DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 02/12/2021.


Examiner’s statement of reason of allowance

The following is an examiner's statement of reasons for allowance: In interpreting the claims, in light of the Specification and the applicant's amendments filed on 02/12/2021, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
 	The present relates to a method of detecting client participation in malware activity, in respect of a target subjected to a given attack by a client system, which is operable to run a given host application is disclosed a given security service provider is configured, which is operably coupled to the client system, to make accessible given attack information that is reported by a given attack target. An attack status query is transmitted to the security service provider from an agent that is operably coupled to the client system. In response to receiving the attack status query, the security service provider is configured to send attack information reported in respect of a given attack target to the agent, and configuring the agent to diagnose whether its corresponding 
 
	Independent claims 1, 6 and 11, recite the uniquely distinct features of “ attack rules" in Lin are not similar or even operate the same way as the "attack status" of the present claims. In Lin the "attack rules" include a domain name, an IP address, and a rule type identifier. The "attack rules" of Lin are related to the request from the web browser to access a particular domain. These rules are used to determine if the domain name and associated IP address are legitimate. See e.g. Lin paragraphs 72-84. Basically, Lin is preventing the browser from going to a webpage that is spoofing a legitimate website. In contrast to Lin, the present claims are dealing with an attack status. An attack status query of the present claims is used to pull information from the security service provider to identify the source of a denial of service attack or other malware activity. See e.g. Application paragraphs 30-32. Therefore, the Applicant respectfully submits that the Lin does not teach or suggest this feature of claim 1 as it is claimed and described in the Specification. Further, the combination of Lin and Tock does not teach or suggest this feature either. Thus, the Applicant submits that claim 1 is not rendered obvious over the asserted combination. As such, claim 1 is believed allowable over the combination of Tock and Lin. Claims 6 and 11 include features substantially similar to those of claim 1, and are therefore, believed allowable as well for, at least, substantially the same reasons as claim 1. Claims 2-5, 7- 
Page 8 of 9 
Appl. No. 15/884,940 
Reply to Final Office Action of December 14, 202010, and 12-20 are believed allowable as well, at least, based on their dependency from allowable independent claims.

The closest prior art, ( TOCK US 2015/0135316), discloses a threat response platform to act as a bridge between non-inline security programs and inline security programs. The threat response platform receives event reports, relating to client devices, from the non-inline security programs and creates incident reports for a user. The incident reports describe the event report and also additional data gathered by an active correlation system of the threat response platform. The active correlation system automatically gathers various types of data that are potentially useful to a user in determining whether the reported event is an incidence of malware operating on the client device or a false positive. The active correlation system places a temporary agent on the client device to identify indications of compromise. 

The closest prior art, ( Lin US 2017/0279823) discloses  a network attack determination method, a secure network data transmission method, and a corresponding apparatus. In this application, a browser client terminal obtains attack rules formulated by a rule configuration server, and after obtaining feedback information that is returned by a network according to a webpage browsing request, determines, according to a comparison result between the attack rules and the feedback information, whether the webpage browsing request encounters a network attack, thereby resolving a problem in the prior art that a network attack cannot be identified. In addition, after determining that a network attack is encountered, the browser client terminal performs network data transmission in a secure manner, which can avoid impact from the network attack, and improve security of network data transmission.
 	
However, the prior art of record, either individually or in a reasonable combination, fails to disclose or suggest the underline limitations when in combination with the remaining limitations currently recited in the independent claims 1,6 and 11. In addition, updated search also did not yield any new applicable prior art with respect to the underlined limitations.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance." 







Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495