DETAILED ACTION
Claims 1-14 are pending in the current application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 10-11 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Davis et al. (Pub. No. US 2009/0113403 A1), and further in view of Chaiken et al. (Patent No. US 6,802,056 B1).

As to claim 1, Davis discloses a computer implemented method of generating compiled intermediate code files adjusted to prevent return oriented programming exploitation, comprising:
receiving at least one intermediate code file generated by a compiler, the at least one intermediate code file comprising a plurality of routines (Davis [0016] lines 1-4 and [0066] lines 2-5; which shows being able to compile and intermediate representation of the code where the code can include routines);
adjusting the at least one intermediate code file prior to generation of a respective executable file to be executed by at least one processor, the adjusting comprising: analyzing each of the plurality of routines to identify at least one indirect branch instruction in at least one of the plurality of routines (Davis [0053] lines 1-4 and [0054] lines 1-6; which shows being able to find/determine where these indirect branch instructions are for replacement thus viewed as a form of analysis of the code/routine/procedure being performed, the specifics of the routines are seen specifically disclosed above), and
replacing each indirect branch instruction detected in at least one of the plurality of routines with an invocation of a respective verification code segment configured to verify, prior to executing the respective indirect branch operation, that the respective indirect branch instruction points to the beginning address of one of the plurality of routines (Davis [0053] lines 1-8 and [0058] lines 1-11; which shows being able to replace the NOP which is part of the indirect branch/jump code with code that is able to check/verify if the branch is to be made to/points to the appropriate location which is viewed as including the beginning address associated since it can be seen as a checking for the appropriate address information, where the specific beginning address information can be seen disclosed below, and viewed as a determination prior to execution if it is going to the correction location viewed as the beginning address of the associated routine); and 
outputting the at least one adjusted intermediate code file (Davis [0016] lines 1-12, [0043] lines 1-13 and [0045] lines 5-13; which shows being able to output the adjusted intermediate code state representation); 
wherein, in runtime, in case the indirect branch instruction is not pointing to the beginning of one of the plurality of routines, the respective verification code segment causes the at least one processor to initiate at least one predefined action (Davis [0053] lines 1-8; which shows in the case when the indirect branch is not going to the appropriate location being able to trigger and indication or exception to indicate the inconsistency, thus viewed as a predefined action).

Davis does not specifically disclose analyzing a symbol table of the at least one intermediate code file to identify a beginning address of each of the plurality of routines.

However, Chaiken discloses analyzing a symbol table of the at least one intermediate code file to identify a beginning address of each of the plurality of routines (Chaiken Col. 12 lines 5-11; which shows being able to extract from a symbol table that is associated with and intermediate representation of the code the stating address for each procedure/routine associated with it).



As to claim 2, Davis as modified by Chaiken discloses wherein the at least one intermediate code file is a member of a group consisting of: an object file, an archive file and a binary file (Chaiken Col. 3 lines 17-20; which shows that the IR representations is tied to/ a member of a binary representation the viewed as a member of the group including binary file representation).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Chaiken, showing the symbol table associated with address information, into the address information of Davis, for the purpose of increasing usability by allowing for user to understand the code information, as taught by Chaiken Col. 7 lines 50-56.

As to claim 3, Davis as modified by Chaiken discloses wherein each of the plurality of routines is a member of a group consisting of: a routine, a sub-routine and a function (Davis [0066] lines 2-5; which shows that the program is made up of routines thus viewed as a member of a group that includes routine).

As to claim 4 Davis as modified by Chaiken discloses wherein adjusting the at least one routine comprises replacing the indirect branch instruction with a direct branch instruction pointing to the respective verification code segment (Davis [0053] lines 1-8, [0054] lines 1-5; which shows that replacing the NOP instruction that is part of the indirect branch instruction with code that is directly tied to/pointing to the check/verification code information).

As to claim 10, Davis as modified by Chaiken discloses wherein the at least one predefined action is a member of a group consisting of: crashing execution of the at least one processor, halting execution of the at least one processor, causing the at least one processor to branch to a predefined address in the at least one intermediate code file, preventing the at least one processor from executing at least one potentially malicious code instruction and generating an indication that at least one indirect branch instruction is not pointing to the beginning address of one of the plurality of routines (Davis [0053] lines 1-8; which shows that the at least one predefined action includes an indication an inconsistency between the destination of the jump and the location of the jump that viewed as an indication that at least one indirect branch/jump is not pointing to the appropriate location/beginning address).

As to claim 11, Davis as modified by Chaiken discloses wherein the at least one intermediate code file is adjusted to amend at least one of: an instruction and a data element affected by the replacement of the at least one indirect branch with the invocation of the respective verification code segment (Davis [0016] lines 1-4 and [0053] which shows that the NOPs instructions are replaced with the verification/check code information).

