DETAILED ACTION
This Final Office Action is in response to amendment filed on 01/11/2021.
Claims 1, 3-4, 10, 12-13, 19, 21 have been amended. Claim 8 was previously cancelled. Claim 20 has been cancelled. Claim 22 has been newly added. Claims 1-7, 9-19 and 21-22 remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 10/25/2017 are accepted.

Response to Amendment 
Applicant’s amendments to the claims has overcome the objection previously set forth in the Non-Final Office Action mailed on 09/10/2020.

Response to Arguments 
Applicant's arguments filed 01/11/2021 have been fully considered but they are not persuasive.
Applicant stated “The main reference is Homyack. While Homyack does discuss "tracking" in multiple locations, a careful reading of Homyack that tracking is really only applicable to the "exfiltration blocking" part of Homyack, and this technique simply drops No tracking is used for (1) data shadowing. Instead, when data that is to be data shadowed is requested, that data is replaced:...In the (1) data shadowing technique of Homyack, no tracking is used or necessary. Instead, any tracking that is performed in Homyack appears to be related to the (2) exfiltration blocking technique, that technique simply blocks release of that information…there is no need in Homyack for security context to be tracked for confidential or untrusted values input from sources in an executing application to sinks in the executing application, and to apply a declassifier method (based on the security context) used to obfuscate the confidential or untrusted value. In fact, Hornyack teaches away from this type of system, as no declassifiers are necessary in the (2) exfiltration blocking technique, and no tracking is performed in the (1) data shadowing technique.” 
Examiner respectfully disagrees. Examiner asserts that the combination of Pistoia-Homyack-Fink discloses all the limitations of the independent claims. Pistoia explicitly discloses in e.g. [0006, 0009, 0019, 0021] tracking confidential data from source to sink. Hornyack discloses the concept of tracking, by teaching a system where various types of confidential data are being shadowed whenever the confidential data is being requested, the system of Hornyack is fetched and replaced by obscured/fake data before releasing the data to the sink. Examiner asserts that the concept of tracking data lends itself to many interpretations, for example, it can be interpreted, as described by the “data shadowing” of Homyack, as the ability for the system to monitor the type of confidential/security data whenever it is being requested by an application, where the defined a priori. Therefore, Pistoia-Homyack combination teaches the aforementioned argued limitation.
Applicant further stated “The Examiner further stated in the interview that Fink was being used for alleged disclosure of obfuscation… In particular, the part about "With our modifications, TaintDroid is able to detect sensitive data even when it has been obfuscated[ ... ]" indicates that obfuscation is immaterial. This makes sense, because tracking is applicable in Homyack only to the (2) exfiltration blocking technique, and this technique simply drops data, even if that data has been obfuscated. There is no need to obfuscate data in Homyack, as the data is simply dropped. Furthermore, this implies that even obfuscated data in Hornyack is immaterial, as the (2) exfiltration blocking technique will drop this anyway. There is no effort in Hornyack to apply obfuscation in the (2) exfiltration blocking technique, and in fact, obfuscation is ignored. This teaches away from obfuscating data as in Fink. The (1) data shadowing technique of Homyack does not perform any tracking. For at least these reasons, it is respectfully submitted that Homyack and the combination of Homyack, Pistoia, and Fink do not teach all elements of the independent claims and should not be combined in the manner suggested by the Examiner.”
Examiner respectfully disagrees. examiner notes that the concept of tracking confidential data is described by the data shadowing technique of Homyack as described above, where data is tracked whenever requests is made to determine that various types of confidential data, e.g. location, phone number, are not released, and ensuing that the confidential data is obscured prior to releasing. Homyack’s concept of obscuring the tracked confidential data is by substituting the data with “fake” data as oppose to “obfuscation”. Fink explicitly discloses in [0018, 0022, 0027, 0051-0052] tracking of data in a source-sink pair where the confidential information/data is obfuscated prior to release to sink.
Applicant further stated “Pistoia, however, does not select or apply a declassifier in order to obfuscate the value prior to outputting the value to the sink, nor does Pistoia track security context from source to sink. Instead, the sinks are instrumented and the arguments to the sinks and corresponding thread IDs are recorded. The source statements were also instrumented and the arguments to the sources and corresponding thread IDs are recorded. If the thread IDs are the same, then values for the sink and source are compared.”
