This action is in response to the amendments filed on 10/03/2025, in which claims 1-20 are presented for the examination.
Information Disclosure Statement
The Information Disclosure Statement (IDS) submitted on 10/03/2025 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDS statement is being considered by the examiner.
Response to Arguments
Applicant's arguments filed 10/03/2025 have been fully considered but they are not persuasive.
Chavez fails to anticipate "distributing the probabilistic data structure to at least one computing device".
Response:
Examiner respectfully disagrees.
Chavez discloses in Fig. 2, Data Analyzer 165 contains a classification component 260 with a Bloom filter function. Bloom filter is considered as claimed “probabilistic data structure”.
Data Analyzer 165 transmits data packets (135, 139), configuration updates (180), and instructions (190) to the configuration component 170 of a remote computer 169 via a LAN 130.
The Bloom filter itself can be transmitted within those data packets, thus demonstrating the distribution of the probabilistic data structure.
Therefore, it is clear Chavez distributes the probabilistic data structure to at least one computing device.
Chavez fails to anticipate "receiving from the at least one computing device, a
request to indicate whether a particular SAA has in fact been flagged".
Response:
Chavez discloses in Fig. 2, Data Analyzer 165 contains a classification component 260 with a Bloom filter function. Bloom filter is considered as claimed “probabilistic data structure”.
Data Analyzer 165 transmits data packets (135, 139), configuration updates (180), and instructions (190) to the configuration component 170 of a remote computer 169 via a LAN 130.
The Bloom filter itself can be transmitted within those data packets, thus demonstrating the distribution of the probabilistic data structure.
The data packet 135 can comprise any suitable request, command, instruction, data, information, etc. For example, data packet 135 can include an instruction directed towards a particular machine, switch, node, etc., as further described herein. (Col. 6-lines 51-58).
Therefore, it is clear, Chavez receives from the at least one computing device, a request to indicate whether a particular SAA has in fact been flagged.
Chavez fails to anticipate "providing, to the at least one computing device, a
respective informational package".
Response:
Chavez discloses in Fig. 2, Data Analyzer 165 contains a classification component 260 with a Bloom filter function. Bloom filter is considered as claimed “probabilistic data structure”.
Data Analyzer 165 transmits data packets (135, 139), configuration updates (180), and instructions (190) to the configuration component 170 of a remote computer 169 via a LAN 130.
The Bloom filter itself can be transmitted within those data packets, thus demonstrating the distribution of the probabilistic data structure.
The data packet 135 can comprise any suitable request, command, instruction, data, information, etc. For example, data packet 135 can include an instruction directed towards a particular machine, switch, node, etc., as further described herein. (Col. 6-lines 51-58). Informational package can be provided to computer 169.
Therefore, it is clear, Chavez provides to the at least one computing device, a respective informational package.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Chavez et al. (US 9,985,984, referred herein after Chavez).
As per claim 1, 8, 15, Chavez discloses a method for enabling computing devices to display warnings when software applications are launched on the computing devices, the method comprising, by a management entity:
analyzing a plurality of software application assets to flag a subset of software application assets (SAAs) (Fig. 1, Col. 8, lines 49-63, identifying anomalies (which may presume malicious code execution or insider threat));
generating a probabilistic data structure based on the subset of SAAs (Col. 14, lines 10-27, bloom filter is interpreted as claimed probabilistic data structure, Col. 13, lines 61-67);
adding, to a data structure, a respective entry for each SAA in the subset of SAAs (Col. 9, lines 20-24);
distributing the probabilistic data structure to at least one computing device (Col. 13, lines 61-67);
receiving, from the at least one computing device, a request to indicate whether a particular SAA has in fact been flagged (Col. 14, lines 28-39); wherein the request is generated by the at least one computing device in response to identifying, using the probabilistic data structure distributed to the at least one computing device, that an SAA has potentially been flagged (Col. 6-lines 51-58, request can be included in data package as an instruction, using bloom filter distributed to computer 169 of Fig. 5);
determining, by referencing the data structure, that the particular SAA has in fact been flagged (Col. 14, lines 28-39); and
providing, to the at least one computing device, a respective informational package that is based at least in part on the respective entry for the particular SAA, wherein the respective informational package is configured to be incorporated into a file system attribute associated with a software application that is stored on the at least one computing device, (Col. 10, lines 4-18, in response to detecting any other anomalous activity, the data analyzer component 165 transmits an instruction 190 to the configuration component 170 to generate and distribute a configuration update 180);
wherein the respective informational package causes the at least one computing device to, in association with launching the software application that utilizes the particular SAA, on the at least one computing device, display a warning (notification of attack) that is based at least in part on the respective informational package when the file system attribute is accessed as part of launching the software application (Col. 27, lines 2-12, Col. 11, lines 61-67).
