DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Response to Amendment
The Amendment filed on 04/14/2021 has been entered. 
The rejection of claims 1-9 under 35 U.S.C 101 is withdrawn in view of the amendment.
Claims 1, 5-8, 10, 16-17 and 19-20 are amended.
Claims 1-20 are pending of which claims 1, 10 and 16 are independent claims.

Response to Arguments
The applicant's arguments filed on 04/14/2021 have been fully considered: 
The arguments regarding to rejection of claims 1, 10 and 16 under 35 U.S.C 103 are moot in light of the new ground(s) of rejection presented below.
	Regarding to applicant’s arguments of claims 15 and 17 that “Davidi and Borin fail to teach or suggest updating a security data structure of a processor with a second set of fix up target patterns, as generally recited by dependent claims 15 and 17”. Particularly, applicant argue that “Davidi fails to teach "receiving an update to the security data structure comprising a second set of fix up target patterns as recited by dependent claim 15”, examiner respectively disagree. As disclosed by Davidi, paragraph [0191] that when a new vulnerability is determined, the relevant entry of capability/library is updated with the new vulnerability. Further, applicant argued that Bunker doesn’t teach additional limitation of claim 17: “add the second set of fix up target patterns and the second set of countermeasures to the security data structure” 

Examiner’s Note
	The citation used for Davidi et al. (Pub. No.: 2020/0042715) is supported by provisional application No.	62/713,083 filed on 08/01/2018.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3, 5-7, 10-11, 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Davidi et al. (Pub. No.: US 2020/0042715, hereinafter Davidi) in view of Kay et al. (Patent No.: US 8.255.280, hereinafter Kay) and Feher et al. (Pub. No.: US  2015/0207811. Hereinafter Feher).
Regarding claim 1: Davidi discloses A processor comprising:
an instruction execution subsystem comprising circuitry operable to execute a set of instructions (Davidi - [0223]: Processor 702 may be utilized to perform computations required by Apparatus 700 or any of its subcomponents); and
a security subsystem comprising a security data structure that comprises a set of fix up target patterns and a set of countermeasures (Davidi - [0114]: Fig. 2, a Library 202 of a firmware has a known vulnerability (denoted “CVE-2014-3895”). [0115]: the remedial action may be to execute a software agent to perform online remedial action. As shown in FIG. 2, Agent 210 is executed as a remedial action for CVE-2014-3895),
implements a countermeasure of the set of countermeasures of the security data structure associated with the fix up target pattern into the set of instructions (Davidi - [0022]: determining a new set of vulnerabilities and corresponding new remedial actions including a first remedial action that fixes a third vulnerability in the firmware prior to the execution of the firmware, and a second remedial action that protects the firmware from the exploitation of the second vulnerability during the execution of the firmware); and
performs the set of instructions in the instruction execution subsystem, following implementation of the countermeasure (Davidi - [0202]: On Step 560, the runtime component may be executed with the updated firmware, e.g., provided on step 540).
However Davidi doesn’t explicitly teach but Kay discloses: 
wherein each fix up target pattern of the set of fix up target patterns comprises an instruction sequence (Kay - [Col. 20, Line 36-37]: the application analysis database 269 can store a plurality of known fingerprints of malicious code sequences), and wherein the security subsystem:
parses the set of instructions to detect a sequence of a subset of instructions of the set of instructions that corresponds to an instruction sequence of a fix up target pattern of the set of fix up target patterns of the security data structure prior to execution by the instruction execution subsystem (Kay - [Col. 20, Line 38-45]: the application analyzer 268 can parse the code of the proposed web application and then compare the parsed code to the fingerprints of malicious code stored in the application analysis database. if the code of the proposed application matches one or more known malicious code sequences the proposed application can be flagged for manual vetting before the proposed application is allowed to be listed for distribution in the marketplace); 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi with Kay so that a known malware comprises a sequence of code and application matching with a set of known code sequences are flagged. The modification would have allowed the system to detect malwares. 
Regarding claim 3: Davidi as modified discloses wherein the security subsystem is to parse the set of instructions in the first instruction set (Davidi - [0099]: vulnerabilities of a firmware may be obtained directly from a firmware's code, such as by analyzing the code).
Regarding claim 5: Davidi as modified discloses wherein the security subsystem comprises a security data structure, comprising a plurality of fix up targets and a plurality of countermeasures, and wherein each respective fix up target of the plurality of fix up targets is associated with at least one countermeasure of the plurality of countermeasures (Davidi - [0024]: each remedial action of the set of remedial actions is associated with at least one of an estimated cost and estimated runtime overhead, wherein the set of remedial actions includes a remedial action that is adapted to remedy at least two vulnerabilities of the firmware, wherein the set of remedial actions includes at least two alternative remedial actions for a vulnerability of the firmware).
Regarding claim 6: Davidi as modified discloses wherein to parse the set of instructions comprises to compare the set of instructions with the plurality of fix up targets of the security data structure (Kay - [Col. 20, Line 38-45]: the application analyzer 268 can parse the code of the proposed web application and then compare the parsed code to the fingerprints of malicious code stored in the application analysis database).
 	The reason for combine is same as claim 1.
	Regarding claim 7: Davidi as modified discloses wherein to parse the set of instructions comprises to perform at least one of pattern matching, identity matching, and a signature matching (Kay - [Col. 20, Line 38-45]: the application analyzer 268 can parse the code of the proposed web application and then compare the parsed code to the fingerprints of malicious code stored in the application analysis database).
	The reason for combine is same as claim 1.
Regarding claim 10: The limitations of claim 10 are interpreted and rejected for the reasons set forth above in the rejection of claim 1.
Regarding claim 11: Davidi as modified discloses wherein the sequence of instructions is received in a native instruction set and the fix up target pattern is represented in the native instruction set (Davidi - [0099]: vulnerabilities of a firmware may be obtained directly from a firmware's code, such as by analyzing the code. [0100]: the vulnerabilities database may retain for each library or capability, tests or attacks, which may be executed manually or automatically to determine whether or not the firmware is subject to the potential vulnerability).
Regarding claim 15: Davidi as modified discloses comprising receiving an update to the security data structure comprising a second set of fix up target patterns (Davidi - [0191]: the vulnerabilities database may be updated so that in each entry of capability/library deemed for which the new vulnerability is deemed relevant, the new vulnerability is added. See also [0056]).
Regarding claim 16: The limitations of claim 16 are interpreted and rejected for the reasons set forth above in the rejection of claim 1.

