DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement

The information disclosure statement filed  20 November 2018 fails to comply with 37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; each non-patent literature publication or that portion which caused it to be listed; and all other information or that portion which caused it to be listed.  It does not appear that Applicant has provided copies of the documents in non-patent literature citations 2 and 8.  Further, citations 2 and 8 do not comply with 37 CFR 1.98(b)(5) which requires that each publication be identified by publisher, author, title, relevant pages, date, and place of publication.  The information disclosure statement has been placed in the application file, and the information referred to therein has been considered, with the exception of the two documents noted above.

Drawings

Figure 3 should be designated by a legend such as --Prior Art-- because only that which is old is illustrated.  See MPEP § 608.02(g).  Corrected drawings in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid 

Specification

The abstract of the disclosure is objected to because it includes minor grammatical errors.  In line 2, it is not grammatically clear what the phrase “in a memory” is intended to modify.  Correction is required.  See MPEP § 608.01(b).
The disclosure is objected to because of the following informalities:  
The specification includes minor grammatical and other errors.  For example, in paragraph 0002, line 3, it appears that “codes” should read “code” because computer code is generally an uncountable noun.  See also paragraph 0007, line 3, “object codes”, and paragraph 0027, line 2, “source codes”.  In paragraph 0006, line 2, and elsewhere, the hyphenated “cyber-attack” is used, whereas previous references used “cyberattack” without a hyphen.  One format should be made consistent throughout the specification.  In paragraph 0009, lines 3-4, it is not grammatically clear what the phrase “in a memory” is intended to modify.  In paragraph 0032, line 2, the period before “230” should be deleted.  In paragraph 0033, line 5, it appears that “sops” may be intended to read “stops”.


Claim Rejections - 35 USC § 101

35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-8 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 1 is directed to a “device” that includes “security validator” with particular functions.  The dependent claims recite additional elements such as “circuits”, a compiler, and a processor.  The specification indicates that each of these elements could be implemented as software (see paragraph 0038) and therefore the entirety of Claims 1-8 could be implemented as software per se.  Computer software does not fall within any of the statutory classes of invention.  See Gottschalk v. Benson, 409 U.S. 63, 72, 175 USPQ 673, 676-77 (1972).  Software does not constitute a statutory process, because the software itself is not a series of steps that are performed.  Software is also not a machine, article, or composition of matter.  See MPEP § 2106.03(I).  When a claim encompasses both statutory and non-statutory subject matter, the claim as a whole is considered to be directed to non-statutory subject matter.  See MPEP § 2106(II).

Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to abstract ideas without significantly more.
Claim 1 recites a validator configured to store first and second computer source code, compare the first and second code, and determine whether an attack has occurred based on results of the comparison.  The comparison and determination are mental processes.  Comparing code could be performed by inspection and the determination of whether an attack is occurring based on the comparison is a simple binary decision described with simple criteria in the disclosure (if the first and second code are the same, there is no attack, and if they are different, there is an attack), which could be performed entirely in the mind or using pen and paper.  Mental processes are one of the groupings of abstract ideas set forth in MPEP § 2106.04(a).  See also MPEP § 2106.04(a)(2)(III).  Abstract ideas are judicial exceptions as per MPEP § 2106.04(I).  See also Alice Corporation Pty. Ltd. v. CLS Bank, International, et al, 573 U.S. 208, 100 USPQ2d 1976 (2014).
This judicial exception is not integrated into a practical application because the claim does not recite any use or significant further action with respect to the determination whether an attack has occurred or is in progress.  Although the claim recites storing the code, this step amounts to mere insignificant extra-solution activity, namely data gathering, as per MPEP § 2106.05(g).  Although the claim recites a memory and a “computing device”, this merely links the abstract ideas to a particular field of use or technical environment, as per MPEP § 2106.05(h), or alternately, these recitations do not constitute anything more than mere instructions to implement the abstract ideas on a computer, as per MPEP § 2106.05(f).  The abstract ideas are not 
The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception for similar reasons as detailed above with respect to the question of a practical application of the judicial exception.  Further, the step of storing the code is claimed at a high level of generality and is generally directed to receiving data over a network and storing data in memory.  These have been recognized by the courts as a well-understood, routine, and conventional function.  See MPEP § 2106.05(d)(II), citing Symantec, TLI, OIP Techs., buySAFE, and Versata.  Therefore, the claim as a whole, whether the steps are considered individually or as an ordered combination, is not directed to significantly more than the abstract idea.
Dependent Claims 2-8 only recite further details of comparisons to be made, which are further details of the abstract ideas themselves.  The dependent claims do not provide a clear practical application of the abstract ideas and do not otherwise amount to significantly more than the abstract ideas recited in independent Claim 1.
Claims 9-17 are directed to methods corresponding substantially to the functions of the devices of Claims 1-8, and are directed to abstract ideas without a practical application for similar reasons as detailed above with respect to Claims 1-8.  Although the claims recite that the method is “computer-based”, this constitutes a mere instruction to implement the abstract ideas on a computer.  See MPEP § 2106.05(f).  Therefore, the methods of Claims 9-17 are not directed to a practical application of the abstract ideas or to significantly more than the abstract ideas themselves.

