DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The 11/14/2019 IDS document has been considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-11 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 14, and 22 of U.S. Patent No. US 10,445,505 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the patent anticipate those of the instant application (i.e., the server-side of the claimed operations) as below. Instant claims 2-9 and 11 depend on their respective parent claims 1 and 10, and are therefore likewise rejected.

Instant Application
US 10,445,505 B2
1. A server apparatus, comprising: 
a hardware platform comprising a processor and a memory; a network interface; and










receive via the network interface an endpoint payload comprising a platform identification string, comprising an identifier for an application and an identifier for an action to be taken by the application; query a vulnerability database and platform identification string database to procure an application-specific reputation for the action; and 

send via the network interface the application-specific reputation for the action.

a network interface configured to communicatively couple the computing device to a server; and
one or more logic elements, including at least one hardware logic element, comprising 


intercept via the shim application a non-prelaunch runtime operation of an executable object;

send via the network interface a validation request for the runtime operation in context of the executable object;
receive a response code for the validation request, the response code comprising a common platform enumeration (CPE)-like string comprising a reputation for the runtime operation; and

act according to the response code, blocking the runtime operation by the executable object.










receive from an endpoint via a network interface a common platform enumeration (CPE)-like string comprising an identification of a requested action by a process of the endpoint; query vulnerability and CPE databases to determine a process-specific reputation for the requested action; send via the network interface the process-specific reputation for the action; 

determine that a host application of the process has an available update, or that the action can be provided by a more secure application; and instruct the endpoint via the network interface to apply the available update or to install the more secure application.

intercepting via the shim application a non-prelaunch runtime operation of an executable object;

sending via the network interface a validation request for the runtime operation in context of the executable object;
receiving a response code for the validation request, the response code comprising a common platform enumeration (CPE)-like string comprising a reputation for the runtime operation; and


22. The one or more computer-readable mediums of claim 21, wherein the shim agent is configured to receive a notification that a patch or update is available for the executable object, and to schedule application of the patch or update.

1 (continued). acting according to the response code, blocking the runtime operation by the executable object.






Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 5 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 5 depends from claim 1 and recites the limitation "pushing the patch."  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen (US 2016/0092190 A1) in view of Wootton (US 2012/0110174 A1).

Regarding claim 1, Chen discloses: A server apparatus, comprising: 
a hardware platform comprising a processor and a memory; 
a network interface; and 
Refer to at least FIG. 1 and [0034] of Chen with respect to exemplary hardware and networking.
a vulnerability assessment server engine comprising instructions encoded within the memory to instruct the processor to: 
receive via the network interface an endpoint payload comprising a platform identification string, comprising an identifier for an application and an identifier for an action to be taken by the application; 
Refer to at least S406-S408 in FIG. 4, [0008], and [0062]-[0063] of Chen with respect to interrupting and analyzing an application installation event for which application information is obtained. The application information is provided to a cloud server.
query a vulnerability database and platform identification string database to procure an application-specific [information] for the action; and 
Refer to at least [0026]-[0029], S414 in FIG. 4, and [0066]-[0067] of Chen with respect to an SID database and procuring application-specific information from the cloud server.  
send via the network interface the application-specific [information] for the action.
Refer to at least [0067] of Chen with respect to the cloud server returning information obtained from the SID database.
Chen does not specify: reputation. However, Chen in view of Wootton discloses: reputation.
Refer to at least [0100] and [0104]-[0105] of Wootton with respect to a server returning a requested assessment for an application, including a determined reputation. 
The teachings of Chen and Wootton relate to securing mobile applications and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Chen to further include application reputation as part of application information for at least the purpose of increasing security (i.e., preventing previously unknown or as-of-yet within-threshold low reputation applications from exploiting user devices). 

Regarding claim 2, Chen-Wootton discloses: The server apparatus of claim 1, wherein the vulnerability assessment server engine further comprises instructions to: determine that the application has an available patch to repair a vulnerability of the application related to the action; and push the patch to the endpoint via the network interface.
Refer to at least [0007], [0047], and [0074] of Chen with respect to downloading and reinstalling the application via the cloud server. 



Regarding claim 4, it is rejected for at least the same reasons as claim 2 above (i.e., the citations). It is noted, however, that the Wootton reference also discusses recommending a second application (e.g., [0238]-[0243] of Wotton).