Examiner respectfully disagrees. Examiner asserts that Pistoia explicitly discloses in e.g. [0006, 0009, 0019, 0021] the tracking of confidential data between source and sink. Pistoia does not disclose obfuscating the released data, however, Fink discloses in [0018, 0022, 0027, 0051-0052] obfuscating the tracked confidential data as discussed above.
Applicant further stated “Homyack, however, has no need to track anything. See the arguments above. Additionally, this is because there are only a very few elements that are modified, such as the device location or the IMEI number. This is simplistic, as modem programs can have many such items and tracking security context as in the current claims allows these many items to be tracked and obfuscated. This allows a programmer to define what is to be tracked and its corresponding security context (including declassifier method), and then the computer system will perform the actual This does not happen in Hornyack, which instead just uses its own implemented methods. See, e.g., the IMEI example above or the following examples (see section 3.1 of Hornyack):… This means a programmer has no control over what is done.”
Examiner respectfully disagrees. Examiner asserts that Homyack discloses the concept of tracking as claimed, please see response above. While Homyack describes applying the concept on a few elements, e.g. device location or the IMEI number, etc., however, the concept of tracking is still applied to the above items. Fink discloses in [0018, 0022, and 0027, 0051-0052] obfuscating the tracked confidential data. The concept where “a programmer has no control over what is done” is not clearly defined in the claimed invention.
Applicant further stated “Regarding Fink, what this does determine whether an obfuscator will reveal information that is properly obfuscated. See, e.g., FIG. 7. Regardless, Fink does not actually track security context from a source to a sink. Instead, Fink uses a "rule corresponding to the source-sink pair" when a sink is reached to determine the "downgrading routine corresponding to the source-sink pair". See, e.g., paragraph 42 and block 4F of Fink. In other Fink operates mainly in the "past tense": Has a sink been run and if so, is the output properly obfuscated? That is, Fink does not select or apply a "downgrading routine" to a value to obfuscate that value prior to outputting the obfuscated value to the sink. Instead, the "downgrading routine" has already been performed and Fink analyzes the output of the routine. Neither Pistoia nor Fink track or use security context in the manner of the independent claims and because Homyack does not track or use security context in the manner of the independent claims, this means all §103 rejections should be withdrawn.”
Examiner respectfully disagrees. Examiner asserts that Pistoia explicitly discloses in [0006, 0009, 0019, 0021] tracking of confidential data, Homyack disclose the concept of tracking as discussed above, and Fink explicitly discloses in [0003, 0027] tracking data from source to sink. Fink further explicitly discloses [0018] "downgrading" is called "declassification", and consists of verifying that the data being released does not expose secret information to unauthorized users. This can be done through declassification functions, which can either reject the data being released if it exposes secret information, or actually modify the data and make it safe to be exposed to those users”, [0051] “For example, given the salaries of N individuals (all of which are confidential), a form of obfuscation that maintains anonymity consists of revealing only the average of those salaries: A=(S1+S2+ . . . +SN)/N. Of course, if N=1, then A=S1, and revealing A would also reveal S1, and so the obfuscator must include checks that verify that N>1. Even N=2 could be a problem because the person whose salary is S1, once A is revealed, would know S2 (and the person whose salary is S2 would know S1”. Examiner asserts that the above emphasized excerpt discloses that Fink does not only operate in the “past tense”, Fink obfuscates the confidential data that is being revealed and making it safe to be exposed to users.
Applicant further stated “To further distinguish over the cited references and bring out the tracking aspect, dependent claim 22 has been added. These amendments are supported at least by FIG. 4B and corresponding text. No new matter is added.”

	
Examiner’s Note Regarding “computer readable storage medium”
The “computer readable storage medium” recited in claim 19 is not to be construed as a transitory signal/wave as supported in the instant application [0061] “A computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.”. [0061] recites the computer readable storage medium as tangible storage device that “retain and store instructions for use by an instruction execution device”.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 6-7, 10-11, 15-17, 19 and 21-22 are rejected under 35 U.S.C. 103 as being unpatentable over Pistoia et. al. (US 20150161393 A1), hereinafter Pistoia in view of Hornyack et. al. (IDS) “These aren't the droids you're looking for: retrofitting android to protect data from imperious applications”, October 2011 CCS '11: Proceedings of the .
	
