DETAILED ACTION
This Office action is in response to a Continuation of application 17/824,427 (patent granted as US 12,164,632 B2, issued 12/10/2024) filed by Applicant on 10/30/2024.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement PTO-1449
The Information Disclosure Statement submitted by applicant on 10/30/2024 has been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.
Claim Rejections - 35 USC § 101
The present application, as claimed, satisfies the requirements for patent-eligible subject matter under 35 U.S.C. 101.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 6–7, 14–15, 20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 6–7, 14–15, and 20 recite, “the performing of the sample”, which lacks antecedent basis. Apart from lacking an initial instance of this term, there is no indication to what this term refers.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1–2, 7, 9–10, 15, 17–18, 20 rejected under 35 U.S.C. 102(a)(1) as being anticipated by Chiriac (US 2008/0040710 A1, published Feb. 14, 2008).
Regarding claims 1, 9, and 17, Chiriac discloses: a system, comprising: a processor configured to: receive a sample for inline malware packer detection analysis (files of a computer are inspected for indicators of malware, particularly looking for Microsoft Portable Executable type files, which are prone to be modified by malware packing. Chiriac ¶¶ 39–40.); perform a packer filter to determine whether the sample is packed (the file is inspected to determine if the file is packed/compressed/encrypted, which can be determined by entropy analysis for example. Chiriac ¶ 41.); compare the sample with known malware packer clusters to determine whether the sample is associated with a known malware packer (not only are the files inspected to determine if the files have been packed multiple times, which is a flag for malware, specific packers (such as Morphine, MoleBox, Mew) used by malware writers are detected. Chiriac ¶¶ 49–50. Also, common packers (such as UPX, Aspack) with slight modifications are detected. Chiriac ¶ 51.); and perform a responsive action based on the determination (in response to this analysis a determination is made as to whether or not the file is or should be treated as malware. Chiriac ¶ 56.); and a memory coupled to the processor and configured to provide the processor with instructions (Chiriac ¶ 7.).
Regarding claims 2, 10, and 18, Chiriac discloses the limitations of claims 1, 9, and 17, respectively, wherein the sample includes a Microsoft Windows PE file (files are a computer are inspected for indicators of malware, particularly looking for Microsoft Portable Executable type files, which are prone to be modified by malware packing. Chiriac ¶¶ 39–40.).
Regarding claims 7, 15, and 20, Chiriac discloses the limitations of claims 1, 9, and 17, respectively, wherein the performing of the sample includes to alert an endpoint user and/or a network/security administrator that the sample was determined to be associated with a known malware packer, quarantine an endpoint device associated with the sample, identifying a source IP address or uniform resource locator (URL) associated with the sample as malicious (or potentially malicious), or any combination thereof (in response to this analysis a determination is make as to whether or not the file is or should be treated as malware. Chiriac ¶ 56.).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 3, 6, 11, 14, 19 rejected under 35 U.S.C. 103 as being unpatentable over Chiriac in view of Marinescu (US 7,640,583 B1, issued Dec. 29, 2009).
Regarding claims 3, 11, and 19, Chiriac discloses the limitations of claims 1, 9, and 17, respectively. Chiriac does not disclose: wherein the performing of the responsive action includes to block access to the sample.
However, Marinescu does disclose: wherein the performing of the responsive action includes to block access to the sample (the anti-malware program prohibits the file from remaining on the computer and does not allow the file to execute. Marinescu 1:37–39.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the inspection of computer data for malware packed into files taught by Chiriac with remedying the detected malware by blocking the access to the sample based upon the teachings of Marinescu. The motivation being to isolate the malicious code from the system. Marinescu 1:37.
Regarding claims 6 and 14, Chiriac discloses the limitations of claims 1 and 9, respectively. Chiriac does not disclose: wherein the performing of the sample includes to block or drop the sample.
However, Marinescu does disclose: wherein the performing of the sample includes to block or drop the sample (the anti-malware program prohibits the file from remaining on the computer and does not allow the file to execute. Marinescu 1:37–39.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the inspection of computer data for malware packed into files taught by Chiriac with remedying the detected malware by blocking the access to the sample based upon the teachings of Marinescu. The motivation being to isolate the malicious code from the system. Marinescu 1:37.
Claim 4–5, 8, 12–13, 16 rejected under 35 U.S.C. 103 as being unpatentable over Chiriac in view of Abu (US 2022/0147628 A1, published May 12, 2022).
Regarding claims 4 and 12, Chiriac discloses the limitations of claims 1 and 9, respectively. Chiriac does not disclose: wherein the performing of the responsive action includes to store the sample.
However, Abu does disclose: wherein the performing of the responsive action includes to store the sample (PE file malware remedial action includes isolating, quarantining, confining, or restraining. Abu ¶ 132.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the inspection of computer data for malware packed into files taught by Chiriac with remedying the detected malware by storing the sample based upon the teachings of Abu. The motivation being to protect computer systems. Abu ¶ 3.
Regarding claim 5 and 13, Chiriac discloses the limitations of claims 1 and 9, respectively. Chiriac does not disclose: wherein the performing of the responsive action includes to log the sample.
However, Abu does disclose: wherein the performing of the responsive action includes to log the sample (PE file malware remedial action includes reporting. Abu ¶ 132.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the inspection of computer data for malware packed into files taught by Chiriac with remedying the detected malware by logging the sample based upon the teachings of Abu. The motivation being to protect computer systems. Abu ¶ 3.
Regarding claims 8 and 16, Chiriac discloses the limitations of claims 1 and 9, respectively. Chiriac does not disclose: wherein a security platform of a cloud service includes the system.
However, Abu does disclose: wherein a security platform of a cloud service includes the system (Abu ¶ 76.).
Therefore, it would have been prima facie obvious to one of ordinary skill in the art prior to the effective filing date of the claimed invention to modify the inspection of computer data for malware packed into files taught by Chiriac with the security platform being cloud based based upon the teachings of Abu. The motivation being to protect computer systems. Abu ¶ 3.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VANCE M LITTLE whose telephone number is (571) 270-0408. The examiner can normally be reached on Monday - Friday 9:30am - 5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571) 272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VANCE M LITTLE/Primary Examiner, Art Unit 2493