DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
Claims 14-32 are pending. Claims 1-13 has been canceled. Claims 14-32 are currently amended. 
Response to Arguments
Applicant's arguments filed 11/16/2020 have been fully considered but they are not persuasive. 
Applicant argues on pages 9-10 “Claims 14-32 are rejected under 35 U.S.C. § 101 because the claims are allegedly directed to an abstract idea without significantly more. Office Action, p. 2. Applicant respectfully disagrees… Accordingly, even assuming for the sake of argument that claim 23 recites one of the enumerated categories of abstract ideas, which it does not, claim 23 is not directed to an abstract idea because any alleged abstract idea is "integrated into a practical application." Accordingly, Applicant submits that claim 23 satisfies the requirements of 35 U.S.C. § 101. Since claim 14 and 28 recite limitations that are similar to those discussed above in conjunction with claim 23, and since claims 15-22, 24-27, and 29-32 depend from claim 14, 23, or 28, Applicant submits that claims 14-22 and 24-32 are directed to patentable subject matter as well” the Examiner respectfully disagrees for the following reasons below:

Applicant argues the claimed invention provides a technical solution that solves problems in related art; however, the claims are directed to an abstract idea and not integrated into a practical application. The claims cover performance of the limitations in the mind but for the recitation of generic computer components. The additional elements (memory/processor) does not integrate the abstract idea into a practical application because they are recited at a high-level of generality, such that they amount to no more than mere instructions to apply the exception using the generic computer components. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. Applicant argues the claims are directed to a security improvement, however, does not impose any meaningful limits on practicing the abstract idea. Once a determination is made based on the stored information, nothing is performed or any action is taken to provide a security improvement. Therefore, the claims are not patent eligible.
Applicant argues on pages 10-11 “Even with this assumption, Dai does not disclose that the alleged result information is associated with a result, the result being a harm to a computer system caused by the process of the malware. Thus, Dai does not teach or suggest. storing, in a storage device, a plurality of result information associated with a plurality of results, the plurality of results being a plurality of harms to a computer system caused by a plurality of processes, as recited by claim 14. Accordingly, Applicant respectfully submits that claim 14 is patentable over Dai” the Examiner respectfully disagrees for the following reasons below:
Dai discloses a malicious behavior database comprising malicious behavior profiles (result information) of the processes of malware (result). Malware has one or more Dai, Figures 3 & 4, pages 2-3, paragraphs 0023-0028) which is equivalent to the argued limitation. 
Applicant argues on pages 11-12 “Since independent claims 23 and 28 recite subject matter that is similar or analogous to that of claim 14, they are patentable for at least similar or analogous reasons…Therefore, since claim 22 depends from claim 14, it is patentable at least by virtue of its dependency” the Examiner has shown how independent claim 14 is not allowable and therefore these arguments are considered moot. 

Claim Objections
Claim 14 is objected to because of the following informalities:  The examiner suggest removing “and” in line 9, since the claim has been amended to add more limitations.  Appropriate correction is requested.
Claim 15 is objected to because of the following informalities:  The examiner suggest amending the limitation “the storage devices” in line 2 to recite “the storage device” to correspond with the other claim language and provide better clarity.  Appropriate correction is requested.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:



Claims 14-18, 20-26 and 28-31 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. Claim 23 recites storing process information, result information & relation information, detecting a first process and determining result information.
The limitations “storing process information…, result information…, and relation information…, detecting… and determining…”, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitations in the mind but for the recitation of generic computer components. That is, other than reciting “a memory” and “a processor” nothing in the claim element precludes the steps from practically being performed in the mind. For example, but for the “memory” language, “storing” in the context of this claim encompasses manually storing process information, result information and relation information and making a determination. If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. 
This judicial exception is not integrated into a practical application. In particular, the claim only recites two additional element – a memory and a processor to perform all the steps of storing information. The memory and processor in all steps is recited at a high-level of generality (i.e., as generic computer components performing generic computer functions of storing) such that it amounts no more than mere instructions to apply the exception using a 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional elements of using a memory and a processor to perform all the steps of storing information amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. The claim is not patent eligible.
Independent claims 14 and 28 includes limitations similar to the limitations of independent claim 23 and is rejected under 35 USC 101 for being directed to abstract idea for similar reasons as discussed above with respect to independent claim 23.
