Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to request for continued examination filed 12/8/21.
Claims 1-20 are pending.

Response to Arguments
Objections to the Specification
The applicant’s amendments are sufficient to overcome the previous objections which are consequently withdrawn.

Rejections Under 35 U.S.C. §103
Applicant's arguments filed 12/8/21 have been fully considered but they are not persuasive.

… However, Aditham does not provide specifics, such as regarding its "CFG," that teach or suggest that "at least one of the symbols represent[s] at least one of: a variable, a buffer, an object, a segment of code, a controller to which the symbol relates, or a system to which the symbol relates," as recited by proposed amended claim 1. … (1st partial par. on pg. 13)

The examiner respectfully disagrees. For example, at par. [0153] Aditham discloses “Vertices in a CFG 1802 give the level of detail such as … basic block level”. Those of ordinary skill in the art would have understood that a “basic block” describes a segment of code.

Additionally, the cited references fail to teach or suggest "sending the first signature value to the controller ... configured to: compute a second signature value by the controller performing a signature operation on a second line-of-code behavior and relation model based on the second version of code," as recited by amended claim 1. For example, Madrid mentions that "[t]he vehicle controller 118 may use the signature verification key 138 to generate a controller signature." Madrid ,¶ [0038] (emphasis added). This, however, does not constitute or suggest "the controller [being] configured to: compute a second signature value by the controller performing a signature operation on a second line-of-code behavior and relation model based on the second version of code," as recited by proposed amended claim 1 (emphasis added). The remainder of Madrid offers no further illuminating disclosure regarding "generat[ing] a controller signature," nor do the remaining cited references cure this deficiency of Madrid. (last par. on pg. 13)

The examiner respectfully disagrees. Madrid discloses the controller receiving a first signature value (par. [0037] “The update server 112 may generate the signature key 130 and corresponding signature verification key 138") and computing a second signature value by the controller performing a signature operation on a second version of the code (par. [0038] “The vehicle controller 118 may use the signature verification key 138 to generate a controller signature”). What Madrid does not disclose is that these signature operations are performed on first and second “line-of-code behavior and relation models”. However, as discussed in more detail below, Aditham teaches these aspects of the claim. 

For example, Aditham discusses "[an] attack detection system 500c" that "locally analyze[s]" "the control-flow of each process running on a node in the big data cluster." Aditham ,¶ [0152]. This involves "[a] step [whereby] a set of minimum spanning trees (MST) 1804 are extracted from the instruction level control-flow graph 1802 of a compiled program 700." Id. (emphasis added). Aditham also mentions that "[t]he extracted MSTS 1804 are hashed and stored in an array called the program signature." Id. (emphasis added). Thus, at best, Aditham describes hashing extracted minimum spanning trees, rather than "performing a signature operation" on either the first or second "line-of-code behavior and relation model," as recited by proposed amended claim 1. Moreover, Aditham offers no teaching or suggestion of "[a] controller configured to: compute a second signature value by the controller performing a signature operation on a second line-of-code behavior and relation model based on the second version of code," as recited by proposed amended claim 1 (emphases added). Venkatesan, which relates to "a technology for generating a minimum delta between at least two program binaries" (Venkatesan, Abstract), does not discuss signatures, let alone "[a] controller configured to: compute a second signature value by the controller performing a signature operation on a second line-of-code behavior and relation model based on the second version of code," as recited by amended claim 1. (1st par. on pg. 14)

The examiner respectfully disagrees. Initially, it is noted that the claim does not recite specifics as to what the “signature operations” entail. Accordingly, a “signature operation” is broadly construed to comprise any operation which results in a “signature”. Aditham’s extraction of a minimum spanning tree (MST) from the control flow graph (CFG) is one step in a process which results in a signature representing the CFG of the software. Accordingly, Aditham teaches the claimed “signature operation on [a] line-of-code behavior and relation model”. 
Further, as indicated in the rejection, Aditham teaches computing first and second signatures for comparison (par. [0169] “a comparison of the process signature with at least one other process signature”). Accordingly, it would have been obvious to compute Madrid’s first and second signature values on “line-of-code behavior and relation models” as taught by Aditham. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-9, 11-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2018/0217828 to Madrid et al. (Madrid) in view of US 2019/0089720 to Aditham et al. (Aditham) in view of US 2004/0225996 to Venkatesan et al. (Venkatesan).