Claims 2, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Davidi et al. (Pub. No.: US 2020/0042715, hereinafter Davidi) in view of Kay et al. (Patent No.: US 8.255.280, hereinafter Kay) and Borin (Pub. No.: US  2007/0174750).
Regarding claim 2: Davidi as modified discloses wherein the instruction execution subsystem comprises: wherein the security subsystem is to parse the set of instructions in the second instruction set (Kay - [Col. 20, Line 38-40]: the application analyzer 268 can parse the code of the proposed web application);
The reason to combine Kay with Davidi is same as claim 1.
However, Davidi as modified doesn’t explicitly teach but Borin discloses a native code subsystem to execute the set of instructions in a first instruction set; and a binary translation subsystem to translate the set of instructions from the first instruction set to a second instruction set (Borin - [0032]: front end 210 dynamically recognizes the original program instructions, translates such instructions in code cache 220 using different dynamic binary translation techniques, and controls the code execution from code cache 220).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with Borin so that a native code can be translated to a new set of instruction. The modification would have allowed the system to interpret the new set of instruction. 
Regarding claim 12: Davidi as modified discloses wherein the fix up target pattern is represented in the binary translation (Kay - [Col. 20, Line 38-40]: the application analyzer 268 can parse the code of the proposed web application and then compare the parsed code to the fingerprints of malicious code stored in the application analysis database);
The reason to combine Kay with Davidi is same as claim 10.
However, Davidi as modified doesn’t explicitly teach but Borin discloses comprising translating the sequence of instructions from a native instruction set to a binary translation (Borin - [0032]: front end 210 dynamically recognizes the original program instructions, translates such instructions in code cache 220 using different dynamic binary translation techniques, and controls the code execution from code cache 220).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with Borin so that a native code can be translated to a new set of instruction. The modification would have allowed the system to interpret the new set of instruction. 
Regarding claim 19: Davidi as modified discloses wherein the set of fix up target patterns corresponds to binary translation representations (Kay - [Col. 20, Line 38-40]: the application analyzer 268 can parse the code of the proposed web application and then compare the parsed code to the fingerprints of malicious code stored in the application analysis database);
The reason to combine Kay with Davidi is same as claim 16.
However, Davidi as modified doesn’t explicitly teach but Borin discloses comprising a binary translation subsystem configured to translate the machine-readable instructions from a native instruction set to a binary translation (Borin - [0032]: front end 210 dynamically recognizes the original program instructions, translates such instructions in code cache 220 using different dynamic binary translation techniques, and controls the code execution from code cache 220).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with Borin so that a native code can be translated to a new set of instruction. The modification would have allowed the system to interpret the new set of instruction. 