	
Regarding claims 1, 10 and 19 (Currently Amended), Pistoia teaches A method, A computer system and A computer program product (Pistoia [0013] and Figure 3 discloses system comprising memory, processor and computer program instructions), comprising:
tracking, by a computer system, security context for confidential or untrusted values input from sources in an executing application to sinks in the executing application (Pistoia [0006, 0009] “The standard approach to detection of information leakage problems is to track whether there is data flow from a source statement reading confidential information to a sink statement releasing this information to the outside environment… If there is source-to-sink data flow of sensitive information, then a leakage vulnerability is reported.”, [0019] “Techniques for dealing with this limitation of standard data-flow analysis either build complex probabilistic mathematical models of or track flow of information at the bit level, thereby enabling a quantitative measure of information release.”, [0021] “…detecting vulnerable instances of information leakage at runtime, during dynamic execution of the target program. This entails using a runtime tracking method that is both efficient and accurate”, security context and their values associated with the confidential information and their values, e.g. IMEI), 
wherein the security context comprises at least indications of sources [and declassifier methods corresponding to confidential or untrusted the values and has ] (Pistoia [0043] Figures 2-3 security context comprises pair of source 110 and sink 120 illustrated in Figures 2 and 3, [0036-0038] and Figure 2 (245-250) discloses determining for confidential data leakage instance, e.g. IMEI and its recorded values at the source and sink, where the security context is interpreted to comprise the source-sink pair and leakage specification as further disclosed in [0045] and illustrated in Figure 3 (376, 385, 388) determining leakage and checking values similarity between source and sink e.g. IMEI, [0036] discloses checking similarity between “concrete values exhibited at source and sink statements… The concrete values are the recorded read value stored in block 265 and the recorded argument value stored in block 235”);
While Pistoia discloses in [0006, 0009, 0018-0021, 0043-0045, Figures 2-3] the aforementioned limitations, namely, the tracking of source and sink, where confidential data are being analyzed and determine private data leakage accordingly, Pistoia further discloses in [0018] “…the functionality of many applications requires that values computed based on confidential data become available to the external world, but these values often result from applying a reduction operation of some form to the sensitive data. For instance, the number of contacts in a person's contact list may be released but none of the identities of the contacts may be released.”, however, 
Pistoia does not disclose the remaining limitations including the fetching and obfuscation or obscuring of data before release.
Hornyack from analogues field of invention teaches declassifier methods corresponding to the confidential or untrusted values and has been previously defined (Hornyack discloses in Page 643 “3.1 Data shadowing” (method of shadowing/obscuring confidential/private data according to the data values format), i.e. declassifier methods, for example location and phone state are obscured according to their values format, where the system defines/recognizes a priori the method of declassify, deepening on the type of confidential values,  e.g. if it is a phone number, then a phone number will be obscured, if it is a location, then a coordinate will be obscured, as disclosed in Page 639, 643 “3.1 Data shadowing”),
fetching, by the computer system and prior to release of a selected confidential or untrusted value by a sink in the executing application, security context for the selected confidential or untrusted value; causing by the computer system a selected declassifier method to be used on the selected confidential or untrusted value prior to release of the selected confidential or untrusted value to the sink (Hornyack Page 639, 643 “3.1 Data shadowing” discloses the confidential/private data being recognized/fetched/identified and a shadowing/obscuring method to be applied to the private data prior to its release, e.g. device location, phone state, where the shadowing match the data format, where matching format for shadowing the private data is based on the declassifier method whether it is e.g. coordinates, phone state or device ID, release occurs after shadowing/obscuring), 
wherein the selected declassifier method [obfuscated]-obscured- the selected confidential or untrusted value and is selected based on the security context for the selected confidential or untrusted value (Hornyack Page 639, 643 “3.1 Data shadowing” disclose that the shadowing/obscuring method (i.e. declassifier method) to be applied to the private data based on the type of the security context of the private data value, e.g. if the private data is the device location, the location is shadowed/obscured with a coordinate 37.421265, -122.084026, if it is a device’s phone is shadowed/obscured with (1 650 623 4000)); and
causing by the computer system the [obfuscated] -obscured- confidential or untrusted value to be released to the sink in the executing application (Hornyack Page 639, 643 “3.1 Data shadowing” discloses the Data shadowing/obscuring where its returned in response to the request e.g. “When applications request the device's location, we return the coordinates 37.421265, -122.084026…”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Hornyack to incorporate the aforementioned limitations and utilize shadowing/obscuring confidential data based according to their format, with the motivation of “prevent[ing] applications from accessing sensitive information that is not required to provide user-desired functionality”, as recognized by (Hornyack Page 643 “3.1 Data shadowing”).
While Pistoia-Hornyack discloses the aforementioned limitations, where Hornyack discloses that the released confidential information is to be “shadowed”, where shadowing releases a substitute/obscured, i.e. fake, confidential information such that the receiver will not have access to the confidential information, however, 
Pistoia-Hornyack does not explicitly disclose the concept of obfuscating the revealed/released confidential data.
(Fink discloses a downgraders/declassifiers which modify the secret/confidential information before releasing the confidential information, “When performed for confidentiality, [0018] "downgrading" is called "declassification", and consists of verifying that the data being released does not expose secret information to unauthorized users. This can be done through declassification functions, which can either reject the data being released if it exposes secret information, or actually modify the data and make it safe to be exposed to those users”, [0022] “confidentiality downgraders (declassifiers) and anonymity downgraders (obfuscators)”, Fink further discloses obfuscator that masks the confidential information before revealing/releasing the confidential information, [0051] “For example, given the salaries of N individuals (all of which are confidential), a form of obfuscation that maintains anonymity consists of revealing only the average of those salaries: A=(S1+S2+ . . . +SN)/N. Of course, if N=1, then A=S1, and revealing A would also reveal S1, and so the obfuscator must include checks that verify that N>1. Even N=2 could be a problem because the person whose salary is S1, once A is revealed, would know S2 (and the person whose salary is S2 would know S1”, [0052] “An exemplary analysis, being path sensitive, can detect that obfuscators are revealing information that is properly obfuscated (and so information is revealed only under certain conditions, e.g., N>2 in the example above) (block 7A).”).
safe to be exposed to those users”, where obfuscation is used in anonymity, and masking the identity or one information in a set of multiple identities or information, such as aggregation, which is a form of obfuscation, to maintain anonymity, as recognized by (Fink [0018, 0051]).