Dependent claims 15-18, 20-22, 24-26 and 29-31 does not cure the deficiency of the independent claims and are rejected under 35 USC 101 for being directed to abstract idea.

Claim Rejections - 35 USC § 112
Claims 14-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 14 recites the limitation "the computer system" in line 3.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 14-15, 20-21, 23-24 and 28-29 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by DAI et al. (US Pub No. 2012/0159628).
Regarding independent claim 14, Dai discloses an analysis method for a computer system, comprising: storing, in a storage device, a plurality of process information associated with a plurality of processes on the computer system (Dai, page 2, paragraph 0023-0024; stores execution objects and execution operation of processes (paragraph 0021) when conducting a malicious behavior database; malicious detection apparatus); storing, in the storage device, a plurality of result information associated with a plurality of results, the plurality of results being a harm to the computer system caused by the plurality of processes (Dai, pages 2-3, paragraphs 0023-0025; when conducting a malicious behavior database stores malicious behavior profiles of the processes; the processes being a process of the malware); and storing, in the storage device, a plurality of relation information associated with a plurality of relations between the plurality of process information and the plurality of result information (Dai, page 2, paragraphs 0023-0024; stores link information (paragraph 0021) when conducting a malicious behavior database); detecting a process operated on the computer system (Dai, page 1, paragraph 0006 and page 3, paragraph 0031; first process); and determining, based on the plurality of relation information stored in the storage device, a result information associated with a process information associated with the detected process (Dai, page 1, paragraph 0006 and page 3, paragraph 0031; first behavior profile according to the first process).
Regarding claim 15, Dai teaches the method further comprising: storing, in the storage devices, plurality of function information associated with a plurality of functions related to an plurality of influences of the plurality of processes on the computer system (Dai, pages 2-3, paragraphs 0023-0025; stores malicious behaviors of the malware), wherein the plurality of relation information includes a plurality of first relation information indicating a plurality of relations between the plurality of processes and the plurality of functions, and a plurality of second relation information indicating a plurality of relations between the plurality of function information and the plurality of result information(Dai, Figure 3, pages 2-3, paragraphs 0023-0025; malicious behavior A-1 with process A-1:1 and link information).
Regarding claim 20, Dai teaches the method further comprising: calculating a matching degree indicating how closely the process information associated with the detected process Dai, Figure 5, page 4, paragraphs 0033-0036; accumulated amount of malicious behavior through comparison of malicious behavior profiles).
Regarding claim 21, Dai discloses the method further comprising: storing, in the storage device, a plurality of another process information associated with a plurality of another processes on the computer system, the plurality of another processes configured to cause the plurality of results (Dai, Figure 4, page 3, paragraph 0028-0029; optional malicious behavior profiles), and storing, in the storage device, a plurality of another relation information associated with a plurality of relations between the plurality of another process information and the plurality of result information (Dai, Figures 3-4, page 3, paragraph 0028-0029 and page 2, paragraph 0023-0024).
Regarding independent claim 23, Dai discloses an analysis system, comprising: at least one memory; and at least one processor coupled to the at least one memory, wherein the at least one memory is configured to store: a plurality of process information associated with a plurality of processes in the computer system (Dai, page 2, paragraph 0023-0024; stores execution object and execution operation of process (paragraph 0021) when conducting a malicious behavior database); a plurality of result information associated with a plurality of results, the plurality of results being a harm to the computer system caused by the plurality of processes (Dai, pages 2-3, paragraphs 0023-0025; when conducting a malicious behavior database stores malicious behavior profile of the process; the process being a process of the malware); and a plurality of relation information associated with a plurality of relations between the plurality of process information and the plurality result information (Dai, page 2, paragraph 0023-0024; stores link information (paragraph 0021) when conducting a malicious behavior database); and the at least one processor is configured to: detect a process operated on the computer system (Dai, page 1, paragraph 0006 and page 3, paragraph 0031; first process); and determine, based on the plurality of relation information stored in the storage device, a result information associated with a process information associated with the detected process (Dai, page 1, paragraph 0006 and page 3, paragraph 0031; first behavior profile according to the first process).
Regarding claim 24, Dai teaches the device wherein the at least one memory is further configured to store: a plurality of function information associated with a plurality of functions related to a plurality of influences of the plurality of processes on the computer system (Dai, pages 2-3, paragraphs 0023-0025; stores malicious behaviors of the malware), wherein the plurality of relation information includes first relation information indicating a plurality of relations between the plurality of processes and the plurality of functions, and a plurality of second relation information indicating a plurality of relations between the plurality of function information and the plurality of result information(Dai, Figure 3, pages 2-3, paragraphs 0023-0025; malicious behavior A-1 with process A-1:1 and link information).
