Notice of Pre-AIA  or AIA  Status
Claims 1-26 remain for examination.  The amendment filed 8/27/21 amended claims 1, 12, & 23; and added claim 26.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/27/21 has been entered.

Response to Arguments
Applicant’s arguments, see page 11 of the amendment filed 8/27/21, with respect to the rejection(s) of claim(s) 1-25 under 35 USC 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of the newly discovered reference to Frumusanu.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may 
Claims 1-25 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-25 of U.S. Patent No. 10,552,609. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims considerably overlap in scope.  Compare the respective initial claims:
Claim 1 of the instant application
Claim 1 of the ‘609 patent
1. A processor-based device to locally detect malicious code in a managed runtime system, the processor-based device comprising:  
5a check circuit to detect an occurrence of a defined event during the runtime of an application, wherein the occurrence is detected by monitoring runtime application programming interface (API) invocations from user application code to runtime management instructions of the processor-based device; and 



a management circuit to assess, responsive to detecting the occurrence of the defined 10event, data communicated by the application to access a resource; and 







determine whether the data communicated by the application is indicative of a presence of a malicious object in the application; wherein the check circuit and/or the management circuit modify the user application code to at least partially direct function calls to the check circuit to enable monitoring of the function 15call.  

1. A system to locally detect malicious code in a managed runtime system on a processor-based device, the system comprising: 
a check circuit local to the processor-based device, the check circuit to detect an occurrence of a defined event during the runtime of an application executing on the processor-based device, wherein the occurrence is detected by monitoring runtime application programming interface (API) invocations from user application code to runtime management instructions of the processor-based device; 

a management circuit local to the processor-based device and communicatively coupled to the check circuit, the management circuit including: 

a machine learning circuit local to the processor-based device to: 

assess, responsive to detecting the occurrence of the defined event, data communicated by the application to access a resource; and 

determine whether the data communicated by the application is indicative of a presence of a malicious object in the application, wherein the check circuit and/or the management circuit modify the user application code to at least partially direct function calls to the check circuit to enable monitoring of the function call.


supra.  Dependent claims 2-11 and 13-22 of the instant application are substantially similar to independent claims 2-11 and 13-22 of the ‘609 patent and are similarly rejected as discussed supra.  


Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-26 are rejected under 35 U.S.C. 103 as being unpatentable over Muddu (U.S. Patent Publication 2017/0063891; from the IDS of 8/3/20) in view of Ismael (U.S. Patent 9,225,740) in view of “A Closer Look at Android RunTime (ART) in Android L” (hereinafter, “Frumusanu”).

Regarding claims 1, 12, and 23:
Muddu discloses a processor-based device, method, and computer program product to locally detect malicious code in a managed runtime system, the processor-based device comprising:  5a check circuit to detect an occurrence of a defined event 
Muddu does not explicitly disclose wherein the check circuit and/or the management circuit modify the user application code through instrumentation added by a runtime interpreter to at least partially direct function calls to the check circuit to enable monitoring of the function 15call.  However, Ismael discloses a related invention for scanning malware on a mobile (i.e. resource-limited) device wherein these limitations are taught (col. 9, lines 5-55; see also col. 8, lines 5-55 regarding the use of the runtime interpreter [i.e. Dalvik VM for Android]).  It would have been obvious prior to the time of the instant invention to instrument the code on Muddu’s devices as disclosed by Ismael, as this was a known option within the grasp of a person of ordinary skill in the art in order to achieve the predictable effect of monitoring for malware on a mobile device (Ismael, Ibid, and col. 1, lines 20-30).
Neither Muddu nor Ismael disclose the use of an ahead-of-time (AOT) compiler.  However, Frumusanu discloses that at a point in time subsequent to the Ismael st paragraph) and furthermore employs ahead-of-time compilation in lieu of the just-in-time approach used by certain versions of Dalvik (Frumusanu, page 2, 2nd paragraph).  It would have been obvious prior to the effective filing date of the instant application to use ART instead of Dalvik into the inventions of Ismael and/or Muddu, thus gaining the ability to use AOT compilation, as this would result in several notable improvements including but not limited to speed improvements, better memory management, and less power consumption (Frumusanu, page 2, 4th – 6th paragraphs, and page 3, 1st paragraph including the illustration).

Regarding claims 2, 13, and 24:	The combination further discloses a machine learning circuit and at least one communication circuit communicatively coupled to the management circuit; wherein the management circuit further causes the machine learning circuit to receive a machine learning model from at least one source 20remote from the processor-based device via the communication circuit (Muddu: paragraphs 0176-0177, & 0283-0285). 

Regarding claims 3, 14, and 25:	The combination further discloses the machine learning circuit to further: update a machine learning model stored on the processor-based mobile device using the 

Regarding claims 4 and 15:	The combination further discloses the management circuit to further: cause the processor-based device to halt execution of the application responsive to detecting the data communicated by the application indicates a presence of a malicious object in the application (Muddu, e.g. paragraph 0319).  

Regarding claims 5 and 16:	The combination further discloses the management circuit further comprising: a graphical user interface (GUI) management circuit, wherein the management circuit 5further causes the GUI management circuit to generate a user perceptible output on the processor-based device responsive to detecting the data communicated by the application is indicative of a presence of a malicious object in the application (Muddu: e.g. Figures 39A-40D).  

Regarding claims 6 and 17:	The combination further discloses the machine learning circuit to further:  10determine whether the data communicated by the application is indicative of a presence of at least one of a virus or malware in the application (Muddu: e.g. paragraphs 0445 & 0608-0616, and 0640).  



Regarding claims 8 and 19:	The combination further discloses the machine learning circuit to further: compare at least a portion of the data communicated by the application in the current API call to the resource with at least a portion of the data communicated by the application in at least 20one prior API call to the resource (Muddu, paragraphs 0722-0729).  

Regarding claims 9 and 20:	The combination further discloses the management circuit to: insert a check circuit call at locations in a compiled application, each check circuit call proximate a location in the compiled application corresponding to a respective function call 25present in the compiled application (Muddu: Ibid).  

Regarding claims 10 and 21:	The combination further discloses the check circuit to further: detect an occurrence of the call to the check circuit in the compiled application (Muddu: Ibid).  



Regarding claim 26:
	The combination further discloses wherein the processor-based device is a handheld device (Ismael, col. 21, lines 5-12; and Figure 12), the instrumentation is added by the AOT compiler into an executable and linkable format [ELF] executable file (Frumusanu, page 2), and the check circuit and/or management circuit is to further modify the user application code through instrumentation added by a runtime interpreter to at least partially direct function calls to the check circuit to enable monitoring of the function calls (Ismael: col. 9, lines 5-55; see also col. 8, lines 5-55).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THOMAS A GYORFI whose telephone number is (571)272-3849.  The examiner can normally be reached on 10:00am - 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


THOMAS A. GYORFI
Examiner
Art Unit 2435



/THOMAS A GYORFI/Examiner, Art Unit 2435                                                                                                                                                                                                        9/11/21