Regarding claims 2 and 11 (original), Pistoia-Hornyack-Fink teaches The method and computer system of claims 1 and 10, respectively, wherein the computer system is a wireless, mobile device (Pistoia disclose in [0003] the threat analysis of mobile applications leaking secret/confidential data.).

Regarding claims 6 and 15 (original), Pistoia-Hornyack-Fink teaches The method and computer system of claims 1 and 10, respectively, wherein the security context comprises indications of unique application programming interface methods as the sources, fields as the sources, or both unique application programming interface methods and fields as the sources (Pistoia [0043] Figures 2-3 security context comprises pair of source 110 and sink 120 illustrated in Figures 2 and 3, [0036-0038] and Figure 2 (245-250) discloses determining for confidential data leakage instance, e.g. IMEI and its recorded values at the source and sink, where the security context is interpreted to comprise the source-sink pair and leakage specification as further disclosed in [0045] and illustrated in Figure 3 (376, 385, 388) determining leakage and checking values similarity between source and sink e.g. IMEI, [0036] discloses checking similarity between “concrete values exhibited at source and sink statements… The concrete values are the recorded read value stored in block 265 and the recorded argument value stored in block 235”, Figure 3 (311) illustrates fields for sources 1-N, where the read values are recorded from sources statements and similarities are determined as disclosed in [0036]).

