DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office Action is in response to Application 16291058 filed on 03/04/2019.
Claims 1-20 have been examined and are pending in this application. 
This Office Action is made Non-Final.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/11/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
The disclosure is objected to because of the following informalities: Specification Summary missing. Appropriate correction is required. See MPEP § 608.01(a).

	
	Claim Objections
Claims 1-7, 9-15 and 16-20 are objected to because of the following informalities:  
Regarding Claims 1, 6-7, 15 and 20; Claims 1, 6-7, 15 and 20 recites “processing unit,” to be consistent with discussion in the specification and for better clarity, the Examiner recommends amending the claim to read “central processing unit (CPU) or hardware processor.” Appropriate correction is required.
Regarding Claims 2-7; Claims 2-7 recites in the preamble “A system according to Claim 1,” for clarity and consistency, the Examiner recommends amending the "The system according to Claim 1." Appropriate correction is required.
Regarding Claims 9-14; Claims 9-14 recites in the preamble “A method according to Claim 8,” for clarity and consistency, the Examiner recommends amending the claim to read "The method according to Claim 8." Appropriate correction is required
Regarding Claims 16-20; Claims 16-20 recites in the preamble “A medium according to Claim 15,” for clarity and consistency, the Examiner recommends amending the claim to read "The non-transitory computer-readable medium according to Claim 15." Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-8, 12-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ramalingam et al (“Ramalingam,” US 9600672, published on 03/21/2017) in view of BOULTON et al (“BOULTON,” US 20190205526, filed on 09/12/2018)

Regarding Claim 1; 

Ramalingam discloses a system comprising: a memory storing executable code (Col 7, lines56-58; the control data may be in the runtime memory of the executing software module); and a processing unit to execute the code to (Col 4, lines 44-46; generate machine-executable code that is executed by one or more processors): 
call a first function (Col 16, lines 64-65; a call to a function from a calling process may be detected); 
in response to the call, determine whether to execute a first version of the first function or a second version of the first function (Col 16, line 64 – Col 17, line 1; fig. 14, step 1408; a call to a function from a calling process may be detected. the control data corresponding to the function may be accessed. Based on the control data, a determination may be made which version of the function to execute);
execute the first version of the first function if it is determined to execute the first version of the first function (Col 16, line 67 – Col 17, line 3; fig. 14, step 1410; a determination may be made which version of the function to execute. the set of executable instructions corresponding to the determined version may be executed); and 
execute the second version of the second function if it is determined to execute the second version of the first function (Col 16, line 67 – Col 17, line 3; fig. 14, step 1410; a determination may be made which version of the function to execute. the set of executable instructions corresponding to the determined version may be executed).
Ramalingam discloses all the limitations as recited above, but do not explicitly disclose wherein the second version of the first function comprises a security-related features and the first version of the first function does not comprise the security- related feature.  

wherein the second version of the first function comprises a security-related features and the first version of the first function does not comprise the security- related feature (BOULTON: par 0036; the processor may be programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file [] the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow. As such, type A functions may not require stack protection. Another classification may be applied to functions identified by the developer as including a stack protection attribute).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of BOULTON with the method/system of Ramalingam to include wherein the second version of the first function comprises a security-related features and the first version of the first function does not comprise the security- related feature. One would have been motivated to identifying a function in a binary file, assigning one of a plurality of classifications to the function, and determining that the function requires stack cookie protection based at least in part on the classification assigned to the function (BOULTON: abstract).

Regarding Claim 5;
Ramalingam in combination with BOULTON disclose a system according to Claim 1, 
 further discloses wherein the security-related feature comprises one or more of stack cookie protection, extended logging, and buffers size checks (BOULTON: par 0012; in response to determining that the function utilizes stack cookie protection, a security report for the binary software component is updated to indicate that the function utilizes stack cookie protection; par 0036; the processor may be programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file).  
One would have been motivated to identifying a function in a binary file, assigning one of a plurality of classifications to the function, and determining that the function requires stack cookie protection based at least in part on the classification assigned to the function (BOULTON: abstract).

