DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 18988279 filed on 01/21/2025. Claim 1 was currently cancelled via the preliminary amendments. Claims 2, 9, and 16 are independent claims. Claims 2-22 have been examined and are pending in this application. This Office Action is made Non-Final.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 9, and 16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 5, and 9 of U.S. Patent No. 12,216,759. They are not patentably distinct from each other because the claims of the instant application are anticipated by the reference claims.
Claims 1, 9, and 16 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1, 5, and 9 of U.S. Patent No. 12,216,759. Although the claims at issue are not identical, they are not patentably distinct from each other because Claims 1, 9, and 16 of the instant application are anticipated by claims 1, 5, and 9 of the US Patent No. 12,216,759, respectively (refer to the comparison table below for detail).
Instant Application 18/988,279
US patent No. 12,216,759
Claim 2. A method, comprising:
detecting, by a monitor engine comprising an execution environment,
an interaction of software content and a computing environment, the software content comprising software instructions;
loading at a least a portion of the software instructions into the execution environment, the execution environment having access to functionality for evaluating the software instructions;
evaluating, by the execution environment, the loaded software instructions to identify functions and associated memory addresses;
using the identified functions and associated memory addresses to further identify calls of interest in the loaded software instructions;
forwarding calls of interest to a behavioral engine for analysis, the analysis comprising classifying the calls of interest as behavioral signatures; and
based on the behavioral signatures, identifying the software content as malicious and performing remedial action.
Claim 1. A method, comprising:
monitoring, by a monitor engine including a secure execution environment,
interactions between software content and a computing environment, wherein the monitor engine executes in the computing environment and maintains a secure execution environment in a secure area of the computing environment such that the secure execution environment is inaccessible to any untrusted components or operations;
detecting, by the monitor engine, storing of instructions into memory of the computing environment based on an address of a memory access;
evaluating, by the monitor engine, instructions of the software content, wherein evaluating the instructions comprises evaluating the instructions to determine performance data associated with the software content using one or more profiling tools or models to evaluate at least one aspect of the instructions to determine the performance data;
identifying, by the monitor engine using the secure execution environment, calls of interest in the instructions by classifying the calls of interest based on the performance data and evaluating the calls of interest to generate behavioral signatures;
applying, by the monitor engine, behavioral signatures to determine that software content is malicious; and
based on the determined malicious software content, taking a remedial action including isolating the software content.
Claim 9. A system, comprising:
a processor; a non-transitory computer readable medium, comprising instructions for:
detecting, by a monitor engine comprising an execution environment, an interaction of software content and a computing environment, the software content comprising software instructions;
loading at a least a portion of the software instructions into the execution environment, the execution environment having access to functionality for evaluating the software instructions;
evaluating, by the execution environment, the loaded software instructions to identify functions and associated memory addresses;
using the identified functions and associated memory addresses to further identify calls of interest in the loaded software instructions;
forwarding calls of interest to a behavioral engine for analysis, the analysis comprising classifying the calls of interest as behavioral signatures; and
based on the behavioral signatures, identifying the software content as malicious and performing remedial action.
Claim 5. A system, comprising:
a processor; a memory coupled to the processor, the memory comprising computer executable instructions for:
monitoring, by a monitor engine including a secure execution environment, interactions between software content and a computing environment, wherein the monitor engine executes in the computing environment and maintains a secure execution environment in a secure area of the computing environment such that the secure execution environment is inaccessible to any untrusted components or operations;
detecting, by the monitor engine, storing of instructions into memory of the computing environment based on an address of a memory access;
evaluating, by the monitor engine, instructions of the software content, wherein evaluating the instructions comprises evaluating the instructions to determine performance data associated with the software content using one or more profiling tools or models to evaluate at least one aspect of the instructions to determine the performance data;
identifying, by the monitor engine using the secure execution environment, calls of interest in the instructions by classifying the calls of interest based on the performance data and evaluating the calls of interest to generate behavioral signatures;
applying, by the monitor engine, behavioral signatures to determine that software content is malicious; and
based on the determined malicious software content, taking a remedial action including isolating the software content.
Claim 16. A non-transitory computer readable medium, comprising instructions for:
detecting, by a monitor engine comprising an execution environment, an interaction of software content and a computing environment, the software content comprising software instructions;
loading at a least a portion of the software instructions into the execution environment, the execution environment having access to functionality for evaluating the software instructions;
evaluating, by the execution environment, the loaded software instructions to identify functions and associated memory addresses;
using the identified functions and associated memory addresses to further identify calls of interest in the loaded software instructions;
forwarding calls of interest to a behavioral engine for analysis, the analysis comprising classifying the calls of interest as behavioral signatures; and
based on the behavioral signatures, identifying the software content as malicious and performing remedial action.