As to claim 13, Davis as modified by Chaiken discloses  a system for generating compiled intermediate code files adjusted to prevent return oriented programming exploitation, comprising: a program store storing a code (Davis [0019] lines 6-8); and
at least one processor coupled to the program store for executing the stored code, the code comprising (Davis [0019] lines 6-8):

The remaining limitations of claim 13 are comparable to claim 1 above and rejected under the same reasoning.

As to claim 14, Davis as modified by Chaiken discloses a computer program executable file generated from at least one intermediate code file adjusted to prevent return oriented programming exploitation, comprising: a non-transitory computer readable storage medium (Davis [0070] lines 1-14); and 
a plurality of program instructions of at least one adjusted routine of a plurality of routines of an executable file generated for execution by at least one processor from at least one intermediate code file adjusted to support return address protection, in the at least one adjusted routine each indirect branch instruction is replaced with an invocation of a respective verification code segment configured to verify that the respective indirect branch instruction points to a address of one of the plurality of routines, in case the indirect branch instruction is not pointing to the beginning of one of the plurality of which shows the specifics of being able to adjusting the routine, by being able to replace the NOP which is part of the indirect branch/jump code with code that is able to check/verify if the branch is to be made to/points to the appropriate location which is viewed as including the beginning address associated since it can be seen as a checking for the appropriate address information, where the specific beginning address information can be seen disclosed specifically below, and viewed as a determination prior to execution if it is going to the correction location viewed as the beginning address of the associated routine and if determined not pointing to the right location can perform a determined action such as trigger and indication or exception to indicate the inconsistency);
wherein the plurality of program instructions are executed by the at least one processor from the non-transitory computer readable storage medium (Davis [0019] lines 6-14 and [0070] lines 1-14).

Davis does not specifically disclose the verifying that points to a beginning address of one of the plurality of routines.

However, Chaiken discloses the verifying that points to a beginning address of one of the plurality of routines (Chaiken Col. 12 lines 5-11; which shows being able to extract from table that is associated with and intermediate representation of the code the stating address for each procedure/routine associated with it, thus in light of the above disclosed verification to a particular location/address can be viewed as being able to verify that the indirect branch instruction points to the beginning address).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Chaiken, showing the symbol table associated with address information, into the address information of Davis, for the purpose of increasing usability by allowing for user to understand the code information, as taught by Chaiken Col. 7 lines 50-56.

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Davis and Chaiken, in applied to claim 4, in view of Stichnoth (Pub. No. US 2008/0028379 A1).

As to claim 5, Davis as modified by Chaiken does not specifically disclose wherein adjusting the at least one routine further comprising inserting a push to stack instruction before the direct branch instruction for pushing into stack an address pointed by the indirect branch instruction, the pushed address after popped from the stack is used by the verification code segment for the verification.

However, Stichnoth discloses  wherein adjusting the at least one routine further comprising inserting a push to stack instruction before the direct branch instruction for pushing into stack an address pointed by the indirect branch instruction, the pushed address after popped from the stack is used by the verification code which shows the specifics of push to stack operations which can add data, viewed as address information where the data can be retrieved from the stack once popped from the stack, where it is disclosed specifically above that the address information is what is used to perform the verify/check step).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Stichnoth showing the specifics of instructions including push/pop stack operations, into the instructions of Davis as modified by Chaiken, for the purpose of increasing efficiency of use by allowing for cheaper faster stack use, as taught by Stichnoth [0004] lines 17-31 and [0011] lines 1-4.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Davis and Chaiken, in applied to claim 4, in view of Chew (Pub. No. US 2014/0237144 A1).

As to claim 6, Davis as modified by Chaiken does not specifically disclose wherein adjusting the at least one routine further comprising inserting a write instruction before the direct branch instruction for writing an address pointed by the indirect branch instruction to a pre-determined register, the written address after retrieved from the pre-determined register is used by the verification code segment for the verification.

which shows the specifics of write instruction for writing an address to a predetermined register where that address information can later be retrieved from the register, where it is disclosed specifically above the specifics of inserting instruction to perform the verification/check that branch/hump is to the appropriate address).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Chew showing the writing address to predetermined register into the address verification of Davis as modified by Chaiken, for the purpose of increasing usability by helping to make sure accessing data from the same/appropriate location, as taught by Chew [0030] lines 11-28.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Davis and Chaiken, in applied to claim 4, in view of Ryu et al. (Pub. No. US 2001/0021903 A1).

As to claim 7, Davis as modified by Chaiken does not specifically disclose wherein adjusting the at least one routine further comprising inserting a write instruction before the direct branch instruction for writing an address pointed by the indirect branch 

However, Ryu discloses wherein adjusting the at least one routine further comprising inserting a write instruction before the direct branch instruction for writing an address pointed by the indirect branch instruction to a predefined variable, the written address after retrieved from the predefined variable is used by the verification code segment for the verification (Ryu [0101] lines 1-4 and [0147] lines 8-10; which shows the ability to write to a predetermined variable address information where the variable can be returned/retrieved, where it is disclosed above the specifics the inserting of instruction to check/verify if the jump is going to the correct address).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Ryu showing the writing address to a variable into the use of address information of Davis as modified by Chaiken, for the purpose of helping to increase usability by providing easy checking of information, as taught by Ryu [0023] lines 5-13.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Davis and Chaiken, in applied to claim 1, in view of Kuwabara et al. (Patent No. US 7,668,314 B2).

