DETAILED ACTION
All pending claims 1, 4-8, 11-15, and 18-20 are presented for continued examination in this Office Action.  

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 03/09/2021 has been entered.

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Set #1.

Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted before this Office action is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement(s) is/are being considered by the examiner.

Response to Arguments
Applicant Amendments/arguments and Remarks, filed after final on 02/02/2021 and also used for this RCE, have been carefully reconsidered and are responded in the following.

In response to the Applicant’s remarks on double patenting, the request for the rejections being held in abeyance until next office action is accepted. Accordingly, the double patenting rejections remain.

Applicant’s arguments, page(s) 8-9 of the Remarks, with regards to claims 1, 4-8, 11-15, and 18-20 being rejected under 35 U.S.C. § 103 have been reconsidered carefully. 
First, Applicant argues the newly added limitations for converting bytes in the byte stream of the executable binary software code into text characters based on at least one of an American Standard Code for Information Interchange (ASCII) encoding protocol or a Unicode protocol; and identifying the one or more text strings in the text characters.” See pages 9-10 of the Remarks.
Applicant arguments are persuasive. However, the Examiner now finds these limitations are taught by another reference; see the office action in the following.
Secondly, the Applicant argues the rejection of claims 5, 12, and 19 under 35 U.S.C. §103(a) over Fanning and Bettini in view of Provos by relying on the arguments made for the amended claim 1.  The Examiner respectively points out that Provos still teaches the feature wherein the security risk is detected based on the network category type, because Provos 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using 

Claims 1, 4-8, 11-15, and 18-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/148,757 (hereinafter “APP-757”) in view of Bettini (US 8713684 B2). 

Regarding claim 1, APP-757 teaches a computer-implemented method, comprising:
scanning, by at least one hardware processor, a binary software code to identify one or more text strings (APP-757, CLM. 1: scanning … a set of binary software code to identify one or more network addresses.  Note here that the one or more network addresses are mapped to the limitation of “one or more text strings” as recited herein); 
detecting, by the at least one hardware processor, a security risk in the disassembled binary software code (APP-757, CLM. 1: determining security level information of the network addresses is obviously the same as detecting a security risk; APP-757 also discloses a step for indicating a security risk of the set of binary software code).
While APP-757 suggests extracting network addresses from the step for scanning a set of binary software code (in a disassembled form), APP-757 is silent about steps for associating the binary with the software language and disassembling based on the software language.
In a related art, Bettini teaches:
associating, by the at least one hardware processor, the binary software code with a software language based on the identified one or more text strings (Bettini, Clm. 1: extract metadata associated with the application, the metadata comprising application permissions, file and version name); 

Bettini is analogous art to the claimed invention in a similar field of endeavor in improving the risk assessment of malware from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the APP-757 by Bettini such that the combination of APP-757 and Bettini would have made obvious that risks of malware can be quantified from disassembled binary software code for malware analysis. For this combination, the motivation would have been to improve the risk assessment of software apps and associated security analysis of disassembled executable code.
Independent claims 8 and 15 are rejected for the same reason as that for claim 1
Regarding dependent claims 4-7, 11-14, and 18-20 of the present application, they are obvious variants of the same subject matter as found in APP-757, and thereby rejected under the judicially created doctrine of obviousness-type double patenting.
This is a provisional nonstatutory double patenting rejection.

Claims 1, 4-8, 11-15, and 18-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/148,730 (hereinafter “APP-730”) in view of Bettini (US 8713684 B2).

Regarding claim 1, APP-730 teaches a computer-implemented method, comprising:
scanning, by at least one hardware processor, a binary software code to identify one or more text strings (APP-730, CLM. 1: receiving a set of binary software code and a functional 
detecting, by the at least one hardware processor, a security risk in the disassembled binary software code (APP-730, CLM. 8: detecting a presence at least one security vulnerability).
However, APP-730 steps for associating the binary with the software language and disassembling based on the software language.
In a related art, Bettini teaches:
associating, by the at least one hardware processor, the binary software code with a software language based on the identified one or more text strings (Bettini, Clm. 1: extract metadata associated with the application, the metadata comprising application permissions, file and version name); 
disassembling, by the at least one hardware processor, the binary software code based on the software language associated with the binary software code (Bettini, Clm. 1: perform a disassembly/byte code pass for risk assessment after scanning of apps based on security requirements, wherein the extracted metadata indicates software language and version).
Bettini is analogous art to the claimed invention in a similar field of endeavor in improving the risk assessment of malware from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the APP-730 by Bettini such that the combination of APP-730 and Bettini would have made obvious that risks of malware can be quantified from disassembled binary software code for malware analysis. For this combination, the motivation would have been to improve the risk assessment of software apps and associated security analysis of disassembled executable code.
Independent claims 8 and 15 are rejected for the same reason as that for claim 1
APP-730, and thereby rejected under the judicially created doctrine of obviousness-type double patenting.
This is a provisional nonstatutory double patenting rejection.

