Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1. This action is responsive to the communication filed on March 28, 2019. At this time, claims 1-17 are pending and addressed below. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
 Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 5-7, 10, 13-14 and 16-17 are rejected under 35 U.S.C 103 as being unpatentable over Blumfield, US Pat.No 20050257208 in view of Sriram, US pat.No 20080178167. 

Claims 1, 16 and 17.Blumfield discloses a method of mitigating code weaknesses in a target code by adding micro functionality fixes, comprising: at least one server external to a device, (See [ 0002]; updating the operation of installed computer programs.) executing a code for:  and sending configuration instructions to a mitigation module installed on the memory chip, (See  [0044]; An administration server can also send patch configuration commands 202 to one or more target computer systems, which apply the patch configuration commands to reconfigure the operation of particular patches. [0051]; an executable module column 412, containing information identifying the executable module to be patched, such as its name ) the configuration  instructions comprising: a 
Blumfield does not appear to explicitly disclose identifying a plurality of code weaknesses in a target code installed in a memory chip of a device; 
However, Sriram discloses identifying a plurality of code weaknesses in a target code installed in a memory chip of a device; (See [0039];  various errors may be discovered. These errors may include logical errors (due to wrong logic), functional errors (due to the software not performing/functioning as expected) or runtime errors (due to problems with the environment in which the software is executed). Such errors (as well as any others detected) require changes to be made to the software instructions constituting the pre-installed software. ) 
Blumfield and Sriram are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield with the teaching of Sriram to include the identification of code weakness because it would have allowed to fix every weak point in the system. 
3. The combination of Blumfield and Sriram discloses the method of claim 1, wherein the plurality of code weaknesses are automatically detected by a static analysis tool. (See Blumfield, [0024])
Blumfield and Sriram are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield with the teaching of Sriram to include the identification of code weakness because it would have allowed to fix every weak point in the system. 
 6. The combination of Blumfield and Sriram discloses the method of claim 1, wherein the configuration instructions comprises a plurality of policies each comprising at least one code statement for activating one of the plurality of micro functionality fixes;(See Blumfield,  [0024]; each patch is applied to any instances of the executable module to be patched that are already loaded on the target computer system when the patch is received.) wherein the execution of the mitigation module by the at least one processor of the device induces the installment of the plurality of policies in the target code. (See Sriram, [0039];  various errors may be discovered. These errors may include logical errors (due to wrong logic), functional errors (due to the software not performing/functioning as expected) or runtime errors (due to problems with the environment in which the software is executed). Such errors (as well as any others detected) require changes to be made to the software instructions constituting the pre-installed software. ) 
Blumfield and Sriram are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield with the teaching of Sriram to include the identification of code weakness because it would have allowed to fix every weak point in the system. 
7. The combination of Blumfield and Sriram discloses the method of claim 6, wherein the at least one 
Blumfield and Sriram are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield with the teaching of Sriram to include the identification of code weakness because it would have allowed to fix every weak point in the system. 
 13. The combination of Blumfield and Sriram discloses the method of claim 1, wherein each micro functionality fix sets a function to be left unexecuted or semi executed so as to avoid performing one of the detected code weaknesses. (See Blumfield, [0006])14. The combination of Blumfield and Sriram discloses the method of claim 1, wherein the execution of the mitigation module induces the installment of the plurality of micro functionality fixes in the plurality of code weakness locations in a running memory of the memory chip. (See Blumfield, [0056])Claim 2 is rejected under 35 U.S.C 103 as being unpatentable over Blumfield, US Pat.No 

The combination of Blumfield and Sriram does not appear to explicitly disclose the method claim 1, wherein the plurality of code weaknesses are selected from a group consisting of common vulnerability exposures (CVEs) and common weakness enumerations (CWEs).
However,  Hammes discloses 
wherein the plurality of code weaknesses are selected from a group consisting of common vulnerability exposures (CVEs) and common weakness enumerations (CWEs). (See {0004])
Blumfield and Sriram and Hammes  are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield and Sriram with the teaching of Hammes to include the CVE   because it would have allowed to quickly identify common threat to the .  
Claim 8 is rejected under 35 U.S.C 103 as being unpatentable over Blumfield, US Pat.No 20050257208 in view of Sriram, US pat.No 20080178167 in further view of HANNA, US pat.No 20100153781. 

8. The combination of Blumfield and Sriram does not appear to explicitly disclose the method of claim 7, wherein the conditional statement changes a state of one of the plurality of micro functionality fixes to an active state from a non active state when the signal from the IDS is received. 
However, HANNA discloses wherein the conditional statement changes a state of one of the plurality of micro functionality fixes to an active state from a non active state when the signal from the IDS is received. (See Hanna, [0039])
Blumfield and Sriram and Hanna  are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield and Sriram with the .  


Claim 9 is rejected under 35 U.S.C 103 as being unpatentable over Blumfield, US Pat.No 20050257208 in view of Sriram, US pat.No 20080178167 in further view of Kirschner, US pat.No 20180308808. 

9. The combination of Blumfield and Sriram does not appear to explicitly disclose the method of claim 7, wherein the IDS generates the signal in response to a detected active attack on the device. 
However, Kirschner discloses wherein the IDS generates the signal in response to a detected active attack on the device. (see [0009])
Blumfield and Sriram and  Kirschner  are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield and Sriram with the teaching of Kirschner  to include the signal  because it would have allowed  to respond to system attack.  


Claim 11 is rejected under 35 U.S.C 103 as being unpatentable over Blumfield, US Pat.No 20050257208 in view of Sriram, US pat.No 20080178167 in further view of Tang, US pat.No 20180247069. 

11. The combination of Blumfield and Sriram does not appear to explicitly disclose the method of claim 1, wherein the plurality of micro functionality fixes are installed as software hooks in the plurality of code weakness locations. 
However, Tang discloses wherein the plurality of micro functionality fixes are installed as software hooks in the plurality of code weakness locations. (See {0073] )
Blumfield and Sriram and  Tang are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before .  

Claim 12 is rejected under 35 U.S.C 103 as being unpatentable over Blumfield, US Pat.No 20050257208 in view of Sriram, US pat.No 20080178167 in further view of Ho, US pat.No 20030084229.

12. The combination of Blumfield and Sriram does not appear to explicitly disclose the method of claim 1, wherein each micro functionality fix is 2-6 code lines. 
However, Ho discloses wherein each micro functionality fix is 2-6 code lines. (See [0032])
Blumfield and Sriram and Ho are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield and Sriram with the teaching of Ho to include the hook because it would have allowed  to fix malicious software.  

Claim 15 is rejected under 35 U.S.C 103 as being unpatentable over Blumfield, US Pat.No 20050257208 in view of Sriram, US pat.No 20080178167 in further view of Wang, US pat.No 20180212937. 

15. The combination of Blumfield and Sriram does not appear to explicitly disclose the method of claim 1, wherein the device is a component installed in a vehicle. 
However, Wang discloses wherein the device is a component installed in a vehicle. (See [0004-0005])
Blumfield and Sriram and Wang are analogous art because they are from the same field of endeavor which is  software maintenance. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of  Blumfield and Sriram with the teaching of Wang to include the vehicle because it would have allowed  to fix malicious software inside a vehicle.  


Claim 4 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
 
                                                                  Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Deckert, US8997086 Fix delivery system. 

Anderson, US9760362 Analytics based patch management and distribution. 
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSNEL JEUDY whose telephone number is (571)270-7476. The examiner can normally be reached M-F 10:00-8:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

 /JOSNEL JEUDY/ Primary Examiner, Art Unit 2438