Regarding independent claim 28, Dai discloses a non-transitory computer-readable recording medium storing a program that, when executed by a computer, causes the computer to execute an analysis method, the non-transitory computer-readable recording medium further storing: a plurality of process information associated with a plurality of processes on the computer system (Dai, page 2, paragraph 0023-0024; stores execution object and execution operation of process (paragraph 0021) when conducting a malicious behavior database); a plurality of result information associated with a plurality of results, the plurality of results being Dai, pages 2-3, paragraphs 0023-0025; when conducting a malicious behavior database stores malicious behavior profile of the process; the process being a process of the malware); and plurality of relation information associated with a plurality of relations between the plurality of process information and the plurality result information (Dai, page 2, paragraph 0023-0024; stores link information (paragraph 0021) when conducting a malicious behavior database), wherein the analysis method comprises: detecting a process operated on the computer system (Dai, page 1, paragraph 0006 and page 3, paragraph 0031; first process); and determining, based on the plurality of relation information stored in the storage device, a result information associated with a process information associated with the detected process (Dai, page 1, paragraph 0006 and page 3, paragraph 0031; first behavior profile according to the first process).
Regarding claim 29, Dai teaches the non-transitory computer-readable recording medium further storing: a plurality function information associated with a plurality of functions related to a plurality of influences of the plurality of process on the computer system (Dai, pages 2-3, paragraphs 0023-0025; stores malicious behaviors of the malware), wherein the plurality of relation information includes first plurality relation information indicating a plurality relations between the plurality of processes and the plurality of functions, and a plurality of second relation information indicating a plurality relations between the plurality of function information and the plurality of result information(Dai, Figure 3, pages 2-3, paragraphs 0023-0025; malicious behavior A-1 with process A-1:1 and link information).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 16-19, 25-27 and 30-32 are rejected under 35 U.S.C. 103 as being unpatentable over DAI et al. (US Pub No. 2012/0159628) in view of Anzai et al. (US Patent No. 7,748,041).
Regarding claim 16, Dai teaches each and every claim limitation of claim 15. 
Dai does not explicitly teach the method further comprising receiving a first input related to the plurality of result information; receiving a second input related to the plurality of function information; and receiving a third input related to the plurality of relation information.
Anzai teaches receiving a first input related to the plurality of result information; receiving a second input related to the plurality of function information; and receiving a third input related to the plurality of relation information (Anzai, Figures 3A-9; column 15, line 56- column 16, line 13; enters information of the threat, functional requisites, components and correspondence).
Anzai, column 2, lines 44-67).
Regarding claim 17, Dai teaches each and every claim limitation of claim 14. 
Dai does not explicitly teach the method further comprising receiving a first input related to the plurality of result information.
Anzai teaches receiving a first input related to the plurality of result information (Anzai, Figures 3A-9; column 15, line 56- column 16, line 13; enters information of the threat, risk and assurance level).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of risk and degree of assurance and adaptability of computer components (Anzai, column 2, lines 44-67).
Regarding claim 18, Dai teaches each and every claim limitation of claim 17. 
Dai does not explicitly teach the method further comprising receiving another input related to the plurality of relation information.
Anzai, Figures 3A-9; column 15, line 56- column 16, line 13; enters correspondence).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of risk and degree of assurance and adaptability of computer components (Anzai, column 2, lines 44-67).
Regarding claim 19, Dai teaches each and every claim limitation of claim 14. 
Dai does not explicitly teach the method further comprising: outputting, on a display device, a signal configured to display the process information associated with the detected process, the determined result information, and a relation information between the process information associated with the detected process and the determined result information.
Anzai teaches outputting, on a display device, a signal configured to display the process information associated with the detected process, the determined result information, and [[the]]a relation information between the process information associated with the detected process and the determined result information (Anzai, Figures 3A-11; column 15, line 56- column 16, line 13; output the screen).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of Anzai, column 2, lines 44-67).
Regarding claim 25, Dai teaches each and every claim limitation of claim 24. 
Dai does not explicitly teach the system wherein the at least one processor is configured to: receive a first input related to the plurality of result information; receive a second input related to the plurality of function information; and receive a third input related to the plurality of relation information.
