DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The following is a Non-Final Office Action in response to communications received on March 24, 2020. Claims 1-20 are pending and addressed below.

Specification
For the record, Examiner acknowledges that the Specification submitted on March 24, 2020 has been accepted.

Drawings
For the record, Examiner acknowledges that the Drawings submitted on March 24, 2020 has been accepted.

Information Disclosure Statement
The IDS references filed on 3/24/2020 and 6/18/2020 have been considered. The NPL reference 3 submitted in the IDS filed on 3/24/2020 has not been considered as only the year was provided (see also MPEP 609.04(a)I).

Claim Objections
Claims 11 and 20 are objected to because of the following informalities:  Claim 11 recites the limitation “and the computing module preventing further based upon…” It is suggested the limitation be amended to “and the preventing by the computing module is further based upon…” for clarity and consistency. Claim 20 is objected to for similar reason to claim 11.
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 20 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 20 recites the limitation “the processor” in two places. There are multiple previously recited processors and it is unclear as to which particular processor the limitations are referring.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-10 and 12-19 are rejected under 35 U.S.C. 103 as being unpatentable over Zhu et al. (U.S. Patent No. 8,671,455 and hereinafter referred to as Zhu) in view of Tanutama et al. (U.S. Pub. No. 2018/0120132 and hereinafter referred to as Tanutama).
As to claim 1, Zhu discloses a computer-implemented method of improving the computer security of a device, the device housing one or more sensors and a digital processor (col. 2 lines 59-67, col. 7 lines 7-39, col. 11 lines 29-37, col. 12 line 62 – col. 13 line 3, and Fig. 4, Zhu teaches sensors and a processor on a computing device), the method comprising: 
automatically capturing one or more sensor readings from one of the sensors of the device (col. 2 lines 59-67, col. 7 lines 7-39 and Fig. 3, Zhu teaches obtaining readings from the sensors); 
evaluating a data flow from the one sensor to a numerical operation being performed by the digital processor, said evaluating the data flow determining whether numerical values involved in performance of the numerical operation are (col. 6 lines 36-50, col. 7 lines 7-39, col. 7 line 60 – col. 8 line 33, col. 10 lines 11-35, and Fig. 3, Zhu teaches monitoring access attempts to sensitive sensor data where the monitoring includes tracking if the sensitive data (including numbers) is being sent/leaked outside of the computing device. The sending of the sensitive data is considered to be a numerical operation as it is an operation that involves the sensor data numbers); and 
based upon outcome of the determining, preventing one or more data values of the collection of sensitive data from being transmitted from a sink of the device (col. 10 lines 36-40, col. 11 lines 5-16, Fig. 3, Zhu teaches preventing the sensitive data from being leaked outside the computing device.). Zhu does not specifically disclose storing in cache memory data values of the captured one or more sensor readings, the cache memory storing the data values in a collection of sensitive data as claimed. However, Tanutama does disclose
storing in cache memory data values of the captured one or more sensor readings, the cache memory storing the data values in a collection of sensitive data (paragraphs [0016], [0023], [0058], [0142]-[0144], Tanutama teaches storing sensor data in a cache.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Zhu with the teachings of Tanutama for storing in cache memory data values of the 
Claims 10 and 19 recite substantially similar limitations to claim 1 and are therefore, rejected for similar reasons to claim 1 (Note: claim 19 recites the additional limitations of a “non-transitory computer-readable storage medium having code instructions” which are taught by Zhu at, for example, col. 3 lines 21-38).
As to claim 3, the combination of teachings between Zhu and Tanutama disclose the computer-implemented method of Claim 1, wherein the storing is performed in response to one or more security policies (paragraphs [0016], [0023], [0058], [0109], [0142]-[0144], Tanutama teaches storing sensor data in a cache based on a policy.).
Examiner supplies the same rationale for the combination of the references as in claim 1 above.
Claim 12 recites substantially similar limitations to claim 3 and are therefore, rejected for similar reasons to claim 3.
As to claim 4, the combination of teachings between Zhu and Tanutama disclose the computer-implemented method of Claim 1, wherein the determining is performed while the data flow is being accessed and processed (col. 6 lines 36-50, col. 7 lines 7-39, col. 7 line 60 – col. 8 line 33, col. 10 lines 11-35, and Fig. 3, Zhu teaches determining if sensor data is currently attempting to be output.).

