DETAILED ACTION


1.	This is in reply to an application filed on 11/03/2020. Claims 21-40 are pending examination.

2.  The present application, filed on or after March 16, 2013, is being examined under 
      the first inventor to file provisions of the AIA .  

3.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. 
Claims 21-40 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,853,480 in view of Naamneh (as mentioned below), wherein the claims of the patent No. 10,853,480 do not recite: detecting a stack pivot exploit by determining when the current stack pointer is determined to be outside the range of the stack limit, however Naamneh substantially teaches if the current stack pointer, due to the use of stack pivoting techniques, is not .

4.
Claim Rejections - 35 USC § 103
 In the event the determination of the status of the application as subject to AIA  35   U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	Claims 21-40 are rejected under 35 U.S.C. 103) as being unpatentable over Naamneh et al. US 10,489,592 (hereinafter Naamneh), and further in view of Sallam et al. US 2012/0255013 (hereinafter Sallam).
Regarding claim 21 Naamneh teaches a method comprising: determining software checkpoints for a process executing on a computing device; for each determined software checkpoint encountered by the executing process: identifying a current stack pointer and a range of memory, wherein the range of memory indicates a valid set of memory addresses between a stack base and a stack limit; evaluating the current stack pointer against the corresponding range of memory to determine whether 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify Naamneh such that the invention further includes a user mode and kernel mode with a process. One would have been motivated to do so as to deny the modified code access to kernel functions or routines [0288].

Regarding claim 23 Naamneh as modified teaches the method of claim 22, wherein the software checkpoints include at least two of: process creation events, thread creation events, library file load events, registry access events, file system access events, object manager events, and memory operation events (Naamneh teaches an exception may be triggered when a malware component attempts to transmit a request to a remote server, and an exception may be triggered when stack pointer is not within a memory address boundaries (col. 4, lin. 5-26), and further see [0190] from Sallam). 
Regarding claim 24 Naamneh as modified teaches the method of claim 21, wherein each of the one or more execution modes is associated with a stack memory (Sallam teaches determine for a given memory page or physical address whether such a location belongs to a particular code section or data section; to which module, 
Regarding claim 25 Naamneh as modified teaches the method of claim 21, wherein the current stack pointer refers to a machine register storing a current top memory address of a current stack, the stack base refers to the lowest memory address currently allocated to the current stack, and the stack limit refers to the highest memory address currently allocated to the current stack (Naamneh teaches the boundaries defines a minimum memory address base such as a stack base address, and maximum memory address such as a stack limit address (col. 4, lin. 5-26), and wherein the stack pointer references a memory address that is greater than the stack base address (e.g., the stack pointer points to a location in memory with a higher address than the stack base address) (col. 4, lin.41-col. 5, lin. 1-5)). 
Regarding claim 26 Naamneh as modified teaches the method of claim 21, wherein identifying the current stack pointer and the range of memory comprises accessing at least one of a thread information block and one or more operating system APIs for determining the range of memory (Naamneh teaches the memory address boundaries defined for the application may be defined by the operating system of test device and may define a minimum memory address (a stack base address) and a maximum memory address (a stack limit address) (col. 4, lin. 5-26)). 
Regarding claim 27 Naamneh as modified teaches the method of claim 21, wherein evaluating the current stack pointer against the range of memory comprises using at least one of: a rule set and an evaluation model (Naamneh teaches when an 
Regarding claim 28 Naamneh as modified teaches the method of claim 21, wherein determining whether the current stack pointer is within the range of the range of memory comprises comparing a memory address of the current stack pointer to a range of memory addresses associated with the range of memory (Naamneh teaches memory address boundaries defined for the application may be defined by the operating system of test device and may define a minimum memory address such as a stack base address, and a maximum memory address a stack limit address (col. 4, lin. 5-26), comparing a current memory address to memory address defined as the boundary addresses for an application currently executing on the device (col. 5, lin. 63-col. 6, lin. 1-11)). 
Regarding claim 29 Naamneh as modified teaches the method of claim 21, wherein the one or more remedial actions comprise at least one of: displaying a warning, terminating the process, modifying a set of privileges, and quarantining a file associated with the process (col. 4, lin. 5-26), and further Sallam teaches a corrective action may include terminating, deleting, modifying, or otherwise neutralizing such one or more related threads [0312]. 
In response to Claim 30: Rejected for the same reason as claim 21
In response to Claim 31: Rejected for the same reason as claim 22
In response to Claim 32: Rejected for the same reason as claim 23
In response to Claim 33: Rejected for the same reason as claim 24
In response to Claim 34: Rejected for the same reason as claim 25
In response to Claim 35: Rejected for the same reason as claim 26
In response to Claim 36: Rejected for the same reason as claim 27
In response to Claim 37: Rejected for the same reason as claim 28
In response to Claim 38: Rejected for the same reason as claim 29
In response to Claim 39: Rejected for the same reason as claim 21
In response to Claim 40: Rejected for the same reason as claim 28



	

Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to AYOUB ALATA whose telephone number is (313)446-6541.  The examiner can normally be reached on Monday - Friday 7:30 - 5:00 Est.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung (Jay) Kim can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is (571)273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For 

/AYOUB ALATA/Primary Examiner, Art Unit 2494