Anzai teaches receive a first input related to the plurality of result information; receive a second input related to the plurality of function information; and receive a third input related to the plurality of relation information (Anzai, Figures 3A-9; column 15, line 56- column 16, line 13; enters information of the threat, functional requisites, components and correspondence).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of risk and degree of assurance and adaptability of computer components (Anzai, column 2, lines 44-67).
Regarding claim 26, Dai teaches each and every claim limitation of claim 23. 
Dai does not explicitly teach the system wherein the at least one processor is configured to receive a first input related to the plurality of result information.
Anzai, Figures 3A-9; column 15, line 56- column 16, line 13; enters information of the threat, risk and assurance level).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of risk and degree of assurance and adaptability of computer components (Anzai, column 2, lines 44-67).
Regarding claim 27, Dai teaches each and every claim limitation of claim 23. 
Dai does not explicitly teach the system wherein the at least one processor is configured to output, on a display device, a signal configured to display the process information associated with the detected process, the determined result information, and a relation information between the process information associated with the detected process and the determined result information.
Anzai teaches output, on a display device, a signal configured to display the process information associated with the detected process, the determined result information, and a relation information between the process information associated with the detected process and the determined result information (Anzai, Figures 3A-11; column 15, line 56- column 16, line 13; output the screen).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a Anzai, column 2, lines 44-67).
Regarding claim 30, Dai teaches each and every claim limitation of claim 29. 
Dai does not explicitly teach the non-transitory computer-readable recording medium wherein the program causes the computer to: receive a first input related to the result information; receive a second input related to the function information; and receive a third input related to the relation information.
Anzai teaches receive a first input related to the plurality of result information; receive a second input related to the plurality of function information; and receive a third input related to the plurality of relation information (Anzai, Figures 3A-9; column 15, line 56- column 16, line 13; enters information of the threat, functional requisites, components and correspondence).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of risk and degree of assurance and adaptability of computer components (Anzai, column 2, lines 44-67).
Regarding claim 31, Dai teaches each and every claim limitation of claim 28. 

Anzai teaches receive a first input related to the plurality of result information (Anzai, Figures 3A-9; column 15, line 56- column 16, line 13; enters information of the threat, risk and assurance level).
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of risk and degree of assurance and adaptability of computer components (Anzai, column 2, lines 44-67).
Regarding claim 32, Dai teaches each and every claim limitation of claim 28. 
Dai does not explicitly teach the non-transitory computer-readable recording medium wherein the program, when executed by the computer, causes the computer to output, on a display device, a signal configured to display the process information associated with the detected process, the determined result information, and a relation information between the process information associated with the detected process and the determined result information.
Anzai teaches output, on a display device, a signal configured to display the process information associated with the detected process, the determined result information, and a relation information between the process information associated with the detected process Anzai, Figures 3A-11; column 15, line 56- column 16, line 13; output the screen).
	It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Anzai to support a security design and evaluation tool to output an assurance level of security for components to provide the advantage of a low cost and highly reliable system that provides the magnitude of risk and degree of assurance and adaptability of computer components (Anzai, column 2, lines 44-67).

Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over DAI et al. (US Pub No. 2012/0159628) in view of Kanoun et al. (US Patent No. 8,973,092).
Regarding claim 22, Dai teaches each and every claim limitation of claim 14. 
Dai does not explicitly teach the method further comprising: storing, in the storage device, a plurality of another result information associated with a plurality of another result, the plurality of another result being another harm to the computer system caused by the process, and storing the plurality of another relation information associated with a plurality of relations between the plurality of process information and the plurality of another result information.
Kanoun teaches further comprising: storing, in the storage device, a plurality of another result information associated with a plurality of another result, the plurality of another result being another harm to the computer system caused by the process, and storing the plurality of another relation information associated with a plurality of relations between the plurality of Kanoun, Figure 3 , column 5, lines 1-65; different objectives (results) of the attack from level/step).   
It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Dai with the teachings of Kanoun to use graphs based on attack models to show an attack objectives and steps/levels leading to the objectives to provide the advantage of operators accesses in real-time the risk of an attack and suitable responses to apply in response to the attack to protect of an information system (Kanoun, column 1, lines 14-22).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHAQUEAL D WADE/             Examiner, Art Unit 2437 
/KRISTINE L KINCAID/             Supervisory Patent Examiner, Art Unit 2437