As to claim 5, the combination of teachings between Zhu and Tanutama disclose the computer-implemented method of Claim 1, wherein the sink includes any of a network socket, a file, or a message (col. 2 lines 30-37, Zhu teaches detecting sensor information stored in a file or communicated to another process.).
Claim 14 recites substantially similar limitations to claim 5 and are therefore, rejected for similar reasons to claim 5.
As to claim 6, the combination of teachings between Zhu and Tanutama disclose the computer-implemented method of Claim 1, wherein at least one of: the device is a mobile device, an embedded controller, a desktop computer, a laptop computer, or a computer processing device; and the cache memory is configured as any of a ring buffer, a value table, and an array (col. 3 lines 39-47, Zhu teaches a smartphone and tablet.).
Claim 15 recites substantially similar limitations to claim 6 and are therefore, rejected for similar reasons to claim 6.
As to claim 7, the combination of teachings between Zhu and Tanutama disclose the computer-implemented method of Claim 1, further comprising: reporting a violation based upon the determining; and in response to the reported violation, performing the preventing of one or more values of the collection of sensitive data from being transmitted from the sink of the device (col. 10 lines 36-40, col. 11 lines 5-16, Fig. 3, Zhu teaches notifying a user or third-party and preventing the sensor information from being output based on the notification.).
Claim 16 recites substantially similar limitations to claim 7 and are therefore, rejected for similar reasons to claim 7.
As to claim 8, the combination of teachings between Zhu and Tanutama disclose the computer-implemented method of Claim 1, wherein the one or more sensors generate numerical values, and the one sensor is any of: an accelerometer, a gyroscope, an ambient light sensor, a microphone, a global positioning system (GPS), and a heart rate sensor (col. 2 lines 59-67, col. 7 lines 7-39 and Fig. 3, Zhu teaches sensors such as a GPS, camera, and microphone.).
Claim 17 recites substantially similar limitations to claim 8 and are therefore, rejected for similar reasons to claim 8.
As to claim 9, the combination of teachings between Zhu and Tanutama disclose the computer-implemented method of Claim 1, wherein the one sensor generates sensitive data and/or generates data values from which an inference of interest can be calculated (col. 1 line 54 – col. 2 line 4, col. 2 lines 59-67, col. 7 lines 7-39, Zhu teaches the sensor produce sensitive data.).
Claim 18 recites substantially similar limitations to claim 9 and are therefore, rejected for similar reasons to claim 9.

Allowable Subject Matter
Claims 2 and 11 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 20 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), 2nd paragraph, set forth in this Office action and to include all of the limitations of the base claim and any intervening claims.

Claim 2 recites, inter alia, “the numerical operation includes arithmetic operations, and the numerical values involved include operands and return values of the arithmetic operations;...and the preventing further based upon outcome of the determining of the one or more representations and recency of the one or more representations being included in the collection of sensitive data.” While the prior art was found to generally disclose taint analysis for operands, the prior art was not found to disclose the cited combination of limitations. Therefore, claim 2 is considered to contain allowable subject matter over the prior art. Claims 11 and 20 are considered to contain allowable subject matter for similar reasons to claim 2.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Chen et al. (U.S. Pub. No. 2015/0227746) – cited for teaching taint tracking operands – paragraph [0016]
Koyama et al. (U.S. Pub. No. 2014/0303769) – cited for teaching sensor data written to cache memory – paragraph [0056]
Lee (U.S. Pub. No. 2017/0192717) – cited for teaching storing sensor data in a buffer – Fig. 14

Any inquiry concerning this communication or earlier communications from the examiner should be directed to THADDEUS J PLECHA whose telephone number is (571)270-7506.  The examiner can normally be reached on M-F 8-4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/THADDEUS J PLECHA/Examiner, Art Unit 2438