer. Thus, the combination of both Crane and Chen fully teach this limitation).
It would have been obvious to one ordinary skill in the art before the effective filing date of claimed invention to have modified Crane to incorporate the teachings of Chen to “The computer of claim 10, wherein obtaining the obfuscated SDK binary and the interface source code further comprises: providing, by the computer, a software development kit request message to a software development tool access computer requesting the obfuscated SDK binary and the interface source code and receiving, by the computer, a software development kit response message from the software development tool access computer comprising the obfuscated SDK binary and the interface source code” in order to share the necessary SDK to the other/second developer, thus allowing the developer to create their application.
Regarding claim 12, Crane discloses
The computer of claim 10, wherein the obfuscated SDK binary includes the obfuscated functions which process obfuscated processing steps (Crane [0021]-[0023] discloses the obfuscation of the contents of the original library includes randomly reordering the functions or functional blocks of the original library and subsequently performing operations to update linkages between the executable program the functions).
Regarding claim 13, it’s directed to a computer having similar limitations cited in claim 9. Thus claim 13 is also rejected under the same rationale as cited in the rejection of claim 9 above.
Regarding claim 14, it’s directed to a computer having similar limitations cited in claim 9. Thus claim 14 is also rejected under the same rationale as cited in the rejection of claim 9 above.
Regarding claim 15, Crane discloses
The method of claim 10, wherein the intermediate object includes object code created from the interface source code and the applications source code (Crane [0050] and [0081] discloses the relocation data being built from source code to an object code with support for transformation. Then, the compiler takes application source code with calls to external functions and produces the application object file, where the application object file is the object file of the source code).
Regarding claim 16, it’s directed to a computer having similar limitations cited in claim 6. Thus claim 16 is also rejected under the same rationale as cited in the rejection of claim 6 above.
Claim(s) 2 and 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Crane et al. (US 20210157612 A1) hereinafter Crane in view of Chen (CN 107103211 A) in further view of Hale (US 9830478 B1).
Regarding claim 2, Crane in view of Chen disclose
The method of claim 1
Crane in view of Chen lacks explicitly
Obfuscating, by the computer, the intermediate object
Hale discloses
Obfuscating, by the computer, the intermediate object (Hale column 1, lines 47-63 and column 5, lines 53-62 discloses obfuscation log that maps obfuscated code element names, where stated the code element names include method names, class names, file names, and variable names, where the obfuscation log mapping acts as an interface source code. Hale column 6, lines 41-46 then discloses, client system after encountering one or more bugs in the obfuscated code generates stack traces from obfuscated code, which include obfuscated code element names, showing the application code with obfuscated function names. The application and interface together make the intermediate object, thus showing the intermediate is comprised of two obfuscated parts, therefore the intermediate object itself is obfuscated).
It would have been obvious to one ordinary skill in the art before the effective filing date of claimed invention to have modified Crane in view of Chen to incorporate the teachings Hale to “obfuscating by the computer, the intermediate object” in order to have a complete obfuscation chain and prevent malicious users to observe any un-obfuscated functions during function call.
Regarding claim 3, it’s directed to a method having similar limitations cited in claim 2. Thus claim 3 is also rejected under the same rationale as cited in the rejection of claim 2 above.
Claim(s) 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Amancherla (US 20170161701 A1) in view of Salmon-legagneur et al. (US 20160239671 A1) hereinafter Salmon-legagneur.
Regarding claim 17, Amancherla discloses
A method of running a final application on a user device (Amancherla [0015] discloses displaying an application interface of an application on a display of a user device), the final application comprising an API call function, an interface function, and a library function, the API call function (Amancherla [0015] discloses login API using an API call when a function call is invoked to conduct the initiation command), the interface function (Amancherla [0015] discloses the user interface where compiled instructions are displayed to the user), and the library function being obfuscated (Amancherla [0029] discloses an obfuscated compiled library file), the method comprising:
executing, by the user device, the interface function that calls the library function; and (Amancherla [0092] and [0094] discloses integrating the library that is obfuscated into their application via the incorporation of function calls and library instantiations as instructed through manuals delivered alongside library file or an SDK provided by the payment system, or information made available on a developer portal provided by the payment system. The library has functions called when a user selects a payment method which is done through the user interface)
executing, by the user device, the functionality of the library function. (Amancherla [0108] and [0109] discloses after the user credentials are authenticated, the server system may include the core source code with an obfuscated compiled library file having the payment processing functionality. Each transaction request are received by the server system from the user device).
Amancherla lacks explicitly
executing, by the user device, the API call function that calls the interface function;
Salmon-legagneur teaches
executing, by the user device, the API call function that calls the interface function; (Salmon-legagneur [0045] discloses a shared library exposing a protection library API, where the API has access to the content of the DEX in memory belonging to protected functions, Salmon-legagneur [0047] shows that the DEX file consists of the overall mapping of classes and functions, therefore, the API is calling on the mapping file, where the mapping links to the protected/obfuscated library files).
It would have been obvious to one ordinary skill in the art before the effective filing date of claimed invention to have modified Amancherla to incorporate the teachings of Salmon-Legagneur to “executing, by the user device, the API call function that calls the interface function;” in order to have a secure chain of obfuscation while allowing the user to still operate the final application.
Regarding claim 18, Amancherla discloses
The method of claim 17 further comprising: obtaining, by the user device, the final application from an digital distribution platform, wherein the digital distribution platform previously obtained the final application from a development computer that created the final application. ([0095] and [0104] discloses the application created by a developer is uploaded to a public database for distributing to computing devices, such as mobile phones. The user device is then utilized to run the online gaming service or application that is a software application)
Regarding claim 19, Amancherla discloses
The method of claim 17, wherein the library function is a function included in an SDK binary. (Amancherla [0092] discloses application developer will accomplish integration of the library file with their application via the incorporation of function calls and library instantiations as instructed alongside library file or SDK provided. Then the application developer has generated the human readable code file, and copied obfuscated library file and combine into a compilation procedure into a single application).
Regarding claim 20, Amancherla discloses
The method of claim 17, wherein the user device is a smartphone, and the final application is a secure interaction application, and wherein the secure interaction application processes interactions by at least executing the functionality of the library function. (Amancherla [0002] and [0003] discloses smartphone/mobile device running a mobile application that includes integrated payment processing functionality. Further in Amancherla [0092] demonstrates the secure implementation of the library file and function calls in the final application).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER J SALLEY whose telephone number is (571)272-6355. The examiner can normally be reached Mon-Fri, 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached at (571) 272-3721. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Chat C Do/Supervisory Patent Examiner, Art Unit 2193