Claims 1, 4-8, 11-15, and 18-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 16/139,306 (hereinafter “APP-306”) in view of Bettini. 

Regarding claim 1, APP-306 teaches a computer-implemented method, comprising:
scanning, by at least one hardware processor, a binary software code to identify one or more text strings (APP-306, CLM. 1: processing a binary file to determine a security risk associated with the binary file.  Note here that the metadata is “one or more text strings” as recited herein); 
detecting, by the at least one hardware processor, a security risk in the disassembled binary software code (APP-306, CLM. 2: determining security risk based on the code size which is indicated by the metadata).
However, APP-306 does not explicitly disclose steps for associating the binary with the software language and disassembling based on the software language.
In a related art, Bettini teaches:
associating, by the at least one hardware processor, the binary software code with a software language based on the identified one or more text strings (Bettini, Clm. 1: extract metadata associated with the application, the metadata comprising application permissions, file and version name); 
disassembling, by the at least one hardware processor, the binary software code based on the software language associated with the binary software code (Bettini, Clm. 1: perform a 
Bettini is analogous art to the claimed invention in a similar field of endeavor in improving the risk assessment of malware from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the APP-306 by Bettini such that the combination of APP-306 and Bettini would have made obvious that risks of malware can be quantified from disassembled binary software code for malware analysis. For this combination, the motivation would have been to improve the risk assessment of software apps and associated security analysis of disassembled executable code.
Independent claims 8 and 15 are rejected for the same reason as that for claim 1
Regarding dependent claims 4-7, 11-14, and 18-20 of the present application, they are obvious variants of the same subject matter as found in APP-306, and thereby rejected under the judicially created doctrine of obviousness-type double patenting.
This is a provisional nonstatutory double patenting rejection.

	It is noted that the applications 16/148,692 and 16/129,321 are determined not to be double patenting with the instant application.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1, 4, 6-8, 11, 13-15, 18, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Repasi (US 20080066180 A1) in view of Bettini (US 8713684 B2), and further in view of Chen (US 20060036394 A1).

As per claim 1, Repasi teaches a computer-implemented method, comprising: 
scanning, by at least one hardware processor, a binary software code to identify one or more text strings, wherein the binary software code is executable (Repasi, Table 2 and par. 0192-0193.  In Table 2, line 130, Repasi discloses a line of code: bMatched =  scan_binary_data (message.data); meaning that an executable binary of the message or URL is scanned to identify text strings; see also par. 0146 and 0153 for that the binary may comprise an executable entity, a run key entity or a dynamic linked library entity),
detecting, by the at least one hardware processor, a security risk in the disassembled binary software code (par. 0185 and 0187: detecting one or more common suspicious entities, the level of maliciousness, and risks).  
Repasi discloses scanning and detecting an executable binary of the message or URL, Repasi does not explicitly disclose the steps of associating the binary software code with a software language based on any characteristics of the binary in text form and disassembling based on the software language.  This aspect of the claim is a difference.
In a related art, Bettini teaches:
associating, by the at least one hardware processor, the binary software code with a software language based on the identified one or more text strings (Bettini, Clm. 1: extract metadata associated with the application, the metadata comprising application permissions and versions of software; DETX 56-57 and 64: metadata associated with the app is extracted. In particular, metadata associated with the app can include information that is important for assessing the overall risk(s), including platform and language information such as Android, java at Amazon's and Google's Android App Market; col. 9, lines 30-67); 
disassembling, by the at least one hardware processor, the binary software code based on the software language associated with the binary software code (Bettini, Clm. 1: perform a disassembly/byte code pass for risk assessment after scanning of apps based on security requirements, wherein the extracted metadata indicates software language and version; col. 9, lines 30-45; col. 17, lines 38-43); 
Repasi and Bettini are analogous art to the claimed invention in a similar field of endeavor in improving the risk assessment of malware from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Repasi by Bettini to use Bettini’s techniques for assessing risks of malware which can be quantified from disassembled binary software code for malware analysis. For this combination, the motivation would have been to improve the risk assessment of software apps and associated security analysis of disassembled executable code.
However, Repasi and Bettini as combined above do not explicitly disclose the scanning comprises converting bytes in the byte stream of the executable binary software code into text 
In a related art, Chen teaches,
the scanning the binary software code to identify the one or more text strings comprises: 
reading a byte stream in the executable binary software code (Chen, the Abstract and par. 0021-0022: receiving and scanning binary files from different probes); 
converting bytes in the byte stream of the executable binary software code into text characters based on at least one of an American Standard Code for Information Interchange (ASCII) encoding protocol or a Unicode protocol (Chen, par. 0104: periodically scans …and automatically processes any existing TSK format binary wafer file based on a given lookup table. It calls tsk2tsmc.exe for each binary wafer file to produce TSMC format ASCII wafer file; see also par. 0028 for minimizing risks of data loss); and 
identifying the one or more text strings in the text characters (Chen, par. 0169-0176: strings and texts are identified from binary files, including any text string up to 6 characters; see also Table 2, Field 1, the text string for device name, which is recognized from the binary-to text conversion).
Chen is analogous art to the claimed invention in a similar field of endeavor in improving testing results from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Repasi-Bettini system include binary-to text conversion or text extraction in the scanning module. For this combination, the motivation would have been to improve the security analysis of disassembled executable code.