Based upon consideration of all of the relevant factors with respect to the claims as an ordered combination and as a whole, Claims 1-20 are determined to be directed to abstract ideas without a practical application and without significantly more, as detailed above.  Therefore, the claimed inventions are not directed to patent eligible subject matter.

Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-8, 10, 11, and 18-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “an interface in a memory” in line 4.  It is not grammatically clear what the phrase “in a memory” is intended to modify or what the interface in a memory would encompass.  Further, it is not clear whether the interface and/or memory are part of the claimed device.  The above ambiguities render the claim indefinite.
Claim 2 recites “are determined not be semantically equivalent” in line 6.  This is grammatically unclear, although it appears that “to” should be inserted before “be”.
Claim 10 recites “determining if the first computer [source] code stored in the memory is semantically equivalent to the second computer source code stored in the memory” in lines 4-6.  However, Claim 9 already recites that the second source code is a semantically equivalent variant of the first source code, and therefore, the determination in Claim 10 does not appear to have any impact or effect, and it is not clear what the bounds of this limitation are intended to be.
Claim 11 recites “if the first computer source code stored in the memory is determined not to be semantically equivalent to the second computer source code stored in the memory” in lines 3-4.  This contradicts the recitation in Claim 9 that the second source code is a semantically equivalent variant of the first source code, which renders the claim indefinite.
Claim 18 recites “at least one compiler configured to execute the first computer source code and the second computer source code stored in the memory to produce 
Claim 19 recites determining whether “the first computer source code stored in the memory is semantically equivalent to the second computer source code stored in the memory” in lines 3-4.  However, Claim 18 already recites that the second source code is a semantically equivalent variant of the first source code, and therefore, the determination in Claim 19 does not appear to have any impact or effect, and it is not clear what the bounds of this limitation are intended to be.
Claim 20 recites the condition that “the first computer source code is determined not to be semantically equivalent to the second computer source code” in lines 4-5.  This contradicts the recitation in Claim 18 that the second source code is a semantically equivalent variant of the first source code, which renders the claim indefinite.
Claims not specifically referred to above are rejected due to their dependence on  a rejected base claim.

Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Franz et al, US Patent 8239836.
In reference to Claim 1, Franz discloses a computing device including a cybersecurity validator that stores, in a memory, first and second computer source code received via an interface (column 8, lines 54-57; Figure 1E, steps 151-152); compares the first and second source code during at least one stage of storage, compilation, or execution (column 8, line 66-column 9, line 1; Figure 1E, steps 153-154); and determines whether a cyberattack has occurred or is in progress based on results of the comparison (column 9, lines 1-3; Figure 1E, steps 155-156).
In reference to Claim 2, Franz further discloses a source code comparison circuit configured to compare the first and second source code and determine if a cyberattack has occurred or is in progress if the first and second source code are not semantically equivalent (see column 8, line 53-column 9, line 3, semantically equivalent).
In reference to Claims 3 and 4, Franz further discloses a compiler configured to compile the first and second source code into first and second object code and a comparison circuit configured to compare the first and second object code and determine if a cyberattack has occurred or is in progress if the first and second object code are different (column 8, line 53-column 9, line 3, detecting code difference).


Claims 9-17 are directed to methods corresponding substantially to the functionality of the devices of Claims 1-8, and are rejected by a similar rationale, mutatis mutandis.
Claims 18-20 are directed to systems including the validator of Claims 1-8 and its functionality, as well as an interface (column 8, lines 54-56).

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Adams, US Patent 9178905, discloses a device for providing countermeasure code to a device.
Barau et al, US Patent 9600667, discloses a method for detecting an attack by comparing results of executable code.
Jarrous et al, US Patent 10762199, discloses a method that includes changing the order of a binary file to prevent attacks.
Nam et al, US Patent Application Publication 2006/0095977, discloses a method for protecting software using shuffling.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870.  The examiner can normally be reached on weekdays 9:30-6:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Zachary A. Davis/Primary Examiner, Art Unit 2492