DETAILED ACTION
Response to Amendment
This communication is responsive to the application # 16/235,736 with response filed on September 27, 2021. Claims 1-25 are pending and are directed toward TECHNIQUES FOR LIBRARY BEHAVIOR VERIFICATION.
Any claim objection/rejection not repeated below is withdrawn due to Applicant's amendment.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Response to Arguments
Applicant’s arguments with regards to claims 1-25 have been fully considered, but they are not persuasive.
"validate” argument – Applicant argues that with respect to claim 1, the cited references fail to disclose, teach, or suggest at least "validate one or more of the library and the library manifest associated with the library"…Seo does not teach validation but instead teaches "privilege separation among a host application and one or more third-party libraries, while running all in the same process and so, the same UID privilege." (REMARKS, pages 7-8).
Response: The cited limitation was rejected by Examiner by citing in NFOAM at page 3: (Depending on the identified principal, FLEXDROID allows or denies the request by dynamically adjusting the app 's permissions according to the pre-specified permissions in the app 's manifest. Seo, page 1). Seo teaches validation of the running app 's permissions according to the pre-specified permissions in the app 's manifest, and as a result of such validation allows or denies the request by dynamically adjusting the app 's permissions. This is the same functionality, as disclosed by Applicant for example in Specification [0032]: “In many embodiments, a permission subsystem (e.g., library manager 108) may validate library code is executing within its permitted behaviors in runtime environment 102, such as by comparing behavior of a library access with one or more permitted library behaviors.”
"abnormal behavior” argument – Applicant argues that Seo does not teach at least to "generate one or more executables that include indications of the library behavior data for identification of abnormal behavior corresponding to the library" (REMARKS, page 8).
Response: The cited limitation was rejected by Examiner by citing in NFOAM at page 4: generate one or more executables that include indications of the library behavior data (To identify whether such techniques are used by third-party libraries, we build code-level signatures of techniques and apply them to the small code of apps. Seo, page 4) for identification of abnormal behavior corresponding to the library (We found that some libraries could attempt to use permissions which are not documented in their developer's guide (marked as x). For instance, ad libraries such as Rev Mob, Airpush, and Leadbolt potentially utilize host app 's GET_ACCOUNTS permission while its developer does not mention the permissions as required or optional. With the GET_ACCOUNTS permission, a library can obtain a user 's online account information on the phone such as Gmail, Face book, and Drop box. Seo, page 4 ). Thus Seo teaches executable app’s code with associated code-level signatures. Seo further teaches abnormal behavior as cited by Examiner, and its identification: “(marked as x)”. Therefore all claimed limitations are obvious by Seo in view of ORACLE. 
Conclusion -Therefore, in view of the above reasons, Examiner maintains rejections.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

Claims 1-25 are rejected under 35 U.S.C. 103 as being unpatentable over Seo et al. (FLEXDROID: Enforcing In-App Privilege Separation in Android, NDSS ’16, 21-24 February 2016, 15 pages), in view of ORACLE (Java Platform, Standard Edition Tools Reference, 18 pages, 2017), hereinafter referred to as Seo and ORACLE.
As per claim 1, Seo teaches an apparatus, the apparatus comprising: a processor; and
a memory comprising instructions that when executed by the processor cause the processor (All our experiments are performed on Nexus 5 that has 2.265GHz quad-core CPU with 2GB RAM, with our prototype of FLEXDROID on Android 4.4.4 (KitKat) and Linux kernel 3.4.0. Seo, page 11) to:
identify a library for utilization by software, the library associated with a library manifest (To this end, FLEXDROID provides an interface, as a part of the app manifest, for app developers to specify a set of different permissions granted to each third-party library. Upon any request for a user’s information, FLEXDROID seeks to identify the principal of the currently running code (either an app or third-party libraries) via our new security mechanism, called inter-process stack inspection. Seo, page 1);
validate one or more of the library and the library manifest associated with the library (Depending on the identified principal, FLEXDROID allows or denies the request by dynamically adjusting the app’s permissions according to the pre-specified permissions in the app’s manifest. Seo, page 1);
determine library behavior data comprising a set of permitted behaviors for the library (Unintended accesses to users’ private data are underestimated threats to users’ privacy, as complex and often obfuscated third-party libraries make it hard for application developers to estimate the correct behaviors of third-party libraries. Seo, page 1) based on the library manifest (FLEXDROID assumes a strong adversary: third-party libraries are potentially malicious, their code and logic are not directly visible to app developers (e.g., obfuscated), and they might use dynamic features of the Java language. However, app developers explicitly know what third-party libraries are for (that is why app developers want to embed them in the first place). Given a high-level functional description (e.g., ad or analytics) and perhaps a manifest provided by a third-party library, app developers should be able to have enough freedom to adjust the manifest, Seo, page 4); and
generate one or more executables that include indications of the library behavior data (To identify whether such techniques are used by third-party libraries, we build code-level signatures of techniques and apply them to the small code of apps. Seo, page 4) for identification of abnormal behavior corresponding to the library (We found that some libraries could attempt to use permissions which are not documented in their developer’s guide (marked as x). For instance, ad libraries such as RevMob, Airpush, and Leadbolt potentially utilize host app’s GET_ACCOUNTS permission while its developer does not mention the permissions as required or optional. With the GET_ACCOUNTS permission, a library can obtain a user’s online account information on the phone such as Gmail, Facebook, and Dropbox. Seo, page 4).
Seo is silent about one or more signatures, however teaches based on one or more signatures (The jarsigner command can generate signatures that include a time stamp that enables a systems or deployer(including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. ORACLE, page 2)
Seo in view of ORACLE are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary 