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Davidi et al. (Pub. No.: US 2020/0042715, hereinafter Davidi) in view of Kay et al. (Patent No.: US 8.255.280, hereinafter Kay) and Iyer et al . (Pub. No.: US 2020/0125475, hereinafter Iyer). 
Regarding claim 4: Davidi as modified doesn’t explicitly teach but Iyer discloses wherein parsing the set of instructions comprises assembling a data dependency graph or a flow graph associated with the set of instructions and using the data dependency graph or the flow graph to parse the set of instructions (Iyer - [0084]: the analysis module 130 parses the source code at the code segment to identify the data argument(s) and harvest therefrom the data characteristics. In one embodiment, the data characteristics indicate a state of the data argument at various points in the control flow graph and at least one relationship associated with the data argument).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with Iyer so that a flow graph is used to analysis a source code. The modification would have allowed the system to use flow graph to assist source code analysis. 

Claims 8-9, 13-14 and 20 rejected under 35 U.S.C. 103 as being unpatentable over Davidi et al. (Pub. No.: US 2020/0042715, hereinafter Davidi) in view of Kay et al. (Patent No.: US 8.255.280, hereinafter Kay) and GOTZE (Pub. No.: US 2020/0065112). 
Regarding claim 8: Davidi as modified doesn’t explicitly teach but GOTZE discloses wherein the fix up target comprises a speculative execution vulnerability or an out-of-order execution vulnerability (GOTZE - [0025]: problems can arise in speculating processing systems as a result of malicious attacks that seek to obtain sensitive or secure information by exploiting speculative execution of specific vulnerable sequences of instruction).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with GOTZE so that speculative execution vulnerability can be detected and addressed. The modification would have allowed the system to mitigate speculative execution vulnerability. 
Regarding claim 9: Davidi as modified doesn’t explicitly teach but GOTZE discloses wherein the countermeasure comprises an addition of a serialization instruction (GOTZE - [0028]: the combined consequence of the new instruction and the conventional branch instruction is to block speculative branch behavior. See, for example, the LFENCE instruction of Intel and the CSDB instruction of ARM. By placing one of the instructions before conventional branch instructions or vulnerable code sequences, certain attacks might be prevented or otherwise mitigated). 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with GOTZE so that certain attacks might be prevented by placing serialization instruction (e.g. LFENCE) before conventional branch instructions or vulnerable code sequences. The modification would have allowed the system to increase security. 
Regarding claim 13: Davidi as modified doesn’t explicitly teach but GOTZE discloses wherein implementing the countermeasure comprises adding a countermeasure instruction for execution prior to the sequence of instructions (GOTZE - [0028 By placing one of the instructions before conventional branch instructions or vulnerable code sequences, certain attacks might be prevented or otherwise mitigated). 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with GOTZE so that certain attacks might be prevented by placing serialization instruction (e.g. LFENCE) before conventional branch instructions or vulnerable code sequences. The modification would have allowed the system to increase security. 
Regarding claim 14: Davidi as modified doesn’t explicitly teach but GOTZE discloses wherein the countermeasure instruction comprises a serializing instruction (GOTZE - [0028]: the combined consequence of the new instruction and the conventional branch instruction is to block speculative branch behavior. See, for example, the LFENCE instruction of Intel and the CSDB instruction of ARM). 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with GOTZE so that certain attacks 
Regarding claim 20: The limitations of claim 20 are substantially similar to the limitations of claims 8 and 9, thus it is interpreted and rejected for the reasons set forth above in the rejection of claims 8 and 9.

Claims 17-18 rejected under 35 U.S.C. 103 as being unpatentable over Davidi et al. (Pub. No.: US 2020/0042715, hereinafter Davidi) in view of Kay et al. (Patent No.: US 8.255.280, hereinafter Kay) and BUNKER et al. (Pub. No.: US 2010/0242114, hereinafter BUNKER)
Regarding claim 17: Davidi as modified discloses wherein the processor is configured:
to receive security updates comprising a second set of fix up target patterns and a second set of countermeasures (Davidi - [0191]: the vulnerabilities database may be updated so that in each entry of capability/library deemed for which the new vulnerability is deemed relevant, the new vulnerability is added. See also [0056]); 
However, Davidi as modified doesn’t explicitly teach but BUNKER discloses
adding the second set of fix up target patterns and the second set of countermeasures to the security data structure (BUNKER - [0043]: The new IPS filters to new vulnerabilities mapping is updated using functionality 604 so that vulnerability descriptions provide current remediation instructions as well as the corresponding IPS filters to provide the remediation).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with BUNKER so that new vulnerability and countermeasure is added to the mapping. The modification would have allowed the system to provide the remediation. 
Regarding claim 18: Davidi as modified discloses wherein the security updates are received over a network connection (BUNKER - [0043] and Fig. 3).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Davidi and Kay with BUNKER so that the update is . 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Tonn (Pub. No.: US 2015/0242637) - AUTOMATED VULNERABILITY INTELLIGENCE GENERATION AND APPLICATION 
Norrman et al. (Patent. No.: US 8321840) - Software flow tracking using multiple threads
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 





/MENG LI/
Primary Examiner, Art Unit 2437