Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  
Claim status: claims 1-20 are pending in this Office Action

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 2, 19-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.

The claims are drawn to “application-usage data”, “computer-readable medium”. The specification is silent regarding the meaning of “application-usage data”,  “computer-readable medium”. This can include signal per se. Thus, applying the broadest reasonable interpretation in light of the specification and taking into account the meaning of the words in their ordinary usage they would be understood by one of ordinary skill in the art (MPEP §2111), the claim as a whole covers both transitory and not transitory media. A transitory media does not fall into any of the 4 categories of invention (Process, Machine, Manufacture, or composition of matter). Therefore the 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
	
 	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1,148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under pre- AIA  35 U.S.C. 103(a) are summarized as follows: 	1. Determining the scope and contents of the prior art. 	2. Ascertaining the differences between the prior art and the claims at issue. 	3. Resolving the level of ordinary skill in the pertinent art. 	4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Sridhara (US20160337390), in view of Chien (US9117078).

Regarding to claim 1:
Sridhara teaches A system for generating an application-control policy for deployment on one or more devices, comprising ([0023] a behavioral monitoring classifier model may also include decision criteria. [0070] to generate, update or refine classifiers):
one or more processors (fig. 1, 100. [0065] 100 may include a number of heterogeneous processors); and
memory comprising instructions that are executable by the one or more processors to perform operations comprising (fig 1, memory 112):
receiving a first set of application-usage data for a set of devices (Sridhara; [0074] collect behavior information pertaining to the interactions … the activities. fig.4, 402 [0154] receive or gather a corpus of behavior data (e.g., from many computing devices), including a large number of device states, configurations and behavior, as well as information regarding whether a malicious behavior was detected.)
determining one or more application-usage characteristics for one or more devices in the set of devices based at least in part on the first set of application-usage data (Sridhara; fig.4, 402-406. [0154] receive or gather a corpus of behavior data (e.g., from many computing devices) … the processing core may identify … behavior from the corpus of behavior data … determine the fraction or percentage of times that a malicious behavior);
identifying a set of candidate devices from the set of devices based at least in part on the one or more application-usage characteristics (Sridhara; Fig.4, 402. [0154] gather a corpus of behavior data (e.g., from many computing devices). Fig. 5, 502 [0161] use behavior-based and machine learning classify device behaviors as benign, suspicious or non-benign … into categories, sub-categories, groups, or sub-groups). 
Sridhara teaches generating the application-control policy for the set of candidate devices based on a second set of application-usage data for the set of candidate devices and providing the application-control policy for deployment on the set of candidate devices (Sridhara; [0095] Each classifier model may also include decision criteria for monitoring. [0070] generate, update or refine classifiers or data/behavior models … when identifying and/or classifying performance-degrading mobile device behaviors. The network server may send data/behavior models to the SOC 100) but does not explicitly providing to the set of candidate devices.
Chien teaches generating the application-control policy for the set of candidate devices based on a second set of application-usage data for the set of candidate devices (Chien, Fig.1, 106 Col 3 line 49 - Col 4 lines 13-30 “captures and records the malware behavior on the PC … At step 106 the behavior lists are provided so that they may be used to derive or extract policy … updated with the new policies … the malware sample has been downloaded or installed on the computer 200, which may emulate, for example, a client PC in a network, a home computer, a server, or a mobile computing device”); and
providing the application-control policy for deployment on the set of candidate devices (Chien, Col 4 lines 25-30 “FIG. 1, these components and their related processes reside (comprising step 106 “derive policy”) and take place in a controlled environment and virus-free operating system … the malware sample has been downloaded or installed on the computer 200, which may emulate, for example, a client PC in a network, a home computer, a server, or a mobile computing device).
It would have been obvious to a person of ordinary skill in the art before the effective filling date of the claimed invention to take the teachings of Chien and apply them on the teachings of Sridhar to further implement generating the application-control policy for the set of candidate devices based on a second set of application-usage data for the set of candidate devices and providing the application-control policy for deployment on the set of candidate devices.  One would be motivated to do so because in order to improve better system and method the behavior lists are provided so that they may be used to derive or extract policy, updated with the new policies, downloaded or installed on the computers (Chien,, Col 4 lines 13-30).

Regarding to claim 2:
The system of claim 1, wherein the first set of application-usage data identifies binaries with which users of the set of devices interacted (Sridhara [0056] a binary classification of data/behaviors. That is, applying a behavior vector to boosted decision stump results in a binary answer (e.g., Yes or No …a "yes" answer (for "less than 3" SMS transmissions) or a "no" answer (for "3 or more" SMS transmissions). [0074] the behavior observer … pertaining to the interactions).

Regarding to claim 3:
The system of claim 2, wherein determining the one or more application-usage characteristics for the one or more devices in the set of devices is done based on data associated with the binaries with which users of the one or more devices interacted (Sridhara [0056] a binary classification of data/behaviors. That is, applying a behavior vector to boosted decision stump results in a binary answer (e.g., Yes or No …a "yes" answer (for "less than 3" SMS transmissions) or a "no" answer (for "3 or more" SMS transmissions). [0074] the behavior observer … pertaining to the interactions).

Regarding to claim 4:
The system of claim 1, wherein the one or more application-usage characteristics include a measure of distinct applications used during a specified time period (Sridhara [0056] a binary classification of data/behaviors …. results in a binary answer (e.g., Yes or No) …  "is the frequency of SMS transmissions less than x per minute," applying a value of "3" to the boosted decision stump will result in either a "yes" answer (for "less than 3" SMS transmissions) or a "no" answer (for "3 or more" SMS transmissions. [0079] how much network traffic has been transmitted from or generated by the computing device (e.g., 20 KB/sec, etc.),).