As per claim 2, Seo in view of ORACLE teaches the apparatus of claim 1, the memory comprising instructions that when executed by the processor cause the processor to utilize a public key associated with the library to validate a signature for the library (Its authenticity can be verified by a computation that uses the public key corresponding to the private key used to generate the signature. ORACLE, page 2).
Seo in view of ORACLE are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Seo in view of ORACLE. This would have been desirable because a signature file (.SF file) looks similar to the manifest file that is always included in a JAR file when the jarsigner command is used to sign the file. (ORACLE, page 6).

As per claim 3, Seo in view of ORACLE teaches the apparatus of claim 1, the memory comprising instructions that when executed by the processor cause the processor to utilize a public key associated with the library manifest to validate a signature for the library manifest (Its authenticity can be verified by a computation that uses the public key corresponding to the private key used to generate the signature. ORACLE, page 2).
Seo in view of ORACLE are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Seo in view of ORACLE. This would have been desirable because a signature file (.SF file) looks similar to the manifest file that is always included in a JAR file when the jarsigner command is used to sign the file. (ORACLE, page 6).

As per claim 4, Seo in view of ORACLE teaches the apparatus of claim 1, the memory comprising instructions that when executed by the processor cause the processor to compile code the proposed stack-based inspection technique not only can faithfully identify the module of third-party libraries but also can regulate them at runtime without limiting the use of widely-adopted dynamic code execution. Seo, page 2).
As per claim 5, Seo in view of ORACLE teaches the apparatus of claim 1, the set of permitted behaviors of the library comprising one or more access requirements and one or more expected behaviors (Many ad libraries access privacy-sensitive information even without notification to users or application developers. Our analysis of 100,000 Android apps reveals that in addition to ad libraries, various other third-party libraries (e.g., Facebook, Flurry, RevMob, Paypal) covertly utilize Android APIs to access privacy-sensitive resources such as GET_ACCOUNTS, READ_PHONE_STATE, or READ_CALENDAR without mentioning them properly in their Developer’s Guides. Seo, page 1).
As per claim 6, Seo in view of ORACLE teaches the apparatus of claim 5, the one or more expected behaviors including one or more of a stack operation, a control flow transfer, a read operation, a write operation, registry modifications of specific registry hives, access to specific directories, network access to specific sites, ports, and protocols (Each Android app runs in its own sandbox, an isolated process with an application-specific UID allocated at the installation time. In order to get access to sensitive resources (i.e., contact, location, SMS, camera) outside the app sandbox, an app must specify proper permissions in the manifest, AndroidManifest.xml. Seo, page 2).
As per claim 7, Seo in view of ORACLE teaches the apparatus of claim 5, the one or more access requirements including one or more of driver access, directory access, registry access, network access, kernel access, memory access, ring-level access, process access, system management mode (SMM) access, and trusted execution environment (TEE) access (TABLE I: Characteristics of third-party libraries. Columns 3-14 show the permissions potentially used by apps (O: required permission, 4: optional permission, x: undocumented permission). The rest of columns are related to runtime behavior and dependency with host apps. Seo, page 3).
As per claim 8, Seo in view of ORACLE teaches the apparatus of claim 1, the one or more executables to implement the library in a runtime environment (Thus, FLEXDROID enforces dynamic permission management for modules to resolve the problem. A basic idea behind the management is that a runtime instance of a module is assigned a set of permissions granted at app installation, except two cases of dynamic class loading and thread creation. As explained above, a malicious module can make use of reflection or dynamic code generation along with dynamic class loading to take harmful actions without leaving any trace on the call stack, Seo, page 8) separate from the software (Each Android app runs in its own sandbox, an isolated process with an application-specific UID allocated at the installation time. Seo, page 2).
As per claim 9, Seo in view of ORACLE teaches the apparatus of claim 8, the runtime environment separate from the software comprising a separate process or a sandbox (This motivates us to introduce a JNI sandboxing mechanism to FLEXDROID. In this approach, FLEXDROID prevents JNI from accessing memory regions of Java code by sandboxing JNI code. Seo, page 7).
As per claim 10, Seo in view of ORACLE teaches the apparatus of claim 1, the memory comprising instructions that when executed by the processor cause the processor to validate the library manifest associated with the library based on one or more signatures and one or more public keys (The jarsigner command also attempts to validate the signer's certificate after signing or verifying. If there is a validation error or any other problem, the command generates warning messages, ORACLE, page 3).