Regarding Claim 6;
Ramalingam in combination with BOULTON disclose a system according to Claim 1, 
Ramalingam further disclose the processing unit to execute the code to (Ramalingam: Col 4, lines 44-46; generate machine-executable code that is executed by one or more processors): call a second function (Ramalingam: Col 16, lines 64-65; a call to a function from a calling process may be detected); in response to the call to the second function, determine whether to execute a first version of the second function or a second version of the second function (Ramalingam: Col 16, line 64 – Col 17, line 1; a call to a function from a calling process may be detected. the control data corresponding to the function may be accessed. Based on the control data, a determination may be made which version of the function to execute); execute the first version of the second function if it is determined to execute the first version of the second function (Ramalingam: Col 16, line 67 – Col 17, line 3; a determination may be made which version of the function to execute. the set of executable instructions corresponding to the determined version may be executed); and execute the second version of the second function if it is determined to execute the second version of second first function (Ramalingam: Col 16, line 67 – Col 17, line 3; a determination may be made which version of the function to execute. the set of executable instructions  corresponding to the determined version may be executed).
Ramalingam discloses all the limitations as recited above, but do not explicitly disclose wherein the second version of the second function comprises a second security-related features and the first version of the second function does not comprise the second security- related feature.
However, in an analogous art, BOULTON discloses stack cookie protection system/method that includes:
wherein the second version of the second function comprises a security-related features and the first version of the second function does not comprise the second security- related feature (BOULTON: par 0036; the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow. Another classification may be applied to functions identified by the developer as including a stack protection attribute; par 0013; binary static analysis method of reliably identifying the presence of stack cookie protection in a binary file. Some compilers provide an option for run-time detection of stack buffer overflows; par 0037; the settings may include an option to disable stack protection for all functions, an option to provide stack protection for all functions, an option to provide stack protection for type C functions, an option to provide stack protection for type C and type D functions, and an option to provide stack protection for type B and type C functions).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of BOULTON with the method/system of Ramalingam to include wherein the second version of the second function comprises a second security-related features and the first version of the second function does not comprise the second security- related feature. One would have been motivated to identifying a function in a binary file, assigning one of a plurality of classifications to the function, and determining that the function requires stack cookie protection based at least in part on the classification assigned to the function (BOULTON: abstract).

Regarding Claim 7;
Ramalingam in combination with BOULTON disclose a system according to Claim 6, 
Ramalingam further discloses the processing unit to execute the code to (Ramalingam: Col 4, lines 44-46; generate machine-executable code that is executed by one or more processors): call a third function (Ramalingam: Col 16, lines 64-65; a call to a function from a calling process may be detected); and in response to the call to the third function, determine whether to execute a first version of the third function, a second version of the third function, and a third (Ramalingam: Col 16, line 64 – Col 17, line 1; a call to a function from a calling process may be detected. the control data corresponding to the function may be accessed. Based on the control data, a determination may be made which version of the function to execute).
Ramalingam discloses all the limitations as recited above, but do not explicitly disclose wherein the third version of the third function comprises a first set of security-related features, the second version of the third function comprises a second set of security-related features, and the first version of the third function does not comprise the first set or the second set of security-related features.  
However, in an analogous art, BOULTON discloses stack cookie protection system/method that includes:
wherein the third version of the third function comprises a first set of security-related features (BOULTON: par 0036; the processor may be programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file [] the processor may be programmed to classify each function based on its type; par 0037; the settings may include an option to disable stack protection for all functions, an option to provide stack protection for all functions, an option to provide stack protection for type C functions, an option to provide stack protection for type C and type D functions, and an option to provide stack protection for type B and type C functions), the second version of the third function comprises a second set of security-related features (BOULTON: par 0036; the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow. Another classification may be applied to functions identified by the developer as including a stack protection attribute; par 0013; binary static analysis method of reliably identifying the presence of stack cookie protection in a binary file. Some compilers provide an option for run-time detection of stack buffer overflows; par 0037; the settings may include an option to disable stack protection for all functions, an option to provide stack protection for all functions, an option to provide stack protection for type C functions, an option to provide stack protection for type C and type D functions, and an option to provide stack protection for type B and type C functions), and the first version of the third function does not comprise the first set or the second set of security-related features (BOULTON: par 0036; the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow; par 0037; the settings may include an option to disable stack protection for all functions, an option to provide stack protection for all functions, an option to provide stack protection for type C functions, an option to provide stack protection for type C and type D functions, and an option to provide stack protection for type B and type C functions).

Regarding Claim 8;
This Claim recites a method that perform the same steps as system of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  



Regarding Claim 12;
This Claim recites a method that perform the same steps as system of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  

Regarding Claim 13;
This Claim recites a method that perform the same steps as system of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  

Regarding Claim 14;
This Claim recites a method that perform the same steps as system of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  

Regarding Claim 15;
This Claim recites a non-transitory computer-readable medium that perform the same steps as system of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

Regarding Claim 19;
This Claim recites a medium that perform the same steps as system of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  
Regarding Claim 20;
This Claim recites a medium that perform the same steps as system of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  

Claims 2-3, 9-10 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Ramalingam et al (US 9600672) in view of BOULTON et al (US 20190205526) and further in view of ANDO et al. (“ANDO,” US 20190005232, published on 01/03/2019)
	
Regarding Claim 2;
Ramalingam in combination with BOULTON disclose a system according to Claim 1, 
Ramalingam further discloses wherein determination of whether to execute the first version of the first function or the second version of the first function comprises (Ramalingam: Col 16, line 64 – Col 17, line 1; a call to a function from a calling process may be detected. the control data corresponding to the function may be accessed. Based on the control data, a determination may be made which version of the function to execute): 
Ramalingam in combination with BOULTON disclose all the limitations as recited above, but do not explicitly disclose determination of a performance metric of the system; and determination to execute the second version if the performance metric exceeds a threshold.  