Claims 1 and 13: Madrid discloses a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for analyzing software based on functional line-of-code behavior and relation models, comprising: 
identifying a prompt to change a first version of code on a controller to a second version of code (par. [0033] “the response … indicates the software updates 102 are available”); 
performing a signature operation on the second version of code to produce a first signature value (par. [0037] “The update server 112 may generate the signature key 130 and corresponding signature verification key 138 … sign one or more portions of the software update file 102”); and 
sending the first signature value to the controller par. [0037] “download and send the signed software updates 102’ to the corresponding controllers 118”); 
wherein the controller is configured to:

compare the first signature value to the second signature value (par. [0038] “verify that the signature included with the download signed software updates 102’ matches”); and
determine, based on the comparison, whether to validate the second version of code (par. [0038] “verify that the signature included with the download signed software updates 102’ matches”).

Madrid does not explicitly disclose 
performing a functional analysis of the second version of code to determine at least two functions and at least one relationship between the at least two functions, wherein the functional analysis comprises:
at least one of a statistical or dynamic analysis process; and
constructing, based on the functional analysis, a fist line-of-code behavior and relation model representing execution of functions of the second version of code on the controller and comprising a plurality of symbols and symbol relationships describing influences between at least a portion of the symbols, at least one of the symbols representing at least one of:
a variable, a buffer, an object, a segment of code, a controller to which the symbol relates, or a system to which the symbol relates; 

computing a second signature value by performing a signature operation on a second line-of-code behavior and relation model based on the second version of code.

Aditham teaches:
performing a functional analysis of a version of code to determine at least two functions and at least one relationship between the at least two functions (par. [0153] “Vertices in a CFG 1802 give the level of detail, such as, instruction-level or basic block level … Edges in CFG 182 represent control jumps”, here the instructions/basic bocks describe the functionality of the code and the jumps represent relationships between them), wherein the functional analysis comprises:
at least one of a statistical or dynamic analysis process (e.g. par. [0151] “Tracing application to get their CFG” dynamic analysis); and
constructing, based on a functional analysis, a first line-of-code behavior and relation model representing execution of functions of a version of code on the controller (par. [0173] “creating a control flow graph of the process”) and comprising a plurality of symbols and symbol relationships describing influences between at least a portion of the symbols (par. [0153] “Vertices in a CFG 1802 give the level of detail, such as … basic block level … Branch instructions, function calls, conditional and unconditional jumps account for forward edges”), at least one of the symbols representing at least one of:

performing a signature operation on the constructed first line-of-code behavior and relation model, the signature operation being based on at least a configuration of the symbol relationships (par. [0173] “generating the process signature comprises … creating the hash according to the one or more minimum spanning trees”); and 
computing a second signature value by performing a signature operation on a second line-of-code behavior and relation model based on a second version of code (par. [0169] “a comparison of the process signature with at least one other process signature”).

It would have been obvious to perform a functional analysis to construct a line-of-code behavior and relation model (Aditham par. [0173] “creating a control flow graph of the process”) on the second versions of the code (Madrid par. [0033] “the response … indicates the software updates 102”) and to compare the results of first and second signature operations (Madrid par. [0038] “a controller signature and … the signature included with the download signed software updates 102’). Those of ordinary skill in the art would have been motivated to do so as a known means of identifying corrupted / malicious code (see e.g. Aditham par. [0173] “attack detection”).

Madrid and Aditham do not teach:


Venkatesan teaches analyzing software delta changes comprising:
determining at least one functional change to a first portion of code attributable to a difference between the first and second versions of code (par. [0105] “delta-generator matched blocks based on their content and neighborhood”), the at least one functional change being based on a relationship between the fist portion of code and a second portion of code (e.g. par. [0110] “these blocks … remain unchanged in T, but an extra call is added toffrom [sic] the block b4”, par. [0086] “delta 330 specifies “ADDEDGE(313, 337), … and ADDEDGE(337,315)”).

It would have been obvious at the time of filing to determine at least one functional change based on a relationship between a first portion of code and a second (par. [0110] “an extra call is added toffrom [sic] the block b4”). Those of ordinary skill in the art would have been motivated to do so to minimize the size of the delta (see e.g. Venkatesan abstract “generating a minimum delta”).

Claims 2 and 14: Madrid, Aditham and Venkatesan teach claims 1 and 13, wherein the prompt comprises a delta file (e.g. Venkatesan par. [0136] “receives the content 710 of unmatched blocks”).

Claim 3: Madrid, Aditham and Venkatesan teach claim 1, wherein the controller is further configured to, based on the validation, execute the second version of code on the controller (Madrid par. [0038] “install the received software updates 102 in response to detecting that the … signatures match”).

