Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
FINAL ACTION
	This action is in response to amendment filed on 1/22/2021. Claims 1, 3, 13 and 15 are amended. Claims 1-24 are pending. 
Response to Arguments
Examiner’s Remark – Specification (Abstract)
	The examiner withdraws the objection to applicant’s Abstract in view of applicant’s amendment to their Abstract.
Examiner’s Remark – Claim Rejections - 35 USC § 112
The examiner withdraws the rejection in view of applicant’s claim amendment.
Examiner’s Remark – Claim Rejections - 35 USC § 101
The examiner withdraws the rejection in view of applicant’s claim amendment.
Examiner’s Remark – Claim Rejections - 35 USC § 103
	The examiner notes that the applicant has amended each independent claim to include the feature(s) of, “generating, by a maliciousness determination engine executed by the processor, a maliciousness score based on a comparison of the object boundaries data for visual cues from the object detection engine and the metadata from the metadata extraction engine to a reference dataset”. The examiner notes that the applicant now alleges a deficiency on the part of the cited prior 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-24 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (US Patent Publication No. 2019/0104154 and Kumar hereinafter) in view of Swingler et al. (US Patent Publication No. 2012/0311697 and Swingler hereinafter) and further in view of Yu et al. (US Patent Publication No. 2018/0276495 and Yu hereinafter)

As to claims 1 and 13, Kumar teaches a method for analyzing a received file to determine if the received file comprises malicious code, the received file capable of being opened by a native software program, the method comprising: 
generating, by a screen shot generating engine executed by a processor, an image that would be displayed if the received file is opened by the native software program (i.e., …teaches in paragraph 0059 the following: “[0059] When the URL is not found to be either malicious or benign URL is not present in the blacklist or whitelist), the URL is provided to the content fetcher 104, which obtains a screenshot of the webpage to which the URL resolves, as discussed above with respect to the training process in accordance with FIG. 1. The content fetcher 104 then provides the screenshot of the webpage (e.g., an image file, or an identifier enabling, retrieval of the image file) to the feature generation logic 106. The 
analyzing, by an object detection engine executed by the processor, the image and generating object boundaries data (i.e., …teaches in paragraph 0059 the following: “The feature generation logic 106 uses computer vision techniques to detect keypoints within the screenshot.”). 

Kumar does not expressly teach:
extracting, by a metadata extraction engine, metadata from the received file.
	In this instance the examiner notes the teachings of prior art reference Swingler. 
Swinger teaches in paragraph 00038 the following: “in response to a request to load an application, at block 701, metadata is extracted from the application”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar with the teachings of Swingler by including the feature of file data extraction. Utilizing file data extraction as taught by Swingler above allows a system to provide comprehensive file verification and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, Kumars system will obtain the capability to provide enhanced file integrity. 

The system of Kumar and Swingler do not expressly teach: 

In this instance the examiner notes the teachings of prior art Yu. 
Yu teaches paragraph 0019 the following: “an input image is analyzed using a trained neural network to localize and predict a set of aspect values of an object depicted in the input image. A set of visual cues may be presented over the input image such that the visual cues correspond to locations on the input image that are associated with the predicted aspect values for the depicted object. A set of locations, associated with a given predicted aspect value, can be regarded as salient regions of the input image that drive (e.g., cause) the prediction of the aspect value. Some locations may be more relevant than others, and that level of relevance may also be reflected in connection with the visual cues (e.g., heat map-based visual cues that show more salient locations to be hotter). Through the visual cues, various embodiments can mark and visually present a user with aspect localizations over the input image.”. Further teaches in paragraph 0092 the following: “The visual search service may then calculate a visual similarity measure between images, such as between a particular candidate product image and the input query image. The visual similarity measure may be estimated by calculating a distance value between two image signatures. The distance value may comprise a Hamming distance, by way of example but not limitation. A Hamming distance generally describes the number of bits that are different in two binary vectors. Similar images being compared may therefore have a smaller Hamming distance between them, and thus a higher visual similarity measure, than less similar images. The visual similarity measure is therefore useful as a search result score, e.g., for the candidate product at hand”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar and Swingler with the teachings of Yu by including the feature of visual aspect localization. Utilizing visual aspect localization as taught by Yu 

As to claims 2 and 14, Kumar teaches a method of claim 1, further comprising: generating an alert, by the processor, if the maliciousness score exceeds a threshold (i.e.,…teaches in paragraph 70 the following: “generates and issues an alert”).