As per claim 11, Seo in view of ORACLE teaches the apparatus of claim I 0, the one or more signatures comprising a digital signature of the library generated with a private key (Its authenticity can be verified by a computation that uses the public key corresponding to the private key used to generate the signature. ORACLE, page 2).
Seo in view of ORACLE are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Seo in view of ORACLE. This would have been desirable because a signature file (.SF file) looks similar to the manifest file that is always included in a JAR file when the jarsigner command is used to sign the file. (ORACLE, page 6).

As per claim 12, Seo in view of ORACLE teaches the apparatus of claim 1, the memory comprising instructions that when executed by the processor cause the processor to receive the library and the library manifest, and the one or more signatures from a versioning system (In order to improve out of the box security, default key size and signature algorithm names are periodically updated to stronger values with each release of the JDK. If interoperability with older releases of the JDK is important, please make sure the defaults are supported by those releases, or alternatively use the –sigalg option to override the default values at your own risk. ORACLE, page 5).
Seo in view of ORACLE are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Seo in view of ORACLE. This would have been desirable because a signature file (.SF file) looks similar to the 

As per claim 13, Seo in view of ORACLE teaches the apparatus of claim 12, the one or more signatures comprising a digital signature of the library and a digital signature of the library manifest (In the manifest file, the SHA digest value for each source file is the digest (hash) of the binary data in the source file. In the .SF file, the digest value for a specified source file is the hash of the three lines in the manifest file for the source file. The signature file, by default, includes a header with a hash of the whole manifest file. The header also contains a hash of the manifest header. The presence of the header enables verification optimization. ORACLE, page 6).
Seo in view of ORACLE are analogous art to the claimed invention, because they are from a similar field of endeavor of systems, components and methodologies for providing secure communication between computer systems. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Seo in view of ORACLE. This would have been desirable because a signature file (.SF file) looks similar to the manifest file that is always included in a JAR file when the jarsigner command is used to sign the file. (ORACLE, page 6).

As per claim 14, Seo in view of ORACLE teaches the apparatus of claim 1, the software comprising an application (TABLE III: A snapshot of an app’s call stack: application (A) invokes a JNI library (L) to take a picture. Since FLEXDROID protects the app’s call stack when executing the library, the JNI library cannot counterfeit its principal to bypass FLEXDROID’s rules. Seo, page 6).
Claims 15-18 and 20-25 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of obviousness as used above.
claim 19, Seo in view of ORACLE teaches the at least one non-transitory computer-readable medium of claim 15, the protective action comprising one or more of preventing the library access, generating an alert (Among the libraries, we particularly focus on Flurry, which accesses a device’s IMEI code using undocumented READ_PHONE_STATE permission. Flurry prints IMEI code as a log message that we can observe. We repackage the APK file to take away the READ_PHONE_STATE permission from Flurry. We also set the android:mockOnException attribute to true to provide Flurry with a fake IMEI code. We check out that Flurry outputs log messages related to the fake IMEI code. This indicates that FLEXDROID does not degrade usability in the view of a user while FLEXDROID successfully prevents the privacy-sensitive information from being leaked. Seo, page 13), and creating a log entry (Our benchmark app invokes a native method that simply prints a log message. Seo, page 14).
Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/OLEG KORSAK/Primary Examiner, Art Unit 2492