Claim 9. A non-transitory computer readable medium, comprising instructions for:
monitoring, by a monitor engine including a secure execution environment, interactions between software content and a computing environment, wherein the monitor engine executes in the computing environment and maintains a secure execution environment in a secure area of the computing environment such that the secure execution environment is inaccessible to any untrusted components or operations;
detecting, by the monitor engine, storing of instructions into memory of the computing environment based on an address of a memory access; evaluating, by the monitor engine, instructions of the software content,
wherein evaluating the instructions comprises evaluating the instructions to determine performance data associated with the software content using one or more profiling tools or models to evaluate at least one aspect of the instructions to determine the performance data;
identifying, by the monitor engine using the secure execution environment, calls of interest in the instructions by classifying the calls of interest based on the performance data and evaluating the calls of interest to generate behavioral signatures;
applying, by the monitor engine, behavioral signatures to determine that software content is malicious; and
based on the determined malicious software content, taking a remedial action including isolating the software content.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 2-4, 6-7, 9-11, 13-14, 16-18, and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over SRIDHARA et al. (“SRIDHARA,” US 20150230108, published on 08/13/2015) in view of Colvin et al. (“Colvin,” US 20130042294, published on 02/14/2013).
Regarding claim 2;
SRIDHARA discloses a method, comprising:
detecting, by a monitor engine comprising an execution environment, an interaction of software content and a computing environment, the software content comprising software instructions (par 0020; monitor key assets of the mobile device at a low level and report suspicious activities to a comprehensive behavioral monitoring and analysis system; par 0021; key assets include [] instruction queues that are associated with a feature, application; par 0030; the hardware debug module include any of a variety of hardware and software technologies that enable real-time collection of information relating to instruction execution; par 0035; for example, the hardware debug module using a key asset of the mobile device until the analyzer module determines that the software application is benign; par 0039; the hardware debug module include an application programming interface that is suitable for sending and receiving input/output instructions and information to and from [] secured or trusted execution environment (e.g., ARM TrustZone.RTM., etc.) of the mobile device, proprietary hardware modules, etc.);
loading the software instructions into the execution environment, the execution environment having access to functionality for evaluating the software instructions (par 0031; the hardware debug module configured to capture instruction flows, instruction sequences; par 0035; the hardware debug module [] using a key asset of the mobile device until the analyzer module determines that the software application is benign; par 0039; the hardware debug module include an application programming interface that is suitable for sending and receiving input/output instructions and information to and from [] secured or trusted execution environment);
evaluating, by the execution environment, the loaded software instructions to identify functions and associated memory addresses (par 0103; a secure computing environment or trusted execution environment, which allows the mobile device to provide a secure and efficient system for identifying and correcting problematic mobile device behaviors; par 0021; monitor the access or use of key assets by monitoring data flows [] key assets may include memory locations, ranges of memory addresses; par 0031; the hardware debug module configured to use this information to perform profiling, debugging, or tracing operations [] generated trace data, behavior vectors and the results of its monitoring, detection or analysis operations in a system memory; par 0034; determine whether the software application is authorized to read information from that section of the memory);
using the identified functions and associated memory addresses to further identify calls of interest in the loaded software instructions (par 0021; monitor the access or use of key assets by monitoring data flows [] key assets may include memory locations, ranges of memory addresses; par 0031; the hardware debug module configured to use this information to perform profiling, debugging, or tracing operations [] generated trace data, behavior vectors and the results of its monitoring, detection or analysis operations in a system memory; par 0075; generating a light-weight behavior signature based on the identified pattern of API calls and the identified mobile device resources, using the light-weight behavior signature to perform behavior analysis operations, and determining whether the software application is malicious or benign based on the behavior analysis operations);
forwarding calls of interest to a behavioral engine for analysis, the analysis comprising classifying the calls of interest as behavioral signatures (par 0053; send (e.g., function calls, etc.) the generated observations to the behavior analyzer module; par 0075; generating a light-weight behavior signature based on the identified pattern of API calls and the identified mobile device resources, using the light-weight behavior signature to perform behavior analysis operations, and determining whether the software application is malicious or benign based on the behavior analysis operations); and
based on the behavioral signatures, identifying the software content as malicious and performing remedial action (par 0075; generating a light-weight behavior signature based on the identified pattern of API calls and the identified mobile device resources, using the light-weight behavior signature to perform behavior analysis operations; par 0035; monitor an instruction queue to identify instruction sequences or instruction execution patterns that are associated with the monitored features, compare identified sequences/patterns to known patterns of malicious activities, and determine whether an identified sequence/pattern is associated with a malicious activity based on the results of the comparison. The hardware debug module then delete, terminate, purge, stop, or freeze sequences or patterns that are associated with a malicious activity. For example, the hardware debug module may stop or prevent a software application from accessing).
