DETAILED ACTION
This Office Action is in response to the Request for Continued Examination filed on September 08th, 2021.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1, 3, 10, 12, 19, 22, 25 & 32 were amended; and claims 1, 10, 19, 22, 25 & 32 are independent. Claims 1-38 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 09/08/2021 has been entered.

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 09/08/2021, 09/27/2021, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
Applicant’s arguments, see pages 12-15, filed 09/08/2021, with respect to the rejection(s) of claim(s) 1-5, 8-14, 17-28 and 32-35 under 35 U.S.C. 102 and claims 6-7 and 15-16 under 35 U.S.C. 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Crescenzo.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-5, 8-14, 17-28 and 32-35 are rejected under 35 U.S.C 103(a) as being unpatentable over Muddu et al. (Muddu), U.S. Pub. Number 2017/0063886, in view of Diehl et al. (Diehl), U.S. Pub. Number 2013/0333040, and further in view of Crescenzo et al. (Crescenzo), U.S. Pub. Number 2007/0180260.
Regarding claim 1; Muddu discloses a computer-implemented method comprising:
(par. 0302; fig. 19; the model execution engine 1808 running on the distributed computation system 1520 extracts the parameters of each model type definition to configure the workflows on that model type.);
storing the model of the computer application (par. 0313; fig. 20; the model training process threat can save the model state in the model store 1532 (e.g., in the distributed filesystem 1514 or the cache component 1523).);
inserting instructions into the computer application to collect data at runtime (par. 0527; the colleting of the predictions from each profiling window can be repeatedly performed for a period of time (i.e., “sliding through” the period of time); this period of time may be N times the length of the profiling window (i.e., Nx|W|); during the baseline prediction profile establishment for a period of time after the PST model becomes ready, the R for each profiling window is tracked and stored in a histogram.);
analyzing the data collected at runtime against the stored model including bounds attributes of the computer application to perform detection of one or more security events (par. 0447; the event data is analyzed to identify threats; threats are interpretations or conclusions based on and therefore associated with one or more anomalies; threats can be categorized or grouped into various types, both external and internal to the organization.); and
based upon the detection of the one or more security events, modifying, in a manner that preserves continued execution of the computer application, at least one computer routine associated with at least one active process or thread associated with the computer application (par. 0514; clicking on a threat modifies the text bubble to provide an indication of the type of threat and a link to “View Threat Details”; upon clicking on this link, the GUI user navigates to the associated “Threat Details” view, such as the “Threat Details” view 4540.).
Muddu fails to explicitly disclose pausing execution of at least one active process or thread associated with the computer application.
However, in the same field of endeavor, Diehl discloses kernel-level security agent comprising temporary pausing execution of at least one active process or thread associated with the computer application (Diehl: pars. 0012, 0017, 0030, 0044; upon determining an occurrence of such an interesting event, the event consumer can perform any or all of updating the situational model and performing further observation, generating an event to represent the determination that an interesting event has occurred, notifying the security service cloud of the interesting event, or healing the host computing device by halting/pausing execution of a process associated with malicious code or deceiving an adversary associated with the malicious code.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Diehl into the security platform of Muddu comprising temporary pausing execution of at least one active process or thread associated with the computer application to prevent the intrusion and spread of the malware (Diehl: par. 0003).