Regarding claims 7 and 16 (original), Pistoia-Hornyack-Fink teaches The method and computer system of claims 1 and 10, respectively, wherein the selected declassifier method repairs one of confidentiality or integrity of the selected value prior to release of the selected value (Hornyack Page 643 “3.1 Data shadowing” discloses the confidential/private data being recognized/fetched/identified and a shadowing/obscuring method to be applied to the private data prior to its release, e.g. device location, phone state, where the shadowing match the data format, where matching format for shadowing the private data is based on the declassifier method whether it is e.g. coordinates, phone state or device ID, release occurs after shadowing/obscuring).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Hornyack to incorporate the aforementioned limitations and utilize shadowing/obscuring confidential data based according to their format, with the motivation of “prevent[ing] applications from accessing sensitive information that is not 

Regarding claims 8 (cancelled) and 17 (original), Pistoia-Hornyack teaches The computer system of claim 10, respectively, wherein the application is instrumented to allow for the tracking of the security context for the confidential or untrusted values (Pistoia [0006, 0009] “The standard approach to detection of information leakage problems is to track whether there is data flow from a source statement reading confidential information to a sink statement releasing this information to the outside environment… If there is source-to-sink data flow of sensitive information, then a leakage vulnerability is reported.”, [0019] “Techniques for dealing with this limitation of standard data-flow analysis either build complex probabilistic mathematical models of or track flow of information at the bit level, thereby enabling a quantitative measure of information release.”, [0021] “…detecting vulnerable instances of information leakage at runtime, during dynamic execution of the target program. This entails using a runtime tracking method that is both efficient and accurate”, security context and their values associated with the confidential information and their values, e.g. IMEI).

Regarding claim 21 (currently amended), Pistoia-Hornyack-Fink The method of claim 1, 
Pistoia-Hornyack does not disclose the obfuscation by modifying the confidential information to a different value.
from a first value that is known to be valid for the sink and in a format known to be used by the sink to a different value that is known to be valid for the sink and in a format known to be used by the sink  (Fink discloses a downgraders/declassifiers which modify the secret/confidential information before releasing the confidential information, “When performed for confidentiality, [0018] "downgrading" is called "declassification", and consists of verifying that the data being released does not expose secret information to unauthorized users. This can be done through declassification functions, which can either reject the data being released if it exposes secret information, or actually modify the data and make it safe to be exposed to those users”, [0022] “confidentiality downgraders (declassifiers) and anonymity downgraders (obfuscators)”, Fink further discloses obfuscator that masks the confidential information before revealing/releasing the confidential information, [0051] “For example, given the salaries of N individuals (all of which are confidential), a form of obfuscation that maintains anonymity consists of revealing only the average of those salaries: A=(S1+S2+ . . . +SN)/N. Of course, if N=1, then A=S1, and revealing A would also reveal S1, and so the obfuscator must include checks that verify that N>1. Even N=2 could be a problem because the person whose salary is S1, once A is revealed, would know S2 (and the person whose salary is S2 would know S1”, [0052] “An exemplary analysis, being path sensitive, can detect that obfuscators are revealing information that is properly obfuscated (and so information is revealed only under certain conditions, e.g., N>2 in the example above) (block 7A).”, Fink discloses modifying the data value from a value of known to be valid and of known format for the sink to a different value known to be valid and of known format for the sink, e.g. Fink teaches modifying the value of “salary” which is expected to be released to the sink, i.e. of valid and known format, to an “average salary”, i.e. of valid and known format).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia-Hornyack to incorporate the teaching of Fink to obfuscate secret/confidential data before releasing the data, with the motivation of ensuring that the sensitive data is not exposed to unauthorized users, i.e. “modify the data and make it safe to be exposed to those users”, where obfuscation is used in anonymity, and masking the identity or one information in a set of multiple identities or information, such as aggregation, which is a form of obfuscation, to maintain anonymity, as recognized by (Fink [0018, 0051]).