Claim 4: Madrid, Aditham and Venkatesan teach claim 1, wherein the controller is further configured to, based on the validation, prevent execution of the second version of code on the controller (Madrid par. [0038] “If the … signatures do not match, … send an error notification”).

Claim 5: Madrid, Aditham and Venkatesan teach claim 4, wherein the controller is further configured to, based on the validation, notify a remote source associated with the second version of code (Madrid par. [0038] “If the … signatures do not match, … send an error notification”, it would at least have been obvious to send this notification to the “update server 112” so that the issue can be corrected).

Claim 6: Madrid, Aditham and Venkatesan teach claim 1, wherein the second line-of-code behavior and relation model is constructed by the controller (Madrid par. [0038] “The vehicle controller 118 may … generate a controller signature”). 

Claims 7 and 16: Madrid, Aditham and Venkatesan teach the non-transitory computer readable medium of claims 1 and 13, wherein: 
the computing of the second signature value comprises constructing, based on the identified prompt, the second line-of-code behavior and relation model, the second line-of-code and behavior and relation model representing execution of functions of the controller based on the second version of code (Madrid par. [0038] “The vehicle controller 118 may use the signature verification key 138 to generate a controller signature”, Aditham par. [0173] “creating a control flow graph of the process”, par. [0153] “function calls”).

Claims 8 and 17: Madrid, Aditham and Venkatesan teach claims 7 and 16, wherein the second signature value is computed by using the signature operation (Aditham par. [0173] “generating the process signature comprises … creating the hash according to the one or more minimum spanning trees”).

Claims 9 and 18: Madrid, Aditham and Venkatesan teach claims 7 and 16, wherein at least one of the first or second line-of-code behavior and relation models was constructed dynamically based on data associated with real-time operations of the controller (Aditham par. [0151] “Tracing application to get their CFG”).

Claim 11: Madrid, Aditham and Venkatesan teach claim 1, wherein at least one of the symbols includes a functional profile developed through machine-observed behavior (Aditham par. [0151] “Tracing application to get their CFG”) .

Claims 12 and 20: The non-transitory computer readable medium of claim 1, 13, wherein the signature operation is based on a type, function, version of software, sensitivity value, age, or processing capacity of the controller (Madrid par. [0028] “indexed according to the vehicle controller 118”).

Claim 15: Madrid, Aditham and Venkatesan teach the computer-implemented method of claim 13, wherein performing the functional analysis comprises splitting the second version of code according to functional effects of segments of the second version of code or functional relationships between the segments (Aditham par. [0173] “extracting one or more minimum spanning trees”).

Claim 19: Madrid, Aditham and Venkatesan teach the computer-implemented method of claim 16, wherein functional analysis comprises determining an operational envelope associated with the second version of code, the operational envelope being based on at least one of: a CPU cycle, a memory requirement, a speed of execution, , a response time, a sequence of function execution (e.g. Venkatesan par. [0108] “i-neighborhood”, Aditham par. [0173] “creating a control flow graph of the process”), or a memory leakage.

Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over US 2018/0217828 to Madrid et al. (Madrid) in view of US 2019/0089720 to Aditham et al. (Aditham) in view of US 2020/0125475 to Iyer et al. (Iyer).

Claims 10 and 19: Madrid, Aditham and Venkatesan teach claims 7 and 16, wherein the first and second line-of-code behavior and relation models were constructed dynamically based on data associated with real-time operations of the controller (Aditham par. [0151] “Tracing application to get their CFG”).

Madrid, Aditham and Venkatesan do not teach wherein the first and second line-of-code behavior and relation models were constructed dynamically based on data associated with real-time operations of the controller, the data being limited based on a group of parameters set remotely from the controller.

Iyer teaches dynamically constructing a line-of-code behavior and relation model based on data associated with real-time operations of the controller (par. [0008] “dynamically generate … sections of a control flow graph”), the data being limited based on a group of parameters (par. [0007] “the data characteristics may also include relationships associated with the data argument such as functions to which the data argument is passed”).

It would have been obvious to construct the first or second line-of-code behavior and relation models (Aditham par. [0173] “creating a control flow graph of the process”) dynamically based . 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 2008/0040699 to Okada discloses an alternate signature operation on a line-of-code behavior and relation model (see e.g. par. [0059]). 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON D MITCHELL whose telephone number is (571)272-3728. The examiner can normally be reached Monday through Thursday 7:00am - 4:30pm and alternate Fridays 7:00am 3:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on (571)272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/JASON D MITCHELL/Primary Examiner, Art Unit 2199