As per claim 4, the references as combined above teach the method of claim 1, further comprising: decompiling the binary software code according to the software language associated with the binary software code (Bettini, a decompilation engine 106: DETX 64: At 210, a decompilation phase is performed to facilitate generating a source code version of the app (e.g., apps are typically provided by the enterprise app stores/public app stores only in executable formats). In some embodiments, a decompilation phase is performed using a decompilation engine; col. 12, lines 8-35).  

As per claim 6, the references as combined above teach the method of claim 1, further comprising: outputting an indication of the security risk (Bettini, FIGS. 4 and 5: the star ratings of risk. For example, FIG. 4 is a screen diagram of an apps view of a user interface for a platform for quantifying risks of apps for mobile devices in accordance with some embodiments. As shown, the apps view 402 lists various apps that have been analyzed including indicating a star rating for each of the apps).  

As per claim 7, the references as combined above teach the method of claim 6, further comprising: outputting the one or more text strings with the indication of the security risk (Bettini, FIG. 5 shows that the detailed report 502 provides the output of a report generated for an "Actions" app for an iOS phone/tablet, which has been analyzed by the platform and includes a star rating for the app (e.g., 4 stars as shown), with selectable tabs that include Details, Rating, and Inspection).  

As per claim 8, Repasi teaches a device, comprising: at least one hardware processor; and 
one or more computer-readable storage media coupled to the at least one hardware processor and storing programming instructions for execution by the at least one hardware 
scanning, by the at least one hardware processor, a binary software code to identify one or more text strings, wherein the binary software code is executable (Repasi, Table 2 and par. 0192-0193.  In Table 2, line 130, Repasi discloses a line of code: bMatched =  scan_binary_data (message.data); meaning that an executable binary of the message or URL is scanned to identify text strings; see also par. 0146 and 0153 for that the binary may comprise an executable entity, a run key entity or a dynamic linked library entity);
detecting, by the at least one hardware processor, a security risk in the disassembled binary software code (Repasi, par. 0185 and 0187: detecting one or more common suspicious entities, the level of maliciousness, and risks).  
While Repasi discloses scanning and detecting an executable binary of the message or URL, Repasi does not explicitly disclose the steps of disassembling based on the software language.  This aspect of the claim is a difference.
In a related art, Bettini teaches:
disassembling, by the at least one hardware processor, the binary software code based on the software language associated with the binary software code (Bettini, Clm. 1: perform a disassembly/byte code pass for risk assessment after scanning of apps based on security requirements, wherein the extracted metadata indicates software language and version; col. 9, lines 30-45; col. 17, lines 38-43); 
Repasi and Bettini are analogous art to the claimed invention in a similar field of endeavor in improving the risk assessment of malware from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Repasi by Bettini to use Bettini’s techniques for assessing risks of malware which can be quantified from disassembled binary software code for malware analysis. 
However, Repasi and Bettini as combined above do not explicitly disclose the scanning comprises converting bytes in the byte stream of the executable binary software code into text characters based on ASCII encoding protocol or a Unicode protocol.  This aspect of the claim is a further difference.
In a related art, Chen teaches,
the scanning the binary software code to identify the one or more text strings comprises: 
reading a byte stream in the executable binary software code (Chen, the Abstract and par. 0021-0022: receiving and scanning binary files from different probes); 
converting bytes in the byte stream of the executable binary software code into text characters based on at least one of an American Standard Code for Information Interchange (ASCII) encoding protocol or a Unicode protocol (Chen, par. 0104: periodically scans …and automatically processes any existing TSK format binary wafer file based on a given lookup table. It calls tsk2tsmc.exe for each binary wafer file to produce TSMC format ASCII wafer file; see also par. 0028 for minimizing risks of data loss); and 
identifying the one or more text strings in the text characters; associating, by the at least one hardware processor, the binary software code with a software language based on the identified one or more text strings (Chen, par. 0169-0176: strings and texts are identified from binary files, including any text string up to 6 characters; see also Table 2, Field 1, the text string for device name, which is recognized from the binary-to text conversion).
Chen is analogous art to the claimed invention in a similar field of endeavor in improving testing results from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Repasi-Bettini system include binary-to text conversion or text extraction in the scanning module. For this 
 