As to claims 3 and 15, the system of Kumar and Swingler and teaches image processing however neither reference expressly teaches a method of claim 1, wherein the step of generating object boundaries data further comprises generating object boundaries data by utilizing the object detection engine with a convolutional neural network.
In this instance the examiner notes the teachings of prior art Yu. 
Yu teaches paragraph 0019 the following: “an input image is analyzed using a trained neural network to localize and predict a set of aspect values of an object depicted in the input image. A set of visual cues may be presented over the input image such that the visual cues correspond to locations on the input image that are associated with the predicted aspect values for the depicted object. A set of locations, associated with a given predicted aspect value, can be regarded as salient regions of the input image that drive (e.g., cause) the prediction of the aspect value. Some locations may be more relevant than others, and that level of relevance may also be reflected in connection with the visual cues (e.g., heat map-based visual cues that show more salient locations to be hotter). Through the visual cues, various embodiments can mark and visually present a user with aspect localizations over the input 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar and Swingler with the teachings of Yu by including the feature of visual aspect localization. Utilizing visual aspect localization as taught by Yu above allows a system to provide comprehensive malware detection and therefore provides the motivation in this instance to combine the references. The examiner contends that by combining the references, the system of Kumar and Swingler will obtain the capability to provide enhanced data security. 

As to claims 4 and 16, Kumar teaches a method of claim 1, wherein the reference dataset is generated from known benign files and known malicious files (i.e., …teaches in paragraph 0044 the following: “list of URLs may be either known, benign websites (e.g., those that are often used in carrying out phishing attacks) and/or known phishing websites.”.).

As to claims 5 and 17, Kumar teaches a method of claim 1, wherein the received file is a word processing file (i.e., …teaches in paragraph 0037 the following: “word processing document such as Word.RTM”.).

As to claims 6 and 18, Kumar teaches a method of claim 1, wherein the received file is a web page (i.e., ..teaches in paragraph 0061 the following: “screenshot with the keypoints of the webpage”).

As to claims 7 and 19, Kumar teaches a method of claim 1, wherein the received file is an email (i.e., …teaches in paragraph 0065 the following: “the object may be a URL for analysis. However, in an alternative embodiment, the object may be, for example, an email message (email) wherein the content of the email”).

As to claims 8 and 20, Kumar teaches a method of claim 1, wherein the image is generated without malicious code being executed by the processor (i.e., …teaches in paragraph 0059 the following: “[0059] When the URL is not found to be either malicious or benign URL is not present in the blacklist or whitelist), the URL is provided to the content fetcher 104, which obtains a screenshot of the webpage to which the URL resolves, as discussed above with respect to the training process).

As to claims 9 and 21, the system of Kumar teaches malicious activity detection however Kumar does not expressly teach a method of claim 2, further comprising: in response to the alert, disabling the execution of the received file.
In this instance the examiner notes the teachings of prior art reference Swingler. 
Swinger teaches in paragraph 0006 the following: “a user may be prompted whether the execution of the application should be allowed or denied entirely”.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar with the teachings of Swingler by including the feature of virus mitigation. Utilizing virus mitigation as taught by Swingler above allows a system to 

As to claims 10 and 22, Kumar teaches a method of claim 1, wherein the processor is contained in a server (i.e., …teaches in paragraph 0038 the following: “a server”).

As to claims 11 and 23, Kumar teaches a method of claim 1, wherein the processor is contained in a client device (teaches in paragraph 0038 a client device).

As to claims 12 and 24, Kumar teaches a method of claim 1, further comprising: displaying, on a display device, visual elements in the screenshot that contributed to the maliciousness score (i.e., …teaches as part of his claim 7 element the following: “wherein the subject screenshot includes image data of the subject webpage that is configured to be displayable on a computer screen”.).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRYAN F WRIGHT whose telephone number is (571)270-3826.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BRYAN F WRIGHT/Examiner, Art Unit 2497