DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 9/15/2020 has been entered.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Remarks
This communication is in response to the amendment filed 9/15/2020. 

Status of Claims
Claims 1-3, 7, 9-13, 17, 19-20 are pending; of which claims 1-3, 7, 9-13, 17, 19-20 are allowed.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Jun Cheng, Reg. No. 75,406 on 5/6/2021.
	
The application has been amended as follows:

Claim 1. (currently amended)  An application security protection method, comprising:
obtaining, from a top of a stack installed locally on a terminal, information about a recently-opened application software, wherein the stack is configured to store information about opened applications;
acquiring an application software list, installed locally on the terminal having a predetermined application type, wherein the predetermined application type indicates a category of function for applications in the application software list; 
determining whether the recently-opened application software is of the pre-determined application type by comparing the obtained information about the recently-opened application software with an information library for the predetermined application type;
in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library; 
in response to the determination that the application software is malicious, marking an icon of the application software displayed on a display of the terminal with at least one of a corner mark, a different color, or a highlighting, to indicate that the application software is malicious;
receiving an opening instruction for a current application software;
determining whether an application software protection triggering condition is satisfied;

in response to the determination that the current application software is marked as malicious, providing prompt information indicating that the current application software is malicious; 
when an opening continuing instruction for continuing to open the current application software is received, starting the current application software; and
wherein the method further comprises generating the local malicious software library by:
	starting scanning each [[of]] application software in the application software list, and obtaining a scanning result about scanning each of the application software in the application software list,
	judging, according to the scanning result, whether corresponding application software is malicious, and
	when it is judged that the corresponding application software is malicious, identifying a malicious type of the corresponding application software from a plurality of malicious types, the malicious types comprising payment, privacy stealing, remote control, malicious propagation, charge consumption, system destruction, frauds, and rogueries, and adding information about the corresponding application software corresponding to the malicious type to the local malicious software library

Claim 11. (currently amended)  A terminal, comprising a processor and a memory having stored thereon instructions, when executed by the processor, causing the processor to execute the steps of:
obtaining, from a top of a stack installed locally on the terminal, information about a recently-opened application software, wherein the stack is configured to store information about opened applications;

determining whether the recently-opened application software is of the pre-determined application type by comparing the obtained information about the recently-opened application software with an information library for the predetermined application type;
in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library; 
in response to the determination that the application software is malicious, marking an icon of the application software displayed on a display of the terminal with at least one of a corner mark, a different color, or a highlighting, to indicate that the application software is malicious;
receiving an opening instruction for a current application software;
determining whether an application software protection triggering condition is satisfied;
in response to the determination that the application software protection triggering condition is satisfied, determining whether current application software is marked as malicious;
in response to the determination that the current application software is marked as malicious, providing prompt information indicating that the current application software is malicious; 
when an opening continuing instruction for continuing to open the current application software is received, starting the current application software;
starting scanning each [[of]] application software in the application software list, and obtaining a scanning result about scanning each of the application software in the application software list;
judging, according to the scanning result, whether corresponding application software is malicious; and
 from a plurality of malicious types, the malicious types comprising payment, privacy stealing, remote control, malicious propagation, charge consumption, system destruction, frauds, and rogueries, and adding information about the corresponding application software corresponding to the malicious type to a local malicious software library

Claim 20. (currently amended) A non-volatile storage non-transitory computer readable medium comprising a computer readable program, wherein when the computer readable program in the non-transitory computer readable medium storage medium is executed, an application security protection method is executed, the method comprising:
obtaining, from a top of a stack installed locally on a terminal, information about a recently-opened application software, wherein the stack is configured to store information about opened applications;
acquiring an application software list, installed locally on the terminal having a predetermined application type, wherein the predetermined application type indicates a category of function for applications in the application software list;
determining whether the recently-opened application software is of the pre-determined application type by comparing the obtained information about the recently-opened application software with an information library for the predetermined application type;
in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library; 

receiving an opening instruction for current application software;
determining whether an application software protection triggering condition is satisfied;
in response to the determination that the application software protection triggering condition is satisfied, determining whether the current application software is marked as malicious;
in response to the determination that the current application software is marked as malicious, providing prompt information indicating that the current application software is malicious; 
when an opening continuing instruction for continuing to open the current application software is received, starting the current application software;
starting scanning each [[of]] application software in the application software list, and obtaining a scanning result about scanning each of the application software in the application software list;
judging, according to the scanning result, whether corresponding application software is malicious; and
when it is judged that the corresponding application software is malicious, identifying a malicious type of the corresponding application software from a plurality of malicious types, the malicious types comprising payment, privacy stealing, remote control, malicious propagation, charge consumption, system destruction, frauds, and rogueries, and adding information about the corresponding application software corresponding to the malicious type to a local malicious software library