determination of a performance metric of the system (ANDO: par 0075; determines, that the measured CPU use rate is higher than the threshold of the CPU use rate); and determination to execute the second version if the performance metric exceeds a threshold (ANDO: par 0075; determines, that the measured CPU use rate is higher than the threshold of the CPU use rate [] when the lapse time is determined as greater than the present time length, the execution object determiner determines all of the check instructions inserted in the program code as an execution object, and the arithmetic unit executes all of the check instructions determined above).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of ANDO with the method/system of Ramalingam and BOULTON to include determination of a performance metric of the system; and determination to execute the second version if the performance metric exceeds a threshold. One would have been motivated to determine the check instruction to be executed based on the use frequency information and the load; and an arithmetic unit executing the check instruction determined by the execution object determiner at a time of execution of the program (ANDO: abstract).
	
Regarding Claim 3;
Ramalingam in combination with BOULTON disclose a system according to Claim 1, 
 (Ramalingam: Col 16, line 64 – Col 17, line 1; a call to a function from a calling process may be detected. the control data corresponding to the function may be accessed. Based on the control data, a determination may be made which version of the function to execute): 
Ramalingam in combination with BOULTON disclose all the limitations as recited above, but do not explicitly disclose evaluation of a counter associated with a number of times the first function is called; and determination to execute the second version if the counter exceeds a threshold value.  
However, in an analogous art, ANDO discloses control unit system/method that includes:
evaluation of a counter associated with a number of times the first function is called (ANDO: par 0080; when there are so many process objects of the subject program, the use frequency increases as the number of calls of the function increases, thereby leading to an increase in processing overhead for performing the check process); and determination to execute the second version if the counter exceeds a threshold value (ANDO: par 078; the detector unit monitors the output of the executed check instruction during the execution of the subject program, and detects an abnormality of the call/return of the function; par 0075; the execution object determiner determines all of the check instructions inserted in the program code as an execution object, and the arithmetic unit executes all of the check instructions).    
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of ANDO with the method/system of Ramalingam and BOULTON to include evaluation of a counter associated with a number of times the first function is called; and determination to execute the second version if the counter exceeds a threshold value. One would have been motivated to determine the check instruction to be executed based on the use frequency information and the load; and an arithmetic unit executing the check instruction determined by the execution object determiner at a time of execution of the program (ANDO: abstract).
	

Regarding Claim 9;
This Claim recites a method that perform the same steps as system of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  

Regarding Claim 10;
This Claim recites a method that perform the same steps as system of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Regarding Claim 16;
This Claim recites a medium that perform the same steps as system of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  

Regarding Claim 17;
This Claim recites a medium that perform the same steps as system of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Ramalingam et al (US 9600672) in view of BOULTON et al (US 20190205526) and further in view of Harel et al. (“Harel,” US 20180349612, published on 12/06/2018)
Regarding Claim 4;
Ramalingam in combination with BOULTON disclose a system according to Claim 1, 
Ramalingam further discloses wherein determination of whether to execute the first version of the first function or the second version of the first function comprises (Ramalingam: Col 16, line 64 – Col 17, line 1; a call to a function from a calling process may be detected. the control data corresponding to the function may be accessed. Based on the control data, a determination may be made which version of the function to execute): 
Ramalingam in combination with BOULTON disclose all the limitations as recited above, but do not explicitly disclose determination of a current security risk; and determination to execute the second version if the current security risk exceeds a threshold.  

determination of a current security risk (Harel: par 0027; controller context (e.g., current mode of operation, current security status) can be monitored and used to determine the level of risk on the controller, which can be used to dynamically adjust the level of IMV security for some or all functions on the controller); and determination to execute the second version if the current security risk exceeds a threshold (Harel: par 0027; controller context (e.g., current mode of operation, current security status) can be monitored and used to determine the level of risk on the controller, which can be used to dynamically adjust the level of IMV security for some or all functions on the controller; par 0029; the computer system can identify an inherent risk level for elements of that graph based on any of a variety of factors; par 0035; if the function is determined to have a high risk level--meaning that the function includes one or more features that could be exploited and pose a security risk to the controller can execute the function with one or more levels of IMV checking).
 Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Harel with the method/system of Ramalingam and BOULTON to include determination of a current security risk; and determination to execute the second version if the current security risk exceeds a threshold.  
 One would have been motivated to identified risk value; and applying, to the code portion as the code portion is running on the controller, the selected IMV scheme (Harel: abstract).
Regarding Claim 11;
This Claim recites a method that perform the same steps as system of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  

Regarding Claim 18;
This Claim recites a medium that perform the same steps as system of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/C.W./Examiner, Art Unit 2439                       



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439