As per claim 2, 9, 16, Chavez discloses the method of claim 1, wherein generating the probabilistic data structure based on the subset of SAAs comprises, for each SAA in the subset of SAAs: generating, using a plurality of hash functions, respective hash values for the SAA; and configuring the probabilistic data structure in accordance with the respective hash values (Col. 13, lines 62- 67, Col. 14, lines 1-9).
As per claim 3, 10, 17, Chavez discloses the method of claim 1, wherein, within the data structure, the respective entry for each SAA in the subset of SAAs includes: (1) a respective hash value for the SAA; and (2) the respective informational package, wherein the respective informational package includes: first information about why the SAA was flagged, and second information about remedial options, if any, available for mitigating ta cause of why the SAA was flagged (Col. 13, lines 62- 67, Col. 14, lines 1-9, Col. 15, lines 34-52).
As per claim 4, 11, 18, Chavez discloses the method of claim 3, wherein, for a given entry within the data structure: the first information is obtained using crowdsourcing, analytics services, machine learning models trained to identify of SAAs, or some combination thereof; and the second information is obtained by determining whether an updated version of the software application is available and does not utilize the particular SAA (abstract, Col. 2, lines 44-47, Col. 11, lines 1-7).
As per claim 5, 12, 19, Chavez discloses the method of claim 1, wherein the plurality of SAAs comprises: code directories, source code files, executable files, configuration files, library files, database files, resource files, markup and stylesheet files, script files, configuration files, documentation files, log files, temporary files, binary data files, license files, version control files, or some combination thereof (Col. 6, lines 62-67, Col. 7, lines 1-2).
As per claim 6, 13, 20, Chavez discloses the method of claim 2, further comprising: analyzing a plurality of supplemental SAAs to flag a supplemental subset of SAAs (Fig. 1, Col. 8, lines 49-63, identifying anomalies (which may presume malicious code execution or insider threat));
generating a supplemental probabilistic data structure based on the supplemental subset of SAAs (Col. 14, lines 10-27, bloom filter, Col. 13, lines 61-67);
generating an update package for updating the probabilistic data structure to reflect the supplemental probabilistic data structure (Col. 3, lines 34-46).
adding, to the data structure, a respective entry for each supplemental SAA in the supplemental subset of SAAs (Col. 9, lines 20-24); and
distributing the update package to the at least one computing device to cause the at least one computing device to update the probabilistic data structure to reflect the supplemental probabilistic data structure (Col. 13, lines 61-67).
As per claim 7, 14, Chavez discloses the method of claim 1, wherein the probabilistic data structure comprises a Bloom Filter, a Count-Min Sketch, a HyperLogLog, a Skip Bloom Filter, a Quotient Filter, a Cuckoo Filter, a Randomized Binary Search Tree, a MinHash, a Random Hyperplane Tree, or some combination thereof (bloom filter, Col. 13, lines 61-67);
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See form 892.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KAMINI B PATEL whose telephone number is (571)270-3902. The examiner can normally be reached on M-F 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashish Thomas can be reached on 571-272-0631. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KAMINI B PATEL/Primary Examiner, Art Unit 2114