Regarding claim 22. (New) Pistoia-Hornyack-Fink The method of claim 1, 
Pistoia does not explicitly disclose the below limitations.
Hornyack discloses prior to the fetching…performing the following in response to a determination to fetch the security context: the fetching the security context, the causing the selected declassifier method to be used on the selected confidential or untrusted value prior to release of the selected confidential or untrusted value to the sink, and the causing the [obfuscated] -obscured-  confidential or untrusted value to be released to the sink in the executing application (Hornyack Page 639, 643 “3.1 Data shadowing” discloses that the system determines confidential/private data being recognized/fetched/identified and a shadowing/obscuring method to be applied to the private data prior to its release, e.g. device location, phone state, where the shadowing match the data format, where matching format for shadowing the private data is based on the declassifier method whether it is e.g. coordinates, phone state or device ID, release occurs after shadowing/obscuring, Page 639, 643 “3.1 Data shadowing” disclose that the shadowing/obscuring method (i.e. declassifier method) to be applied to the private data based on the type of the security context of the private data value, e.g. if the private data is the device location, the location is shadowed/obscured with a coordinate 37.421265, -122.084026, if it is a device’s phone is shadowed/obscured with (1 650 623 4000), where the fetching is required in order to replace the data).
Pistoia-Hornyack does not disclose the remaining limitations.
Fink discloses obfuscating the confidential data prior to releasing the confidential data from sink (Fink discloses a downgraders/declassifiers which modify the secret/confidential information before releasing the confidential information, “When performed for confidentiality, [0018] "downgrading" is called "declassification", and consists of verifying that the data being released does not expose secret information to unauthorized users. This can be done through declassification functions, which can either reject the data being released if it exposes secret information, or actually modify the data and make it safe to be exposed to those users”, [0022] “confidentiality downgraders (declassifiers) and anonymity downgraders (obfuscators)”, Fink further discloses obfuscator that masks the confidential information before revealing/releasing the confidential information, [0051] “For example, given the salaries of N individuals (all of which are confidential), a form of obfuscation that maintains anonymity consists of revealing only the average of those salaries: A=(S1+S2+ . . . +SN)/N. Of course, if N=1, then A=S1, and revealing A would also reveal S1, and so the obfuscator must include checks that verify that N>1. Even N=2 could be a problem because the person whose salary is S1, once A is revealed, would know S2 (and the person whose salary is S2 would know S1”, [0052] “An exemplary analysis, being path sensitive, can detect that obfuscators are revealing information that is properly obfuscated (and so information is revealed only under certain conditions, e.g., N>2 in the example above) (block 7A).”),
Fink further discloses wherein: prior to the fetching, 
determining by the computer system whether to release a selected confidential or untrusted value to a sink in the executing application or to fetch security context for the selected confidential or untrusted value (Fink discloses [0044] discloses a “downgrader”, which modifies or validates the input that reaches the sink, where validating the input that reaches sink, “A downgrader validates or modifies an input. A downgrader of the latter type typically examines the content of a string and replaces/removes substrings not suitable for a corresponding sink. With regard to those downgraders that perform validation, a validation routine does not modify its input. Instead, this routine has a Boolean return value, which indicates whether the input's format conforms to the constraints imposed by the sink.”, where the downgrader that modifies/replaces the data string suitable for the sink can be in the form of “obfuscator” performing obfuscation as disclosed in e.g. [0022, 0051], where Fink discloses the releasing to the sink, when it is determined that the input data is conforming to the constraints imposed by the sink, and fetch and modify/obfuscate the data when it is determined that it is not suitable for the sink); 
releasing the selected confidential or untrusted value to the sink in response to a determination to release the selected confidential or untrusted value (Fink discloses in [0044] not modifying the input data when it conforms to the constraints imposed by the sink, where the input is released to the sink);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia-Hornyack to incorporate the teaching of Fink to obfuscate secret/confidential data before releasing the data, with the motivation of ensuring that the sensitive data is not exposed to unauthorized users, i.e. “modify the data and make it safe to be exposed to those users”, where obfuscation is used in anonymity, and masking the identity or one information in a set of multiple identities or information, such as aggregation, which is a form of obfuscation, to maintain anonymity, as recognized by (Fink [0018, 0051]).

Claims 3, 12 are rejected under 35 U.S.C. 103 as being unpatentable over Pistoia-Hornyack-Fink in view of Paddon et. al. (US 20160232346 A1), hereinafter Paddon.