As per claim 11, the references as combined above teach the device of claim 8, wherein the operations further comprise: decompiling the binary software code according to the software language associated with the binary software code (Bettini, a decompilation engine 106: DETX 64: At 210, a decompilation phase is performed to facilitate generating a source code version of the app (e.g., apps are typically provided by the enterprise app stores/public app stores only in executable formats). In some embodiments, a decompilation phase is performed using a decompilation engine; col. 12, lines 8-35).  
 
As per claim 13, the references as combined above teach the device of claim 8, wherein the operations further comprise: outputting an indication of the security risk (Bettini, FIGS. 4 and 5: the star ratings of risk. For example, FIG. 4 is a screen diagram of an apps view of a user interface for a platform for quantifying risks of apps for mobile devices in accordance with some embodiments. As shown, the apps view 402 lists various apps that have been analyzed including indicating a star rating for each of the apps).  

As per claim 14. (Currently Amended) The device of claim 13, wherein the operations further comprise: outputting the one or more text strings with the indication of the security risk (Bettini, FIG. 5 shows that the detailed report 502 provides the output of a report generated for an "Actions" app for an iOS phone/tablet, which has been analyzed by the platform and includes a star rating for the app (e.g., 4 stars as shown), with selectable tabs that include Details, Rating, and Inspection).  

As per claim 15, Repasi teaches one or more non-transitory computer-readable media containing instructions which, when executed, cause a computing device to perform operations comprising: 
scanning, by at least one hardware processor, a binary software code to identify one or more text strings, wherein the binary software code is executable (Repasi, Table 2 and par. 0192-0193.  In Table 2, line 130, Repasi discloses a line of code: bMatched =  scan_binary_data (message.data); meaning that an executable binary of the message or URL is scanned to identify text strings; see also par. 0146 and 0153 for that the binary may comprise an executable entity, a run key entity or a dynamic linked library entity);
detecting, by the at least one hardware processor, a security risk in the disassembled binary software code (Repasi, par. 0185 and 0187: detecting one or more common suspicious entities, the level of maliciousness, and risks).  
While Repasi discloses scanning and detecting an executable binary of the message or URL, Repasi does not explicitly disclose the steps of associating the binary software code with a software language based on any characteristics of the binary in text form and disassembling based on the software language.  This aspect of the claim is a difference.
In a related art, Bettini teaches:
associating, by the at least one hardware processor, the binary software code with a software language based on the identified one or more text strings (Bettini, Clm. 1: extract metadata associated with the application, the metadata comprising application permissions and versions of software; DETX 56-57 and 64: metadata associated with the app is extracted. In particular, metadata associated with the app can include information that is important for assessing the overall risk(s), including platform and language information such as Android, java at Amazon's and Google's Android App Market; col. 9, lines 30-67); 
disassembling, by the at least one hardware processor, the binary software code based on the software language associated with the binary software code (Bettini, Clm. 1: perform a 
Repasi and Bettini are analogous art to the claimed invention in a similar field of endeavor in improving the risk assessment of malware from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Repasi by Bettini to use Bettini’s techniques for assessing risks of malware which can be quantified from disassembled binary software code for malware analysis. For this combination, the motivation would have been to improve the risk assessment of software apps and associated security analysis of disassembled executable code.
However, Repasi and Bettini as combined above do not explicitly disclose the scanning comprises converting bytes in the byte stream of the executable binary software code into text characters based on ASCII encoding protocol or a Unicode protocol.  This aspect of the claim is a further difference.
In a related art, Chen teaches,
the scanning the binary software code to identify the one or more text strings comprises: 
reading a byte stream in the executable binary software code (Chen, the Abstract and par. 0021-0022: receiving and scanning binary files from different probes); 
converting bytes in the byte stream of the executable binary software code into text characters based on at least one of an American Standard Code for Information Interchange (ASCII) encoding protocol or a Unicode protocol (Chen, par. 0104: periodically scans …and automatically processes any existing TSK format binary wafer file based on a given lookup table. It calls tsk2tsmc.exe for each binary wafer file to produce TSMC format ASCII wafer file; see also par. 0028 for minimizing risks of data loss); and 
identifying the one or more text strings in the text characters (Chen, par. 0169-0176: strings and texts are identified from binary files, including any text string up to 6 characters; see 
Chen is analogous art to the claimed invention in a similar field of endeavor in improving testing results from code analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify the Repasi-Bettini system include binary-to text conversion or text extraction in the scanning module. For this combination, the motivation would have been to improve the security analysis of disassembled executable code.

