DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending and have been examined.

Claim Rejections - 35 USC § 101
3.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


4.	Claims 16-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claims do not fall within at least one of the four categories of patent eligible subject matter. The broadest reasonable interpretation of a claim drawn to a computer readable (storage) medium typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent. A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid rejection under 35 U.S.C. § 101 by adding the limitation "non-transitory" to the claims.  

Claim Rejections - 35 USC § 102
5.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

6.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


7.	Claims 1-3, 6-9, 13, 15, and 16 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Nguyen-Tuong et al., US 2015/0304337 A1. Nguyen-Tuong teaches:

	As per claim 1, a cyberattack detection system (abstract), comprising:
	a memory [0052], [0066]; 
	a processor in operable communication with the memory [0052], [0066], the processor configured to perform steps which include:
	identifying a command which has been submitted for execution in a monitored environment on a monitored computing system ([0053]: command interception module intercepts security critical commands), 

	finding that the monitored environment is tailored to a monitored environment operating system ([0053]: the command interception module intercepts security-critical commands from running software where the software is hosted by a particular OS reading on the monitored environment being tailored to a monitored environment OS),
 	ascertaining that the command operating system does not match the monitored environment operating system ([0054]-[0055]: a command parsing module parses the security critical parts of the OS command and determines if any parts of the command are not trusted as a result of originating from outside the program being run by the operating system, reading on a command from an operating system that does not match the monitored operating system), and 
	raising an alert which specifies that an indicator of compromise of a cyberattack on the monitored computing system has been detected by the cyberattack detection system, the alert raising performed at least partly in response to ascertaining that the operating systems do not match ([0057]: if an OS command is found to be non-trusted, i.e., part of an attack, the command is rejected and an error message is displayed or sent, reading on an alert).
 
	As for claim 2, the system of claim 1, wherein the cyberattack detection system is at least a portion of the monitored computing system fig. 1, fig. 2, [0053], [0086]-[0088]: 
 
	As for claim 3, the system of claim 1, wherein the monitored computing system includes a web server process, wherein the cyberattack detection system processor is configured to discern that a command process is executing or executed the command, and wherein the alert is raised at least partly in response to the cyberattack detection system establishing that the command process belongs to the web server process ([0018]: the monitored platform may be a web server, [0056]: a command will be sent to a backend server if deemed safe, and will be rejected with an error message otherwise).
 
	As for claim 6, the system of claim 1, wherein the cyberattack detection system includes a list of abused commands which are commands that have both authorized uses and malicious uses, and wherein the alert is raised at least partly in response to the cyberattack detection system locating the command in the list of abused commands ([0055]-[0056]: a trust inference module determines if portions of a command are untrustworthy because they originate from an external source. An attack detection module scans a command for keywords that have been marked as untrustworthy by the trust inference module)
 
	As for claim 7, the system of claim 1, wherein the monitored computing system resides in a cloud ([0018] and [0061]: the monitored platform may be a server or system distributed across a wide geographic area, reading on a cloud system).

	As for claims 8 and 13, these claims are drawn to the method that corresponds to the system of claims 1 and 6. Claims 8 and 13 recite substantially the same limitations as claims 1 and 6 and are rejected on the same basis. 
 
	As for claim 9, the method of claim 8, further comprising establishing that the command process belongs to a target application process, and wherein the alerting is at 
least partly in response to the establishing ([0053]: security critical commands sent by an application are monitored and parsed, reading on a target application process). 
 
	As for claim 15, the method of claim 13, wherein a command in the list of abused commands is further characterized in at least one of the following ways: code implementing the command is part of a commercially available operating system distribution ([0053]: [0069]: system may be implemented in commercially available devices such as laptops, etc.); code implementing the command is built into a commercially available operating system ([0053]: [0069]: system may be implemented in commercially available devices such as laptops, etc.);  code implementing the command does not perform cryptocurrency mining;  or code implementing the command is not flagged as malware by a malware detection or antivirus detection tool running in the monitored environment. 
 
	As for claim 16, this claim is drawn to the computer-readable storage medium configured with data and instructions which upon execution by a processor perform a . 
 
Allowable Subject Matter
8.	Claims 4, 5, 10-12, and 14 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

9.	Clams 17-20 are rejected only under 35 USC Sec. 101 and not over prior art. They would be allowable if claim 16 were rewritten so as to overcome this rejection.

Conclusion
10.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Paul E. Callahan whose telephone number is (571) 272-3869.  The examiner presently works a part-time schedule and can normally be reached from 9am to 5pm on the first Monday and Tuesday and the second Thursday and Friday of the USPTO bi-week schedule.
The examiner’s email address is: Paul.Callahan1@USPTO.GOV
If attempts to reach the examiner by telephone are unsuccessful, the Examiner's supervisor, Kristine Kincaid, can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is: (571) 273-8300.

/PAUL E CALLAHAN/Primary Examiner, Art Unit 2437