Regarding claims 3, 12 (currently amended), Pistoia-Hornyack-Fink teaches The method and computer system and A computer program product of claims 1, 10 and 19 respectively, wherein:
While Pistoia-Hornyack teaches the aforementioned limitations and further teaches (Pistoia [0006, 0009, 0019-0021, 0043]) tracking data flow from a source statement reading confidential information to a sink statement releasing this information to the outside environment and detecting using “Taint analysis”, Hornyack further teaches Page 643 “3.1 Data shadowing” confidential/private data being recognized/fetched/identified and a shadowing/obscuring method to be applied to the private data prior to its release, e.g. device location, phone state, where the shadowing match the data format, where matching format for shadowing the private data is based on the declassifier method whether it is e.g. coordinates, phone state or device ID, release occurs after shadowing/obscuring, Fink teaches obfuscating released/revealed data, however Pistoia-Hornyack-Fink does not explicitly disclose the use of taint bit for tracking and fetching.
Paddon from the same field of invention teaches tracking further comprises setting a taint bit corresponding to the selected confidential or untrusted value in response to the selected confidential or untrusted value receiving information from a source in the executing application; and fetching further comprises fetching security context for the selected confidential or untrusted value in response to the corresponding taint bit still being set for the confidential or untrusted value prior to the confidential or untrusted value being released to the sink ([0009, 0032, 0052, 0054] “…register can include a bit for a corresponding taint flag”, “…tracking values which come from potentially untrusted sources (e.g., external sources), as the values are manipulated by a program. Safe and unsafe data sources and sinks may be defined by marking memory pages and registers appropriately. For example, each storage location that stores data from an untrusted source (e.g., from an I/O device) is flagged as tainted. This flagging continues as the data is passed from one instruction or operation to another. Thus, the storage location of any instance of the data throughout the execution process will be marked as tainted.”, examiner asserts that the tracking and fetching taught by Pistoia-Hornyack can incorporate a taint flag/bit).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia-Hornyack-Fink to incorporate the teaching of Paddon to incorporate a taint flag/bit, with the motivation of indication and tacking of whether the data stored in a given physical memory location is tainted is stored along with the physical memory location, as recognized by (Paddon Abstract).

Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Pistoia-Hornyack-Fink in view of Brutschy et. al. (US 20160246992 A1), hereinafter Brutschy.

Regarding claims 9 and 18 (original), Pistoia-Hornyack-Fink teaches The method and computer system of claims 1 and 10, respectively,
(Hornyack discloses in Page 643 “Implementation” “Applications access
the core libraries and framework through the Android API.”), 
While Pistoia-Hornyack discloses the aforementioned limitations, and further discloses the tracking for confidential data and leakage, however, Pistoia-Hornyack does not disclose API allow for tracking of security context of the confidential data.
Brutschy from the same field of invention teaches and the one or more application programming interfaces are instrumented to allow for the tracking of the security context for the confidential or untrusted values (Brutschy Abstract, [0024-0025] “involves access to private data of a user via an API of an OS.”, “The client device 195 has an OS (operating system) 197, comprising an API (application programming interface) 198, and has a rewritten app 175.”, “The application 135 includes a number of objects 140-1 through 140-N (e.g., methods of the objects) using a permission to access private data of the user. The accessing is performed via the API 198.”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia-Hornyack to incorporate the teaching of Brutschy to utilize the aforementioned limitation, with the motivation of accessing confidential data and allocating mock objects, as recognized by (Brutschy [0027]).

Allowable Subject Matter
Claims 4-5 and 13-14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims and overcome the above objection described in this office action.

The following is a statement of reasons for the indication of allowable subject matter: Pistoia discloses tracking of source and sink to determine whether the data flow contains sensitive/confidential information. Pistoia further discloses detecting vulnerable instances of information leakage. Hornyack discloses modifying/obscuring sensitive information before releasing/revealing the sensitive information, where Hornyack discloses a process that identifies the sensitive information and obscure the sensitive information in accordance with the information’s type and format. Fink discloses the concept of obfuscating the sensitive information before revealing the sensitive information. However, none of the above prior arts, individually or in combination, teaches the sequence of transformations used to the selected confidential or untrusted value from a first state to a different second state, using the declassifier while the selected confidential or untrusted value is on the second state to create declassified value, using the  sequence of transformations to transform back the declassified value to the first state and obfuscating the confidential or untrusted value before releasing to the sink by releasing declassified value in the first state to the sink.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497