FORMAL VERIFICATION APPARATUS, FORMAL VERIFICATION METHOD AND PROGRAM

§101 §102 §103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to an amendment application received on 12/17/2025. In the application, claims 1-5 have been amended. No claim has been cancelled and no new claim has been added. For this Office Action, claims 1-5 have been received for consideration and have been examined. Response to Arguments Claim Interpretation & Claim Rejections – 35 USC § 112 (b) & (a) Applicant’s amendments to claims 1-3 have been reviewed and amendments have overcome the raised Claim Interpretation & Claim Rejections – 35 USC § 112 (b) & (a) rejections. Therefore, these rejections have been withdrawn. Claim Rejections – 35 USC § 101 Applicant’s amendments to claims 1-5 have been reviewed in light of the remarks and amendments have overcome the 35 USC § 101 Abstract Idea rejection. Therefore, this rejection has been withdrawn. Claim Rejections – 35 USC § 102 Applicant’s arguments, filed 12/17/2025 with respect to the rejection(s) of claim(s) under 35 USC § 102 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of new amendments to the claims. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, and 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Milden et al., (US20240048565A1) in view of Thomas et al., (US20190124112A1). Regarding claim 1, Milden discloses: A formal verification apparatus comprising: a memory; and a processor executing a computer-executable instructions that cause the formal verification apparatus to perform operations comprising: acquiring protocol information (i.e., extracting network access data), wherein the protocol information describes a system configuration (i.e., Fig. 3, steps 304 – 308) including a client terminal in connection with a server [[through a virtual network]] ([0019] As used herein, the term “network-connected device” refers to any device that is connected to a given communications network in a manner that allows the device to communicate in and/or otherwise interact with the network; [0052] After the receipt of the network access event data object as described in connection with operation 302 is performed in a given circumstance, the procedure illustrated in FIG. 3 then advances to operation 304. At operation 304, the apparatus 200 includes means, such as assessment circuitry 210 or the like, for extracting from the network access event data object information identifying the geographic location associated with the unauthorized network access event; [0053] Turning next to operation 306, the apparatus 200 includes means, such as mapping circuitry 212 or the like, for determining, based at least in part on the geographic location associated with the unauthorized network access event, a bounded geographic region associated with the unauthorized network access event; [0057] As shown at operation 308, the apparatus 200 includes means, such as monitoring circuitry 214, for identifying a network-connected device within the bounded geographic region), and the protocol information further describes verifying safety of the client terminal as an authorized client terminal based on a protocol of network communication from the authorized client terminal in the system configuration ([0043] Verification circuitry 218 includes hardware components designed to determine whether a network-connected device has performed a reconfiguration in accordance with a received reconfiguration instruction set. These hardware components may, for instance, utilize elements of input/output circuitry 206 and/or communications circuitry 208 to receive one or more event data sets from a network-connected device that has previously received a reconfiguration instruction set and perform one or more tests or other compliance verification procedures to determine whether the reconfiguration has been implemented at the network connected device; [0061] In some example implementations, determining whether the reconfiguration has been performed by the network-connected device may comprise receiving an event data set from the network-connected device and performing a compliance verification procedure on the received event data set. It will be appreciated that the content of the event data set and/or the details of the compliance verification procedure may vary based on the characteristics of the network-connected device and the relevant reconfiguration instruction set); and detecting an attack on the [[virtual network]] as an attack by the client terminal representing an unauthorized terminal by performing formal verification according to the protocol information ([0023] In the example depicted in FIG. 1A, location 104, shown on block 102J, is a location at which fraudulent activity has been detected. In some example implementations, upon the detection of fraudulent activity at location 104, a bounded geographic region is determined; [0024] In the example depicted in FIG. 1A, location 104, shown on block 102J, is a location at which fraudulent activity has been detected. In some example implementations, upon the detection of fraudulent activity at location 104, a bounded geographic region is determined; [0040] These hardware components may, for instance, utilize elements of input/output circuitry 206 to detect the location associated with the unauthorized network access event and characteristics of the unauthorized network access event; [0058] Upon the identification of a network-connected device within the bounded geographic region in operation 308, the process depicted in FIG. 3 proceeds to operation 310. As shown by operation 310, the apparatus 200 includes means, such as abatement circuitry 216, for generating a reconfiguration instruction set based on the unauthorized network access event and the bounded geographic regions associated with the unauthorized network access event. As discussed herein, example implementations of the methods, systems, and apparatus described herein reduce fraudulent activity by causing reconfigurations of network devices that are located in regions near where fraudulent activity has been detected); and blocking (i.e., delaying the transaction until confirming the identity of an operator), based on the detected attack, network communication including the client terminal ([0058] Upon the identification of a network-connected device within the bounded geographic region in operation 308, the process depicted in FIG. 3 proceeds to operation 310. As shown by operation 310, the apparatus 200 includes means, such as abatement circuitry 216, for generating a reconfiguration instruction set based on the unauthorized network access event and the bounded geographic regions associated with the unauthorized network access event … For example, abatement circuitry 216 may ascertain that a given network-connected device is currently configured to attempt to process any transaction involving a plastic card (such as a credit or debit card) without taking any steps to verify the identity of the presenter of the card. To harden the network-connected device against activity involving stolen plastic cards and/or plastic cards obtained through the use of a stolen identity or synthetic identity, the reconfiguration instruction set may include instructions for reconfiguring the network-connected device to delay attempting to process a transaction until an operator of the network-connected device enters information confirming the identity of the presenter of the card). Milden fails to disclose: the devices such as a server are part