As per claim 18, the references as combined above teach the one or more computer-readable media of claim 15, wherein the operations further comprise: 
decompiling the binary software code according to the software language associated with the binary software code (Bettini, a decompilation engine 106: DETX 64: At 210, a decompilation phase is performed to facilitate generating a source code version of the app (e.g., apps are typically provided by the enterprise app stores/public app stores only in executable formats). In some embodiments, a decompilation phase is performed using a decompilation engine; col. 12, lines 8-35).  

As per claim 20, the references as combined above teach the one or more computer-readable media of claim 15, wherein the operations further comprise: outputting an indication of the security risk (Bettini, FIGS. 4 and 5: the star ratings of risk. For example, FIG. 4 is a screen diagram of an apps view of a user interface for a platform for quantifying risks of apps for mobile devices in accordance with some embodiments. As shown, the apps view 402 lists various apps that have been analyzed including indicating a star rating for each of the apps).  

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Repasi and Bettini and Chen, as applied to claim 1, further in view of Provos (US 20170111375 A1).

As per claim 5, the references of Repasi and Bettini and Chen as combined above teach the method of claim 1, but do not explicitly disclose the step for determining that the one or more text strings include at least one of an email address or URL. This aspect of the claim is identified as a further difference.
In a related art, Provos teaches:
further comprising: 
determining that the one or more text strings include at least one of an email address or a Uniform Resource Locator (URL) (Provos, par. 0033 and 0035: URLs are analyzed; and characteristic of malware comprises evaluating iFrame features, URL features; see also clms. 3, 4, and 10); and 
as a result of determining that the one or more text strings include at least one of the email address or the URL, associating the binary software code with a network category type (Provos, par. 0048-0049: "tiered" into risk categories); 
wherein the security risk is detected based on the network category type (Provos, par. 0093: determining risks using different feature thresholds that may exist for different tiers of advertisers, such as tiers based on malware risk.  For example, risky ads and no malware-related ads are used for determining risks; Provos also discloses one or more of the publisher's web properties (e.g., websites and type of networks) are used for risk analysis, such as a local area network (LAN), wide area network (WAN), the Internet, or a combination thereof, connects the advertisers 102, the system 104, the publishers 106, and the users 108; par. 0022-0024).
Provos is analogous art, because they are in a similar field of endeavor in improving risk analysis.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine them and to use Provos to include at least one of an email address or URL in the text strings.  For this combination, the motivation would have been to improve the level of detail in implementing the risk evaluation process.

As per claim 12, it is drawn to the device of claim 8, with the same limitation as claim 5.  Therefore, this claim is rejected for the same reason as claim 5.

As per claim 19, it is drawn to the one or more computer-readable media of claim 15, with the same limitation as claim 5.  Therefore, this claim is rejected for the same reason as claim 5.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
It is noted that US PG-PUB US 20150304337 A1 to Nguyen‐Tuong discloses a practice of extracting string fragments from binary programs and attempt used the Linux program strings, which linearly scans a binary program and extracts null‐terminated sequences of ASCII characters. See par. 0097.  Nguyen‐Tuong herein at least teaches the following limitation of claim 1: the scanning …comprises: “reading a byte stream in the executable binary software code; converting bytes in the byte stream of the executable binary software code into text characters based on at least one of an American Standard Code for Information Interchange (ASCII) encoding protocol or a Unicode protocol.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Don Zhao whose telephone number is (571)272-9953.  The examiner can normally be reached on 9 am to 5 pm Monday thru Friday.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 5712723862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Don G Zhao/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        04/21/2020