Regarding claim 5, Chen-Wootton discloses: The server apparatus of claim 1, wherein pushing the patch comprises creating a work item, and assigning the work item to an update agent of the endpoint.
Refer to at least FIG. 3, [0051], and [0054] of Chen with respect to a client installed on the mobile device, the client configured for downloading and reinstalling applications. 

Regarding claim 6, it is rejected for substantially the same reasons as claims 1-2 and 5 above (i.e., the citations and obviousness rationale).

Regarding claim 7, Chen-Wootton discloses: The server apparatus of claim 6, wherein the vulnerability assessment server engine is further to instruct a shim agent of the endpoint to monitor the updated or patched application.
Refer to at least FIG. 3, [0049], and [0052] of Chen with respect to the client and its monitoring module. 

Regarding claim 8, Chen-Wootton discloses: The server apparatus of claim 1, wherein the vulnerability assessment server engine further comprises instructions to interface with a research service to identify new vulnerabilities in applications.
Refer to at least [0165] of Wootton with respect to third party information for performing assessments. 
This claim would have been obvious for substantially the same reasons as claim 1 above.

Regarding claim 9, it is rejected for substantially the same reasons as claim 1 above (i.e., the citations concerning application information; [0066] of the instant specification).

Regarding independent claim 10, it is substantially similar to independent claim 1 and claims 2 and 4, and is therefore likewise rejected for substantially the same reasons (i.e., the citations and obviousness rationales). 

Regarding claim 11, it is rejected for substantially the same reasons as claim 1 (e.g., [0026]-[0029] of Chen).

Claims 12-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Clancy (US 2014/0157355 A1) in view of Wootton (US 2012/0110174 A1).

Regarding claim 12, Clancy discloses: A computing apparatus, comprising: 
a processor and a memory; and 
Refer to at least FIG. 1-2 and [0074] of Clancy with respect to exemplary computing devices.
a process-reputation store comprising a plurality of process identifiers, and one or more whitelisted actions on a per-process basis; 
Refer to at least [0055], [0080], and [0124] of Clancy with respect to whitelists / blacklists as part of policy.
instructions encoded within the memory to instruct the processor to provide a shim application to: 
identify a process for inspection; 
hook an attempted action of the process; 
determine that the attempted action is not a pre-load action for the process and is not a whitelisted action for the process; 
Refer to at least [0009], [0048], and/or FIG. 3-4 of Clancy with respect to an application making a system call, or generally requesting data. The call / request is evaluated before being allowed. 
compute a reputation for the action in context of the process; and 
Refer to at least [0050]-[0052], [0062], and [0143] of Clancy with respect to the call / request’s context.
Refer to at least [0080], [0055], [0124] of Clancy with respect to the policy server serving policy requests. 
according to the computed reputation, whitelist [or] blacklist the action in context of the process.
Refer to at least [0042] of Clancy with respect to exemplary enforcement actions, including changing one or more rules. 
Clancy does not disclose: graylist. However, Clancy in view of Wootton discloses: graylist.
Refer to at least [0131]-[0133] of Wootton with respect to an unknown assessment and object classification.
The teachings of Clancy and Wootton relate to securing mobile applications and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Clancy to further include unknown 

Regarding claim 13, it is rejected for substantially the same reasons as claim 12 above (i.e., the citations and obviousness rationale; [0146] of Wootton concerning known bad, known good, and unknown assessments).

Regarding claim 14, Clancy-Wootton discloses: The computing apparatus of claim 13, wherein the instructions are further to cache the reputation in the process-reputation store.
Refer to at least [0126] of Wootton with respect to caching assessment results.  
This claim would have been obvious for substantially the same reasons as claim 12 above.

Regarding claim 15, Clancy-Wootton discloses: The computing apparatus of claim 14, wherein the instructions are to solicit feedback before executing a graylist action.
Refer to at least [0104] of Wootton with respect to utilizing user comments in generating an assessment.
This claim would have been obvious for substantially the same reasons as claim 12 above.

Regarding claim 16, it is rejected for substantially the same reasons as claim 14 above.

Regarding claim 17, Clancy-Wootton discloses: The computing apparatus of claim 15, wherein soliciting feedback comprises requesting verification from a local user.
Refer to at least [0105] of Wootton with respect to user verification. 
This claim would have been obvious for substantially the same reasons as claim 12 above.



Regarding claims 19-20, they are rejected for substantially the same reasons as claim 12 above (i.e., the citations; [0066] of the instant specification).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751.  The examiner can normally be reached on 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/V.S/Examiner, Art Unit 2432