Muddu and Diehl fail to explicitly disclose the extracted model including bounds attributes of the computer application; wherein the one or more security events is associated with malicious action outside the bounds attributes of the computer application.
(Crescenzon: pars. 0024, 0027, 0050 & 0057; an upper bound is placed on the quantity of information from the server storage area that is retrieved by the adversary during an attack; the total information retrieved by the adversary is bounded by a fixed parameter; the password protocols in the bounded retrieval model, attention is paid to various parameters such as the adversary’s advantage over the online attack success probability, and the adversary’s retrieval strategy, and efficiency, i.e., the server’s lookup complexity; construct password protocols secure against bounded retrieval attacks by adaptive adversaries and have low lookup complexity; on constructing locally computable extractors and cryptosystems in the bounded storage model.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Crescenzo into the security platform of Muddu and the kernel-level security agent of Diehl comprising the extracted model including bounds attributes of the computer application; wherein the one or more security events is associated with malicious action outside the bounds attributes of the computer application to provide construction of efficient password protocols that remain secure against offline dictionary attacks (Crescenzo: par. 0003.).
Regarding claim 2; Muddu, Diehl and Crescenzo disclose the method of Claim 1 wherein Muddu further discloses the at least one computer routine is executed in association (Muddu: par. 0316; fig. 21; the computation worker execute multiple model-specific process threads associated with a single model type.).
Regarding claim 3; Muddu, Diehl and Crescenzo disclose the method of Claim 1 wherein Muddu further discloses the malicious action is a malicious movement to a different code path within the computer application (Muddu: par. 0563; figs. 63-67; identifying a security threat based on detecting suspicious lateral movement of a user; lateral movement refers to a user using a device or devices that he or she does not normally use, which may be indicative of a security threat.).
Regarding claim 4; Muddu, Diehl and Crescenzo disclose the method of Claim 1 wherein Muddu further discloses modifying includes verifying a patch or configuration associated with the computer application (Muddu: par. 0319; the user interface element triggers the action command for sending a message to the target-side computer system to demand termination of a problematic application, blocking of specific network traffic, or removal of a user account.).
Regarding claim 5; Muddu, Diehl and Crescenzo disclose the method of Claim 1 Muddu further discloses comprising: in response to receipt of one or more aggregate patches by a user (Muddu: par. 0318; the model deliberation process thread aggregates the security-related conclusion into the security-related conclusion store 1542; the aggregation of the security-related conclusions can be used in an analytic platform of the ML-based CEP engine 1500.), performing at least one of: modifying or removing the at least one computer routine associated with the computer application; and modifying or removing one or more individual patches associated with the computer application (par. 0660; the semantic processor 316 can remove internal traffic, e.g., data transfers that occur between two internal devices as part of file backup, which is less likely or unlikely to be an anomaly, from the outgoing traffic information.).
Regarding claim 8; Muddu, Diehl and Crescenzo disclose the method of Claim 1 Muddu further discloses comprising: modifying the at least one computer routine associated with the at least one active process, while the at least one active process is executing the at least one computer routine (Muddu: par. 0518; the security platform provides a structure for the network administrators or security analysts to easily design, configure, and modify the models in order to suit their own purpose and the deployed environment.).
Regarding claim 9; Muddu, Diehl and Crescenzo disclose the method of Claim 1 Muddu further discloses comprising after modifying the at least one computer routine, resuming execution of the at least one active process (Muddu: par. 0316; the model deliberation process thread can reconfigure to an updated model state without pausing or restarting.).
Regarding claim 10; Claim 10 is directed to a computer system which has similar scope as claim 1. Therefore, claim 10 remains un-patentable for the same reasons.
Regarding claims 11-14 & 17-18; Claims 11-14 & 17-18 are directed to the computer system of claim 10 which have similar scope as claims 2-5 & 8-9. Therefore, claims 11-14 & 17-18 remain un-patentable for the same reasons.
Regarding claim 19
Regarding claims 20-21; Claims 20-21 are directed to a computer-implemented method which has similar scope as claims 2-5 & 8-9. Therefore, claims 20-21 remain un-patentable for the same reasons.
Regarding claim 22; Claim 22 is directed to a computer system which has similar scope as claim 1. Therefore, claim 22 remains un-patentable for the same reasons.
Regarding claims 23-24; Claims 23-24 are directed to the system of claim 22 which has similar scope as claims 2-5 & 8-9. Therefore, claims 23-24 remain un-patentable for the same reasons.
Regarding claim 25; Claim 25 is directed to a computer-implemented method which has similar scope as claim 1. Therefore, claim 25 remains un-patentable for the same reasons.
Regarding claims 26-28; Claims 26-28 are directed to the method of claim 25 which has similar scope as claims 2-5 & 8-9. Therefore, claims 26-28 remain un-patentable for the same reasons.
Regarding claim 32; Claim 23 is directed to a computer system which has similar scope as claim 1. Therefore, claim 32 remains un-patentable for the same reasons.
Regarding claims 33-35; Claims 33-35 are directed to the system of claim 32 which has similar scope as claims 2-5 & 8-9. Therefore, claims 33-35 remain un-patentable for the same reasons.
Claims 6-7 and 15-16 are rejected under 35 U.S.C 103(a)Muddu et al. (Muddu), U.S. Pub. Number 2017/0063886, in view of Diehl et al. (Diehl), U.S. Pub. Number 2013/0333040, in view of Crescenzo et al. (Crescenzo), U.S. Pub. Number 2007/0180260, and further in view of Shukla, U.S. Pub. Number 2008/0016339.
Regarding claim 6; Muddu, Diehl and Crescenzo disclose the method of Claim 1.
Muddu, Diehl and Crescenzo fail to explicitly disclose modifying one or more stacks associated with the at least one computer routine.
However, in the same field of endeavor, Shukla discloses application sandbox to detect, remove, and prevent malware comprising: modifying one or more stacks associated with the at least one computer routine (Shukla: par. 0109; fig. 11; remove data from the stack correctly so that return from the trapping function bypasses the malware function.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing of the claimed invention to combine the teaching of Shukla into the system of Muddu, the system of Diehl and the method and system of Crescenzo comprising modifying one or more stacks associated with the at least one computer routine to improve protection against attacks that exploit application vulnerabilities and remove infestation from compromised system (Shukla: par. 0010).
Regarding claim 7; Muddu, Diehl and Crescenzo disclose the method of Claim 1.
Muddu, Diehl and Crescenzo fail to explicitly disclose modifying one or more heaps associated with the at least one computer routine.
However, in the same field of endeavor, Shukla discloses application sandbox to detect, remove, and prevent malware comprising: modifying one or more heaps associated with the at least one computer routine (Shukla: par. 0123; sandbox flexibility can be used to dynamically adjust the sandbox parameters to enhance security based on parameters such as executing code, signatures inside executing code, location from where the code was downloaded, identity of the module being executed; sandbox parameters change can increase or decrease the sandbox size.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing of the claimed invention to combine the teaching of Shukla into the system of Muddu, the system of Diehl and the method and system of Crescenzo comprising modifying one or more heaps associated with the at least one executing computer routine to improve protection against attacks that exploit application vulnerabilities and remove infestation from compromised system (Shukla: par. 0010).
Regarding claims 15-16; Claims 15-16 are directed to the computer system of claim 10 which have similar scope as claims 6-7. Therefore, claims 15-16 remain un-patentable for the same reasons.

Allowable Subject Matter
Claims 29, 30-31, 36, or 37-38 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/KHOI V LE/
Primary Examiner, Art Unit 2436