SRIDHARA discloses loading the software instructions into the execution environment as recited above, but do not explicitly disclose loading at a least a portion of the software instructions
However, in an analogous art, Colvin discloses identifying application system/method that includes:
loading at a least a portion of the software instructions (Colvin: par 0066; download a part or all of the computer readable instructions for execution. Alternatively, the computing device download pieces of the computer readable instructions, as needed, or some instructions executed at the computing device).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Colvin with the method/system of SRIDHARA to include loading at a least a portion of the software instructions. One would have been motivated to identify malware based on the reputations of remote resources accessed by an application. Remote resource accesses reported to a reputation service, which identify reputations of remote resources, and application reputations of applications that utilize such remote resources (Colvin: abstract).
Regarding claim 3;
The combination of SRIDHARA and Colvin disclose the method of claim 2,
SRIDHARA discloses wherein the execution environment comprises a trusted execution environment residing in a secure area of one or more processing components (SRIDHARA: par 0013; logical components and information flows in an aspect mobile device equipped with a secure computing environment having multiple privilege/protection domains that may be configured to monitor privileged or secured assets to securely determine whether a particular mobile device behavior, software application, or process is malicious, performance-degrading, suspicious, or benign; par 0039; the hardware debug module may include an application programming interface that is suitable for sending and receiving input/output instructions and information to and from the comprehensive behavioral monitoring and analysis system, third party applications, third party security enabling libraries, components in a protected, secured or trusted execution environment of the mobile device, proprietary hardware modules, etc.).
Regarding claim 4;
The combination of SRIDHARA and Colvin disclose the method of claim 2,
SRIDHARA discloses wherein the software content comprises programs, applications, services, code segments, or executable files (SRIDHARA: par 0028; hardware component configured to monitor key assets of a mobile computing device at a low level (e.g., at the kernel, firmware, hardware, or machine levels) to identify a suspicious or malicious activities [] software applications).
Regarding claim 6;
The combination of SRIDHARA and Colvin disclose the method of claim 2,
SRIDHARA discloses wherein the behavioral engine comprises a model for analyzing calls of interest, the model comprising at least one of: a rule-based model, a machine learning regressor model, a machine learning classifier model, or a neural network (SRIDHARA: par 0081; a classifier model may be generated by using machine learning and other similar techniques. Each classifier model may be categorized as a full classifier model or a lean classifier model; par 0075; generating a light-weight behavior signature based on the identified pattern of API calls and the identified mobile device resources, using the light-weight behavior signature to perform behavior analysis operations, and determining whether the software application is malicious or benign based on the behavior analysis operations).
Regarding claim 7;
The combination of SRIDHARA and Colvin disclose the method of claim 2,
SRIDHARA discloses wherein the behavioral engine classifies behavioral signatures as known malicious content, wherein based on the classification, the performed remedial action comprises at least one of: pausing or terminating the software content, restricting assess by the software content to the computing environment, or limiting the functionality of the software content (SRIDHARA: par 0075; generating a light-weight behavior signature based on the identified pattern of API calls and the identified mobile device resources, using the light-weight behavior signature to perform behavior analysis operations; par 0035; monitor an instruction queue to identify instruction sequences or instruction execution patterns that are associated with the monitored features, compare identified sequences/patterns to known patterns of malicious activities, and determine whether an identified sequence/pattern is associated with a malicious activity based on the results of the comparison. The hardware debug module then delete, terminate, purge, stop, or freeze sequences or patterns that are associated with a malicious activity. For example, the hardware debug module may stop or prevent a software application from accessing).
Regarding Claim 9;
This Claim recites a system that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.
Regarding Claim 10;
This Claim recites a system that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.
Regarding Claim 11;
This Claim recites a system that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.
Regarding Claim 13;
This Claim recites a system that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.
Regarding Claim 14;
This Claim recites a system that perform the same steps as method of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.
Regarding Claim 16;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.
Regarding Claim 17;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.
Regarding Claim 18;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.
Regarding Claim 20;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.
Regarding Claim 21;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.
Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over SRIDHARA et al. (US 20150230108) in view of Colvin et al. (US 20130042294) and further in view of Carson et al. (“Carson,” US 20170032118, published on 02/02/2017).
