Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant's arguments filed have been fully considered but they are not persuasive.

Applicant has argued that the prior art does not teach the claims as amended.  Examiner has incorporated new reference Schepis US 9,330,274 to meet the claims as amended.  Examiner has additionally objected to claim 24 as dependent on rejected independent claims but if incorporated would put the independent claims in condition for allowance.




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1, 3-5, 12, 14-16, 19, 21-23 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharjee US 2013/0097203 in view of Paithane US 9,483,644 in view of Schepis US 9,330,274.

As per claims 1, 12, 19 Paithane teaches a system safeguarding method, comprising: detecting, by a computing terminal a program operating on a terminal, and intercepting an operation performed by the program; identifying, by the computing terminal, an object on which the program performs the operation; obtaining, by the computing terminal, configuration information of the object on the terminal, and determining, based on the configuration information, that the object is a targeted monitored object; (Col 10 lines 14-57) (Col 14 lines 55-60) (Column 15 lines 10-64)
Bhattacharjee teaches determining, by the computing terminal based on the configuration information of the targeted monitored object, whether the operation performed by the program on the object is a legitimate operation; and canceling, by the computing terminal, intercepting the operation if the operation is a legitimate operation, and continuously intercepting the operation if the operation is an illegitimate operation. [0028][0033][0035][0037]
Bhattacharjee teaches in response to the object being a non-targeted monitored object detecting whether the program performed the operation on the object is a malicious program and performing a prompt operation based on a detection result [0014][0019] [0028]  Battacharjee teaches that determining according to the configuration information of a monitored type that the object belongs to, the configuration information includes an operation performed on the monitored type of objects that the user configured as a legitimate operation or an illegitimate 

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the system of Bhattacharjee with Paithane because it increases security.

Schepis teaches that targeted monitored objects that belong to one or more types or sources are preconfigured by the user to be identified as the targeted monitored objects.   Schepis teaches that determining whether an object is targeted is based on whether the object on which the program performs the operation belongs to one of the one or more types or sources preconfigured by the user. Schepis teaches determining whether an operating is legitimate is based on a format of configuration information that includes the monitored type, a type of operation performed on an object of the monitored type selected from read write and injection, and a legitimacy identification indicating a configuration  made by the user about whether the type of operation is legitimate or illegitimate.  (Column 2 lines 44-52) (Column 3 lines 42-55) (Column 4 lines 35-65) (Column 5 line 50 to Column 6 line 8)  (Column 6 lines 19-29) (Column 12 lines 12-17)    (Schepis teaches a configuration wherein a monitored media object is configured and a type of operation is selected and indicated by the user whether an application/program may perform said operation on said media file.  Thus the configuration determined what is a legitimate access or illegitimate access)

It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the user configuration of Schepis with the prior art because it allows more efficient configurations.As per claims 3, 14 Bhattacharjee teaches the method according to claim 2, determining that the 
Sonnenberg (Column 8 lines 10-35)As per claims 4, 15 Paithane teaches the method according to claim 1, wherein determining, whether the operation performed by the program on the object is a legitimate operation comprises: determining whether the operation performed by the program on the object matches a pre-configured illegitimate operation in the configuration information of the targeted monitored object, and if yes, determining that the operation performed by the program on the object is an illegitimate operation; otherwise, determining that the operation is a legitimate operation.  (Column 15 line 25 to Column 16 line 5)As per claims 5, 16  Paithane teaches in response to the object being a non-targeted monitored object detecting whether the program performed the operation on the object is a malicious program by matching malicious program signature database of the terminal with an attribute of the program or running a malicious program detection service and performing a prompt operation based on a detection result.  (Col 17 lines 1-15)
As per claim 21, Sonnenberg teaches the objects belonging to the one or more sources preset by the user includes at least one of an object from a program an object from system data or an object from user data. (Column 7 lines 5-25)



As per claim 23, Bhattacharjee teaches the configuration information of the target monitored objects further indicates an operation corresponding to a type or source of a targeted monitored object preconfigured by the user as the legitimate operation. [0014][0019] [0028]

Claims 6, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharjee US 2013/0097203 in view of Paithane US 9,483,644 in view of in view of Schepis US 9,330,274 in view of McCorkendale US 10,122,737 
As per claims 6, 17 McCorkendale teaches the method according to claim 5, wherein the detecting the program by matching a malicious program signature database of the terminal with an attribute of the program and running a malicious program detection service comprises: matching an attribute comprised in the malicious program signature database, and if the attributes are not matched, detecting the program by invoking a malicious program detection service in a cloud to detect a malicious program.  (Column 6 lines 43-65)
It would have been obvious at the time the invention was filed to use the system of McCorkendale with the prior art because it increases security.
Claims 7, 8, 9, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharjee US 2013/0097203 in view of Paithane US 9,483,644 in view of Schepis US 9,330,274 in view of Adams US 9,413,782 
As per claims 7, 18 Adams teaches the method according to claim 5, wherein the detecting the program by matching a malicious program signature database of the terminal with an attribute of the program comprises: correspondingly matching attributes in at least two dimensions comprised in the malicious program signature database of the terminal with attributes in corresponding dimensions of the program, and determining that the program is a malicious program when attributes in at least one dimension are successfully matched. (Column 21 lines 3-20)  
It would have been obvious at the time the invention was filed to use the weight and dimensions of Adams with the prior art because it increases accuracy of malware detection.

As per claim 8, Adams teaches the method according to claim 5, wherein the detecting the program by running a malicious program detection service comprises: determining weights corresponding to attributes in different dimensions of the program, matching the attributes in the different dimensions with an attribute of a prior malicious program in parallel, and determining, based on a weight corresponding to a successfully matched attribute, whether the detected program is a malicious program. (Column 21 lines 3-20)As per claim 9,  Adams teaches the method according to claim 8, wherein the determining, based on a weight corresponding to a successfully matched attribute, whether the detected program is a 
Claims 10, 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bhattacharjee US 2013/0097203 in view of Paithane US 9,483,644 in view of Schepis US 9,330,274 in view of Adams US 9,413,782 in view of Penvy US 10,375,143
As per claim 10, Penvy teaches the method according to claim 8, wherein the determining weights corresponding to attributes in different dimensions of the program comprises: inputting the attributes in different dimensions of the program into a machine learning model used for weight distribution, and distributing, based on distribution of attributes in different dimensions of a prior malicious program, a weight for an attribute in a corresponding dimension of the program.  (Column 5 lines 4-15)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the model of Penvy with the prior art because it increases security.As per claim 11, Penvy teaches the method according to claim 10, further comprising: updating a training set of the machine learning model with a sample constructed based on the detection result of the program, training a multilayer feed-forward neural network in the machine learning model based on the training set, and correcting an error of the multilayer feed-forward neural 
Allowable Subject Matter
Claim 24 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439