Regarding to claim 5:
The system of claim 4, wherein identifying the set of candidate devices includes determining that a device from the set of devices whose measure of distinct applications used during the specified time period does not meet a defined criteria is not part of the set of candidate devices (Sridhara; [0155] scanning the binary question assuming the answer of the first question is the value (e.g., "no") not associated with malicious behavior. [0156] the binary questions/test conditions … the number of communications within a previous time interval [0037] A classifier model may also include decision criteria for monitoring or analyzing … device behavior is benign or non-benign).

Regarding to claim 6:
The system of claim 4, wherein the measure of distinct applications used during the specified time period is a number of distinct applications used during the specified time period (Sridhara; [0156] the binary questions/test conditions … the number of communications within a previous time interval.. [0161] classify device behaviors as benign, suspicious or non-benign … into categories, sub-categories, groups, or sub-groups … the severity of risk or threat that a software application or behavior poses to. [0026] monitoring or analysis of software applications). 

Regarding to claim 7:
The system of claim 1, wherein the one or more application-usage characteristics include a measure of variability of application usage across a set of specified time periods (Sridhara; [0026] monitoring or analysis of software applications. [0156] the binary questions/test conditions … the frequency of communications, or the number of communications within a previous time interval … sent more than zero data transmissions (a low correlation) … sent more than 10 data 

Regarding to claim 8:
The system of claim 7, wherein identifying the set of candidate devices includes determining that a device from the set of devices whose measure of variability of application usage across the set of specified time periods does not meet a defined criteria is not part of the set of candidate devices (Sridhara; [0155] scanning the binary question assuming the answer of the first question is the value (e.g., "no") not associated with malicious behavior [0156] the binary questions/test conditions … the frequency of communications, or the number of communications within a previous time interval … classify behaviors … sent more than zero data transmissions (a low correlation) … sent more than 10 data transmissions (a medium correlation) … sent more than 100 data transmissions within the previous five minutes (which might have a high correlation))

Regarding to claim 9:
The system of claim 7, wherein the measure of variability of application usage is determined by dividing a first number of applications used only during a first specified time period by a second number of applications used across each time period of the set of specified time periods, the first specified time period being in the set of specified time periods (Sridhara; [0004] classify the first monitored activity of the software application as one of benign, suspicious, and non-benign. [0006] classify a second monitored activity as one of benign, suspicious and non-benign [0010] classify benign, suspicious, and non-benign behaviors into categories, sub-categories, groups, or sub-groups. fig.4, 402-406. [0154] gather a corpus of behavior data (e.g., from many computing devices) … identify … behavior. Fig. 5, 502-504. [0161] classify device behaviors as benign, suspicious or non-benign … into categories, sub-categories, groups, or sub-groups. Note: classify applications/devices (associated application) into sub-categories, groups, or sub-groups wherein the classify devices use decision criteria (see [0037] A classifier model may also include decision criteria) is dividing a first number of applications by a second number of applications (see spec [0008] [0074] dividing a first number of applications. [0074] divide the set of devices into two or more groups). [0156] the binary questions/test conditions … the frequency of communications, or the number of communications within a previous time interval … sent more than zero data transmissions (a low correlation) … sent more than 10 data transmissions (a medium correlation) … sent more than 100 data transmissions within the previous five minutes (which might have a high correlation. Note: frequencies of 10/100 is specified time periods)

Regarding to claim 10:
The system of claim 1, wherein the second set of application-usage data for the set of candidate devices covers a time period not identical to the first set of application-usage data for the set of devices (Sridhara; [0156] the binary questions/test conditions … the frequency of communications, or the number of communications within a previous time interval … sent more than zero data transmissions (a low correlation) … sent more than 10 data transmissions (a medium correlation) … sent more than 100 data transmissions within the previous five minutes (which might have a high correlation)).

Regarding to claim 11:
The system of claim 1, wherein the memory further comprises instructions that are executable by the one or more processors to perform operations comprising: deploying the application-control policy to the set of candidate devices (Sridhara; [0070] collect behavioral, state, classification …  The network server may send data/behavior models to the SOC 100, which may receive and use data/behavior models to identify suspicious or performance-degrading mobile device behaviors, software applications, processes, etc. Chien, Fig.1, 106 Col 3 line 49 - Col 4 lines 13-30 “captures and records the malware behavior on the PC … At step 106 the behavior lists are provided so that they may be used to derive or extract policy … updated with the new policies … the malware sample has been downloaded or installed on the computer 200, which may emulate, for example, a client PC in a network, a home computer, a server, or a mobile computing device”) .

Regarding to claim 12: 
[Rejection rational for claim 1 is applicable].

Regarding to claim 13: 
[Rejection rational for claim 2 is applicable].

Regarding to claim 14: 
[Rejection rational for claim 3 is applicable].

Regarding to claim 15: 
[Rejection rational for claim 4 is applicable].

Regarding to claim 16: 
[Rejection rational for claim 5 is applicable].

Regarding to claim 17: 
[Rejection rational for claim 6 is applicable].

Regarding to claim 18: 
[Rejection rational for claim 8 is applicable].

Regarding to claim 19: 
[Rejection rational for claims 1, 6-8 is applicable].

Regarding to claim 20: 
[Rejection rational for claims 2-3 is applicable].

Conclusion

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SRIVASTAVA VIVEK can be reached on 571-272-7304(571)272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HIEN V DOAN/Examiner, Art Unit 2449    

/VIVEK SRIVASTAVA/           Supervisory Patent Examiner, Art Unit 2449