of a virtual network. However, Thomas discloses: the devices such as a server are part of a virtual network ([0033] Network control may stop unauthorized, guest, or non-compliant systems from accessing networks, and may control network traffic that may not be bypassed from the client level. In addition, network access control may control access to virtual private networks (VPN), where VPNs may be a communications network tunneled through another network, establishing a logical connection acting as a virtual network. In embodiments, a VPN may be treated in the same manner as a physical network; [0070] The computing device 210 may be used for any of the entities described in the threat management environment described above with reference to FIG. 1. For example, the computing device 210 may be a server, a client an enterprise facility, a threat management facility, or any of the other facilities or computing devices described therein. In certain aspects, the computing device 210 may be implemented using hardware (e.g., in a desktop computer), software (e.g., in a virtual machine or the like), or a combination of software and hardware, and the computing device 210 may be a standalone device, a device integrated into another entity or device, a platform distributed across multiple entities, or a virtualized device executing in a virtualization environment; [0072] The external device 204 may be any computer or other remote resource that connects to the computing device 210 through the network 202. This may include threat management resources such as any of those contemplated above, gateways or other network devices, remote servers or the like containing content requested by the computing device 210, a network storage device or resource, a device hosting malicious content, or any other resource or device that might connect to the computing device 210 through the network 202). It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the environment of Milden and implement the attack detection in a virtual network environment, as disclosed by Thomas. The motivation to implement the attack detection in a virtual network environment is to extend the attack detection from local network to devices which are connected through virtual network (Thomas: [0063]). Regarding claim 4, it is a method claim and recites similar subject matter as claim 1 and therefore rejected under similar ground of rejection. Regarding claim 5, the combination of Milden and Thomas discloses: A computer-readable non-transitory recording medium storing program that, when executed on a computer, causes the computer to function as each unit in the formal verification apparatus of claim 1 (Milden: [0034] In some embodiments, the processor 202 (and/or co-processor or any other processing circuitry assisting or otherwise associated with the processor) may be in communication with the memory 204 via a bus for passing information among components of the apparatus. The memory 204 may be non-transitory and may include, for example, one or more volatile and/or non-volatile memories. In other words, for example, the memory may be an electronic storage device (e.g., a non-transitory computer readable storage medium). The memory 204 may be configured to store information, data, content, applications, instructions, or the like, for enabling the apparatus to carry out various functions in accordance with example embodiments of the present invention). Claim(s) 2-3 are rejected under 35 U.S.C. 103 as being unpatentable over Milden et al., (US20240048565A1) in view of Thomas et al., (US20190124112A1) and further in view of Nivala et al., (US20160261576A1). Regarding claim 2, the combination of Milden and Thomas fail to disclose: The formal verification apparatus according to claim 1, wherein the protocol information further comprises another client terminal other than the client terminal included in the system configuration as an authenticated client terminal, and the said another client terminal shares a pre-shared key with the server. However, Nivala discloses: wherein the protocol information further comprises another client terminal other than the client terminal included in the system configuration as an authenticated client terminal, and the said another client terminal shares a pre-shared key with the server ([0041] The present embodiments are based on encrypting all network traffic between client devices and the server with HTTPS and using a pre-shared key as an additional shared secret between client devices and the server in addition to user authentication to ensure that only authorized devices can attempt to connect to the system … Any attempts to connect to the EIM system from an unauthorized device would be blocked by the server because the client is not presenting the correct pre-shared key to the server; [0050] The web application of the EIM system on the proxy server 200 may be configured to require a pre-shared key from client devices 210, 230 that attempt to connect the EIM system; [0081] A method according to an embodiment, shown in FIG. 4, comprises receiving a request to access an information management system from a client device 410; detecting a secure key from the request 420; authenticating the secure key by determining whether the secure key matches with a secure key that has been distributed to the client device in a resource having an application-specific format 430). It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the attack detection system of Milden in view of Thomas and include client and server communication using a pre-shared key, as disclosed by Nivala. The motivation to include client and server communication using a pre-shared key is to prevent eavesdropping or falsification of communication between the computer terminals. Regarding claim 3, the combination of Milden and Thomas fail to disclose: The formal verification apparatus according to claim 1, wherein it is assumed that, in the protocol information further comprises a plurality of servers included in the system configuration connected via a mutually-authenticated secure channel. However, Nivala discloses: wherein it is assumed that, in the protocol information further comprises a plurality of servers included in the system configuration connected via a mutually-authenticated secure channel ([0049] According to an example the client devices 210, 230 comprise a mobile application having a pre-shared key, which is verified in the proxy server 200 before allowing the communication to proceed to EIM server 250. Instead of the mobile application, the client devices 210, 230 may comprise a web browser or a desktop application for accessing the information management system. In such example, the web browser or desktop application comprises a pre-shared key. The client device 220 is able to communicate with the EIM server 250 directly, since it is located in the internal network). It would have been obvious to an ordinary skill in the art before the effective filing date of the claimed invention to modify the attack detection system of Milden in view of Thomas and include client and server communication using a pre-shared key, as disclosed by Nivala. The motivation to include client and server communication using a pre-shared key is to prevent eavesdropping or falsification of communication between the computer terminals. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Korzuch can be reached at 571-272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SYED M AHSAN/Primary Examiner, Art Unit 2491