DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/03/2020 and 07/28/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

International/Foreign Search Report
The International/Foreign Search Report (hereinafter “SR”) issued by the European Patent Office (EPO) for international/foreign application, EP18193908.3, has been considered. An updated search has been conducted. Any reference(s) identified in the SR may be relied upon in this and/or subsequent office action(s). It is noted that no anticipatory or obviousness type reference was found during the search and that the patent was granted in the EPO. 

Allowable Subject Matter
Claims 1-8 are allowed.


Reasons for Allowance
According to 37 C.F.R. 1.104(e), it is the examiner's discretion to evaluate at the time of allowance whether the record of the prosecution as a whole does not make clear his or her reasons for allowing a claim or claims and set forth such a reasoning. At this time, the examiner believes that the claims allowed above require a separate reasoning to make the record clearer. The applicant or patent owner may file a statement commenting on the reasons for allowance within such time as may be specified by the examiner.
The following is an examiner’s statement of reasons for allowance:
In interpreting the currently amended claims in light of the specification, the Examiner finds the claimed invention to be patentably distinct from the prior art of record. 
No clear prior art of record was found that either anticipated or rendered obvious the claimed invention. However, the examiner found the following relevant references describing the general state of the art: 
U.S. PGPub. Nr. 2019/0109869 A1 	(Bailey	)
“A Survey on Detection Techniques for Cryptographic Ransomware” (Berrueta et al.)
“Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph” (Chen et al.)
“ShieldFS: A Self-healing, Ransomware-aware Filesystem” (Continella et al.)
“RWGuard: A Real-Time Detection System Against Cryptographic Ransomware” (Mehnaz et al.)
“Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection” (Sgandurra et al.)
“RansomWall: A Layered Defense System against Cryptographic Ransomware Attacks using Machine Learning” (Shaukat et al.)
“Evaluating Shallow and Deep Networks for Ransomware Detection and Classification” (Vinayakumar et al.)
It should be noted that Berrueta is a survey paper describing several ransomware mitigation techniques, and it also is the only survey paper found by the examiner. Furthermore, Berrueta discloses that: “No previous complete surveys on ransomware detection techniques exist because of the novelty of this type of malware and the fast-paced changing scenario of malware. Most surveys limited their scope to a description of the behaviour of different ransomware families [12][14] or the ransomware families were included as a category in a broader study of malware [15].” This sentiment is shared by numerous researchers in the field, as Sgandurra puts it on pg. 10 of their publication: “Currently, little related work specifically targets ransomware”.
All the references with the exception of the survey paper do intercept system calls, but do so for reasons different than those claimed by the applicant. 
For example, as disclosed on pg. 341 of Continella et al.: 
“ShieldFS checks the memory of processes classified as “suspicious” or “malicious” for the presence of symmetric cryptographic primitives. For the sake of clarity, we remark that the output of CryptoFinder is used as an additional, nonessential feature. Hence, ShieldFS is able to detect even samples that do not show any encryption process, as long as the filesystem activity models are sufficiently (i.e., at least K positive ticks) triggered.”
However, the applicant claims explicitly in the claims that: 
wherein the encryption algorithm is determined by training an autoencoder based on padding bytes used by the encryption algorithm to pad units of data encrypted by the ransomware algorithm, and using the trained autoencoder to process padding bytes for units of data encrypted by each of a plurality of known searchable encryption algorithms to identify one 15of the known searchable encryption algorithms as the encryption algorithm used by the ransomware
(ii) wherein the seed parameters are determined based on monitoring application programming interface (API) calls made to an operating system of a computer system targeted by the ransomware algorithm to identify a set of API calls for retrieving data about one or more 20hardware components of the target computer system, the data about the one or more hardware components being determined to constitute the seed parameters
Continella fails to disclose that an autoencoder (or any other type of neural network or artificial intelligence) is used to trained to detect an encryption algorithm based on padding bytes and where a database of known searchable encryption algorithms is consulted to determined which encryption algorithm is used by the ransomware. 
Continella also fails to disclose that seed parameters for key construction are determined by monitoring API calls made to the OS to determine identifiers of the hardware components that are used in such a key construction. 
Therefore, Continella, although disclosing a form of ransomware detection, fails to disclose the claimed invention. 
Likewise, Mehnaz et al’s RWGuard also fails to disclose these particular details of ransomware detection and mitigation. Although RWGuard also perform real-time 
Likewise, the other references that were disclosed above disclose various ransomware detection and mitigation techniques, but none disclose the claimed invention, in particular with respect to the limitations (i) and (ii) recited above (examiner notes that (i) and (ii) are only found allowable in view of the other limitations in the presented claims and their dependence on other features recited in the claims). 
For these reasons, none of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Alexander Lagor whose telephone number is (571)270-5143.  The examiner can normally be reached on Monday thru Friday, 9:00 AM to 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashokkumar B. Patel can be reached on (571) 272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ALEXANDER LAGOR/
Primary Examiner
Art Unit 2491