Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the amendment filed 05/13/2021.
Claims 1-25 are presented for examination.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Raffi Gostanian, Reg. No. 42,595 on 06/01/21.
The application has been amended as follows:


1. 	(Currently Amended) A computing system comprising:
a processor configured to 
divide a data file into a plurality of data chunks, 
generate a randomness value for each data chunk from among the plurality of data chunks based on one or more predefined randomness tests, 
accumulate generated randomness values of the plurality of data chunks to generate an accumulated randomness value, and 

a storage configured to store information about the detection via a storage[[.]],
wherein, for each data chunk, the processor is configured to execute a first test for randomness on the data chunk based on a multinomial distribution of the data chunk and optionally execute a second test for randomness on the data chunk based on a chi-square distribution of the data chunk to generate the respective randomness value for the data chunk.

3. 	(Cancelled) 

7. 	(Currently Amended) A method comprising:
dividing a data file into a plurality of data chunks;
generating a randomness value for each data chunk based on one or more predefined randomness tests
accumulating generated randomness values of the plurality of data chunks to generate an accumulated randomness value; 
detecting whether the data file is one or more of encrypted and compressed based on the accumulated randomness value and a predetermined threshold value; and
storing information about the detection via a storage[[.]],
wherein, for each data chunk, the generating comprises executing a first test for randomness on the data chunk based on a multinomial distribution of the data chunk and optionally a second test for randomness on the data chunk based on a chi-square distribution of the data chunk to generate the respective randomness value for the data chunk.

9. 	(Cancelled) 

13. 	(Currently Amended) A computing system comprising:
a processor configured to 
divide a stream of network traffic into a plurality of data chunks, 
generate a randomness value for each data chunk based on one or more predefined randomness tests
accumulate generated randomness values of the plurality of data chunks to generate an accumulated randomness value, and 
detect whether the network traffic is one or more of encrypted and compressed based on the accumulated randomness value and a predetermined threshold value; and
a storage configured to store information about the detection of the network traffic[[.]],
wherein, for each data chunk, the processor is configured to execute a first test for randomness on the data chunk based on a multinomial distribution of the data chunk and optionally execute a second test for randomness on the data chunk based on a chi-square distribution of the data chunk to generate the respective randomness value for the data chunk.

15. 	(Cancelled) 

18. 	(Currently Amended) A method comprising:
dividing a stream of network traffic into a plurality of data chunks;

accumulating generated randomness values of the plurality of data chunks to generate an accumulated randomness value; 
detecting whether the network traffic is one or more of encrypted and compressed based on the accumulated randomness value and a predetermined threshold value; and
storing information about the detection of the network traffic[[.]],
wherein, for each data chunk, the generating comprises executing a first test for randomness on the data chunk based on a multinomial distribution of the data chunk and optionally a second test for randomness on the data chunk based on a chi-square distribution of the data chunk to generate the respective randomness value for the data chunk.

20. 	(Cancelled) 

23. 	(Currently Amended) A non-transitory computer readable medium comprising instructions, that when read by a processor, cause the processor to perform a method comprising:
dividing a stream of network traffic into a plurality of data chunks;
generating a randomness value for each data chunk based on one or more predefined randomness tests
accumulating generated randomness values of the plurality of data chunks to generate an accumulated randomness value; 

storing information about the detection of the network traffic[[.]],
wherein, for each data chunk, the generating comprises executing a first test for randomness on the data chunk based on a multinomial distribution of the data chunk and optionally a second test for randomness on the data chunk based on a chi-square distribution of the data chunk to generate the respective randomness value for the data chunk.

25. 	(Cancelled)


Response to Arguments
Applicant’s arguments, see pages 7-12 of the Remarks, filed 05/13/2021, with respect to the 35 USC 103 rejection to claims 1, 7, 13, 18 and 23 have been fully considered and are persuasive in view of the Examiner’s Amendment.  The rejection of claims 1, 7, 13, 18 and 23 has been withdrawn.

Relevant Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
US 2019/0005235 to Klonowski et al teaches a method for providing advanced file modification heuristics including applying encryption/compression analysis to I/O operations wherein a mathematical analysis is used to evaluate randomness of file data. The mathematical analysis include performing a chi-squared method and performing a Monte Carlo method as an additional check for randomness.
US 2004/0196970 to Cole teaches a method for detecting file encryption using a chi-squared statistical analysis.

Allowable Subject Matter
After a complete search of the entire relevant prior art, the Examiner has determined that the claims are in condition for allowance. Accordingly, claims 1-25 are allowed.
The following is an examiner’s statement of reasons for allowance: Independent claims 1, 7, 13, 18 and 23, and their respective dependent claims, are allowable over the prior art of record, including Klonowski, Cole, Guo, Gil, Chen and the remaining references cited by the Examiner and the Applicant’s IDS, since the prior art, taken individually or in combination, fails to particularly disclose, fairly suggest or render obvious for each data chunk, the processor is configured to execute a first test for randomness on the data chunk based on a multinomial distribution of the data chunk and optionally execute a second test for randomness on the data chunk based on a chi-square distribution of the data chunk to generate the respective randomness value for the data chunk, in view of the other limitations of the claim, as specified in the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566.  The examiner can normally be reached on Monday-Friday 930a-330p; 430p-630p.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571)270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MALCOLM . CRIBBS
Examiner
Art Unit 2497



/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497