Regarding claim 5;
The combination of SRIDHARA and Colvin disclose the method of claim 2,
SRIDHARA discloses wherein the functionality for evaluating the software instructions comprises utilities for performing at least one of: executing, debugging, instrumenting, or profiling the software instructions (SRIDHARA: par 0031; the hardware debug module configured to use this information to perform profiling, debugging, or tracing operations to generate debug or trace data), wherein evaluating, by the execution environment, the loaded software instructions to identify functions and associated memory addresses comprises: parsing the loaded software instructions (SRIDHARA: par 0103; a secure computing environment or trusted execution environment, which allows the mobile device to provide a secure and efficient system for identifying and correcting problematic mobile device behaviors; par 0021; monitor the access or use of key assets by monitoring data flows [] key assets may include memory locations, ranges of memory addresses; par 0031; the hardware debug module configured to use this information to perform profiling, debugging, or tracing operations [] generated trace data, behavior vectors and the results of its monitoring, detection or analysis operations in a system memory; par 0034; determine whether the software application is authorized to read information from that section of the memory); generating, by the utilities, execution paths and entry point addresses for the loaded software instructions (SRIDHARA: par 0031; the hardware debug module configured to use this information to perform profiling, debugging, or tracing operations to generate debug or trace data. Such trace data include hardware block trace data, processor trace data, software trace data, memory trace data, program flow trace data, data flow trace data, bus signaling trace data, USB trace data, etc. The hardware debug module may store the generated trace data, behavior vectors and the results of its monitoring, detection or analysis operations in a system memory); and wherein using the identified functions and associated memory addresses to further identify calls of interest in the loaded software instructions comprises (par 0021; monitor the access or use of key assets by monitoring data flows [] key assets may include memory locations, ranges of memory addresses; par 0053; send (e.g., function calls, etc.) the generated observations to the behavior analyzer module; par 0075; generating a light-weight behavior signature based on the identified pattern of API calls and the identified mobile device resources, using the light-weight behavior signature to perform behavior analysis operations, and determining whether the software application is malicious or benign based on the behavior analysis operations): comparing execution paths and entry point addresses to identify the calls of interest (par 0005; determining whether an identified instruction sequence is associated with a malicious activity by comparing the identified instruction sequence to known patterns of malicious activities, and removing the identified instruction sequence from the instruction queue in response to determining that the identified instruction sequence is associated with the malicious activity).
The combination of SRIDHARA and Colvin disclose execution paths as recited above, but do not explicitly disclose entry point addresses.
However, in an analogous art, Carson discloses protecting data system/method that includes:
entry point addresses (Carson: par 0075; the virtual memory validator compare a signature of the executable module against the path entry of the executable module on the memory range map; par 0076; The executable load indicator established as a callback mechanism to keep track of one or more function calls of the one or more threads and/or malware allocation of the process. The virtual memory validator establish the callback mechanism (e.g., by hooking an existing function in the process) such that the virtual memory validator notified of any executable or DLL being loaded in the process).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Carson with the method/system of SRIDHARA and Colvin to include entry point addresses. One would have been motivated to monitor an execution stack of an executing thread of a process. The virtual memory validator may identify a memory address referenced in the execution stack, responsive to the process attempting to access a protected resource (Carson: abstract).
Regarding Claim 12;
This Claim recites a system that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.
Regarding Claim 19;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.
Claims 8, 15, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over SRIDHARA et al. (US 20150230108) in view of Colvin et al. (US 20130042294) and further in view of LEE et al. (“LEE,” KR 101731838 B1, published on 05/04/2017).
Regarding claim 8;
The combination of SRIDHARA and Colvin disclose the method of claim 7,
SRIDHARA discloses wherein the malicious content comprises injection of malicious software instructions (SRIDHARA: par 0028; hardware component configured to monitor key assets of a mobile computing device at a low level (e.g., at the kernel, firmware, hardware, or machine levels) to identify a suspicious or malicious activities [] software applications).
The combination of SRIDHARA and Colvin disclose the malicious content as recited above, but do not explicitly disclose the malicious content comprises injection of malicious software instructions.
However, in an analogous art, LEE discloses scanning vulnerability system/method that includes:
the malicious content comprises injection of malicious software instructions (LEE: page 2, par 6; SQL Injection is a form of malicious instruction injection attack, which means an attack technique that takes unauthorized SQL commands through a Web site user authentication window or a URL direct input window and obtains unauthorized information by modifying SQL queries).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of LEE with the method/system of SRIDHARA and Colvin to include the malicious content comprises injection of malicious software instructions. One would have been motivated to scanning a vulnerability of a web site based on Java Script detect and represent a vulnerability of a web site to be scanned when a URL of the web site that a user wants to scan the vulnerability (LEE: abstract).
Regarding Claim 15;
This Claim recites a system that perform the same steps as method of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.
Regarding Claim 22;
This Claim recites a non-transitory computer readable medium that perform the same steps as method of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/C.W./Examiner, Art Unit 2439
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439