REASONS FOR ALLOWANCE

None of the prior arts of record individually or in combination explicitly teach or fairly suggest each and every claimed limitation of the current invention as amended by the applicant, especially the limitations of “in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library” in combination with “when it is judged that the corresponding application software is malicious, identifying a malicious type of the corresponding application software from a plurality of malicious types, the malicious types comprising payment, privacy stealing, remote control, malicious propagation, charge consumption, system destruction, frauds, and rogueries, and adding information about the corresponding application software corresponding to the malicious type to a local malicious software library”, as in claim 1 as amended, as well as the corresponding subject matter from claims 11 and 20.
The nearest prior art of record, Archer et al (PGPUB 2013/0318614) teaches an application security protection method (abstract), comprising acquiring an application software list having a predetermined application type (paragraph 51-52), determining whether the application software is malicious (paragraph 17, 53), marking the application software with a highlight in response (paragraph 54), upon receiving an opening instruction for an application, determining whether the application is marked as malicious, and if so, prompting the user (paragraph 54, 59, 62).
However, Archer does not explicitly teach nor fairly suggest, in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library, or when it is judged that the corresponding application software is malicious, identifying a malicious type of the corresponding application software from a plurality of malicious types, the malicious types comprising payment, privacy stealing, remote control, malicious propagation, 
Treadwell (PGPUB 2009/0165131) teaches an application security protection method (abstract), comprising receiving an opening instruction for an application (paragraph 21), determining whether the application is marked as malicious (paragraph 20-21), prompting the user if the application is marked as malicious (paragraph 20-21, 25), and continuing to start the application if the user chooses to allow execution (paragraph 20-21, 25).
However, Treadwell does not explicitly teach nor fairly suggest, in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library, or when it is judged that the corresponding application software is malicious, identifying a malicious type of the corresponding application software from a plurality of malicious types, the malicious types comprising payment, privacy stealing, remote control, malicious propagation, charge consumption, system destruction, frauds, and rogueries, and adding information about the corresponding application software corresponding to the malicious type to a local malicious software library.
Pagan (PGPUB 2013/0318614) teaches obtaining information about recently-opened software from a software stack installed locally on a terminal (abstract, paragraph 27), and determining whether the recently-opened software is malicious (paragraph 28), 
However, Pagan does not explicitly teach nor fairly suggest, in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library, or when it is judged that the corresponding application software is malicious, 
Liu (PGPUB 2013/0198872) teaches marking an icon of application software displayed on a terminal with a color or highlight to indicate that the application is malicious (paragraph 50, 142).
However, Liu does not explicitly teach nor fairly suggest, in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library, or when it is judged that the corresponding application software is malicious, identifying a malicious type of the corresponding application software from a plurality of malicious types, the malicious types comprising payment, privacy stealing, remote control, malicious propagation, charge consumption, system destruction, frauds, and rogueries, and adding information about the corresponding application software corresponding to the malicious type to a local malicious software library.
Finally, Schutz et al (PGPUB 2016/0191476) teaches determining whether recently-opened software is of a pre-determined application type using an information library for the predetermined application type (paragraph 72, 296-297), and in response to the determination, determining whether the recently-opened application software is malicious (paragraph 294, 296).
However, Schutz does not explicitly teach nor fairly suggest, in response to the determination that the recently-opened application software is of the pre-determined application type, determining whether the recently-opened application software is malicious according to information in a local malicious software library, or when it is judged that the corresponding application software is malicious, .

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to FORREST L CAREY whose telephone number is (571)270-7814.  The examiner can normally be reached on 9:00AM-5:30PM M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact 






/FORREST L CAREY/Examiner, Art Unit 2491                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491