As to claim 8 Davis as modified by Chaiken does not specifically disclose wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on verification of a unique code preceding each of the plurality of routines in the at least one intermediate code file, the unique code verification is applied by: adding a unique code to the at least one intermediate code file in an address preceding the beginning address of each of the plurality of routines; configuring the respective verification code segment to verify that the address pointed by the indirect branch function is preceded by the unique code.

However, Kuwabara discloses wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on verification of a unique code preceding each of the plurality of routines in the at least one intermediate code file, the unique code verification is applied by: adding a unique code to the at least one intermediate code file in an address preceding the beginning address of each of the plurality of routines (Kuwabara Col. 3 lines 21-32 and claim 4; which shows the ability to add marker/identification information before location identification information, viewed as related to address where the inserted information can be before/preceding the information associated with address, where it is disclosed specifically above the ability to insert/add code to the intermediate code representations), and
configuring the respective verification code segment to verify that the address pointed by the indirect branch function is preceded by the unique code (Kuwabara Col. 3 lines 21-32 and claim 4; where shows the ability to detect/verify that the appropriate inserted maker identification information is included before with the location/address information, where it is disclosed specifically above the specifics of verification code segments to verify that address pointed to by indirect branch/jump).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to include the teachings of Kuwabara showing the further inserted information used to help verify address/location information into the verification information of Davis as modified by Chaiken, for the purpose of helping to increase usability by reducing the likelihood of erroneously determination that location is a valid location as taught by Kuwabara Col. 4 lines 5-15.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Davis and Chaiken, in applied to claim 1, in view of Biffle et al. (Pub. No. US 2015/0007142 A1).

As to claim 9, Davis as modified by Chaiken does not specifically disclose wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on a dataset mapping the beginning address of each of the plurality of routines, the dataset mapping verification is applied by: constructing the dataset to map the beginning address of each of the plurality of routines; configuring the respective verification code segment to verify that the address pointed by the indirect branch function matches the beginning address of one of the plurality of routines mapped in the dataset.

However, Biffle discloses wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on a dataset mapping the beginning address of each of the plurality of routines, the dataset mapping verification is applied by: constructing the dataset to map the beginning address of each of the plurality of routines (Biffle [0003] lines 4-6, [0047] lines 1-5 and [0053] lines 1-5; which shows the creating of a dataset/table will with the starting address of the branch destinations and mapping that information), and
configuring the respective verification code segment to verify that the address pointed by the indirect branch function matches the beginning address of one of the plurality of routines mapped in the dataset (Biffle [0047] lines 1-5, [0050] lines 5-9 and [0053] lines 1-5; which shows the validation using the table/dataset in the validation of the branch steps, where it is seen disclosed specifically above the specifics of the verification code being used to check and see if address information matches thus together can be viewed to verify that the address pointed by the indirect branch function matches the beginning address of one of the plurality of routines mapped in the dataset).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Biffle showing the use of table of address information, into the verification of address information of Davis as modified by Chaiken, for the purpose of increasing usability by more reliable analyze code to reduce false positive branch identifications, as taught by Biffle [0008] lines 1-7.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Davis and Chaiken, in applied to claim 1, in view of Moritz et al. (Patent No. US 9,754,112 B1).

As to claim 12, Davis as modified by Chaiken does not specifically disclose wherein the at least one intermediate code file is amended to update its symbol table to reflect the replacement of the at least one indirect branch with the invocation of the respective verification code segment.

However, Moritz discloses wherein the at least one intermediate code file is amended to update its symbol table to reflect the replacement of the at least one indirect branch with the invocation of the respective verification code segment (Moritz Col. 10 lines 11-21; which shows that the updated/transformed intermediate format is used to update the symbol table to reflect the updated/transformed information, where it is seen specifically disclosed above that the update includes the replacement of the indirect branch instruction with a check/verification instructions).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date to incorporate the teachings of Moritz, showing the updating of the symbol table into the symbol table information of Davis as modified by Chaiken, for the purpose of having increase in usability by having an accurate reflection of the updated information in the symbol table as taught by Moritz Col. 10 lines 11-21. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADFORD F WHEATON whose telephone number is (571)270-1779.  The examiner can normally be reached on Monday-Friday 8:00-5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BRADFORD F WHEATON/Examiner, Art Unit 2193                                                                                                                                                                                                        
/Chat C Do/Supervisory Patent Examiner, Art Unit 2193