Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This action is in response to the claims filed 1/25/2019.  Claims 1-5 are pending.  Claims 1 (a machine), 3 (a method), and 5 (a transitory CRM) are independent.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 5 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 5 comprises subject matter that includes a transitory computer readable medium.  If the broadest reasonable interpretation of a claim includes transitory storage media, e.g. a transmission line, then the claim is not statutory subject matter. See MPEP 2106(II).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claim 1, 3, and 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lancioni et a., US 2018/0063091 (filed 2016-12), in view of Alagna et al., US 2004/0098607 (filed 2003-02), and Gruber, “Android Root Detection Techniques” (published 2013-12).
As to claims 1, 3, and 5, Lancioni discloses the device/method/CRM comprising:
a microphone; (“microphones” Lancioni ¶ 80)
a display; (“displays” Lancioni ¶ 80)
computer storage configured to store: (“Client device 200 includes a processor 210 connected to a memory 220, having stored therein executable instructions for providing an operating system 222 and at least software portions of a trusted execution framework 224. Other components of client device 200 include a storage 250” Lancioni ¶ 68)
an operating system for the mobile communication device; (“operating system” Lancioni ¶ 47)
a messaging application for effecting via a network a secure messaging session between the mobile communication device and at least one remote device; and (“the security layer includes a “smart” keyboard that… The security layer communicates with a backend server to uniquely identify the sender and the message, and may also negotiate one or more keys and policies…. Encrypts the message …. The recipient, which also has a security layer” Lancioni ¶¶ 21-30) 

a processor configured to execute the messaging application; (processor 210 in Lancioni Fig. 2) the messaging application having a launched state and an unlaunched state, (“In one example, TEF 224 includes executable instructions stored on a non-transitory medium operable to perform a method according to this specification. At an appropriate time, such as upon booting client device 200 or upon a command from operating system 222 or a user 120, processor 210 may retrieve a copy of the instructions from storage 250 and load it into memory 220.” Lancioni ¶ 75)
Lancioni does not disclose:
 and on transitioning from the unlaunched state to the launched state, the messaging application is configured either to: 
(i) check a status of the operating system and for presence of test-keys; 
check for presence of software applications that allow access to the mobile communication device in root mode thereof; 
check for an ability to perform operations on behalf of a root user; and: 
if any of these conditions is met, the mobile communication device is considered compromised and a visual warning message is displayed on the display; or 
(ii) determine occurrence of additional, unauthorized components, libraries, and modules of the operating system, and if any of these is detected, a visual warning message is displayed on the display; and 


Alagna discloses:
and on transitioning from the unlaunched state to the launched state (“Start at company X's online login page.” Alagna ¶ 60), the messaging application is configured either to: (“At this point, the institution can choose an opt-in/opt-out model or they can force the user into the security procedure.” Alagna ¶ 64. The security feature being the virus scanning detailed throughout Alagna.)
if any of these conditions is met, the mobile communication device is considered compromised and a visual warning message is displayed on the display; or (“the user can be notified that a Trojan was discovered. The user's session can be terminated so as not to allow the user to continue with the session since it might have been compromised.” Alagna ¶¶ 76-77)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Lancioni with Alagna by forcing a Trojan/virus scan, such as the scan of the security agent of Lancioni ¶ 20) in response to the execution of the secured message system (Alagna ¶¶ 60-64).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention 

Lancioni in view of Alagna does not disclose:
(i) check a status of the operating system and for presence of test-keys; 
check for presence of software applications that allow access to the mobile communication device in root mode thereof; 
check for an ability to perform operations on behalf of a root user; and: 
(ii) determine occurrence of additional, unauthorized components, libraries, and modules of the operating system, and if any of these is detected, a visual warning message is displayed on the display; and 
additionally, before initializing an incoming call, the messaging application is configured to check whether it has exclusive access to the microphone, and if the microphone is being used by another software application, the incoming call is cancelled.

Gruber discloses:
(i) check a status of the operating system and for presence of test-keys; (“Checking the BUILD tag for test-keys. By default, stock Android ROMs from Google are built with release-keys tags. If test-keys are present, this can mean that the Android build on the device is either a developer build or an unofficial Google build.” Gruber p. 1)
check for presence of software applications that allow access to the mobile communication device in root mode thereof; (“There are many files and packages that 
check for an ability to perform operations on behalf of a root user; and: (“Superuser.apk. This package is most often looked for on rooted devices. Superuser allows the user to authorize applications to run as root on the device.” Gruber p. 1)
(ii) determine occurrence of additional, unauthorized components, libraries, and modules of the operating system, and if any of these is detected, a visual warning message is displayed on the display; and 
additionally, before initializing an incoming call, the messaging application is configured to check whether it has exclusive access to the microphone, and if the microphone is being used by another software application, the incoming call is cancelled. (alternative embodiment, not required)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Lancioni in view of Alagna with Gruber by utilizing the checks of Gruber to check if the device has been rooted or is compromised (Lancioni ¶ 56).  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Lancioini in view of Alagna with Gruber in order to detect if a device is malicious or mischievously modified (Lancioni ¶ 56) so as to prevent users from continuing with secured operations that may be compromised (Alagna ¶ 77).


Claim 2 and 4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Lancioni et a., US 2018/0063091 (filed 2016-12), in view of Alagna et al., US 2004/0098607 (filed 2003-02), Gruber, “Android Root Detection Techniques” (published 2013-12), and Lal et al., US 2016/0094558 (filed 2014-09).
As to claims 2 and 4, Lancioni in view of Alagna and Gruber discloses the machine/method of claims 1 and 3 but does not disclose: 
wherein the messaging application is configured to check throughout a messaging application call whether the messaging application has exclusive access to the microphone, and if the microphone is being used by another software application, the [[a]] messaging application call is cancelled.

Lal discloses:
wherein the messaging application is configured to check throughout a messaging application call whether the messaging application has exclusive access (“the session policy may dictate whether an application module has exclusive access to the sensor module for the duration of the session.” Lal ¶ 24) to the microphone (“a phone call application may require exclusive use of the microphone for the duration of the call to prevent malware from intercepting the conversation.” Lal ¶ 25”), and if the microphone is being used by another software application, the messaging application call is cancelled. (“a first application module may set up exclusive access to the sensor module through a first session policy. Accordingly, a request for access by a second application module may violate the existing session policy and may thus be denied.” Lal ¶ 67)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Lancioni in view of Alagna and Gruber with Lal by providing the exclusive access policies of Lal in the system of Lancioni in view of Alagna and Gruber.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Lancioni in view of Alagna and Gruber with Lal in order to allow applications dictate what access is required so as to prevent other applications from intercepting a conversation (Lal ¶ 25).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Smith et al., US 8,065,695, disclsoes sending a surveyor app to a terminal in response to a login.
Johansson et al., US 2015/0067830, discloses modifying an application to prevent the application from performing user monitoring actions.1
Hay et al., US 10,366,213, discloses an application security wrapper that implements an inter application firewall.
Xuan, US 2017/0220396, discloses a method for wrapping applications with a security wrapper to secure said applications.
Cignetti et al., US 10,757,139, discloses a system for assessing the security risk of an application through API calls.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MICHAEL W CHAO/           Examiner, Art Unit 2492