Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-3, 9-12, 18, 19, 22-24 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Stolfo US 2009/0193293


As per claim 1. Stolfo teaches A secure network system comprising: at least one secured network connected device, comprising at least one hardware processor connected to at least one digital communication network interface, [0033] (Figure 1) and adapted for: in at least one iteration of a plurality of iterations: Stolfo teaches executing a binary code for computing a maliciousness score in response to an input message, where the binary code is received from a remote server via a network and encapsulates a classification model trained, [0048] [0049] (receive binary remotely to execute and detect maliciousness score) 


Stolfo teaches and providing the message to at least one software object executed by the at least one hardware processor to perform a message oriented task, subject to the message maliciousness score. [0088], [0091]  (forward for further processing, or drop based on score)As per claim 2. Stolfo teaches The system of claim 1, wherein the binary code encapsulates a plurality of hardware components and a plurality of software components of the classification model. [0047]As per claim 3.  Stolfo teaches The system of claim 1, wherein the at least one digital communication network interface is connected to a wireless digital communication network.  [0034]

As per claim 9. Stolfo teaches The system of claim 1, wherein the at least one hardware processor is further adapted for: in the at least one iteration: receiving another message via the at least one digital communication network interface; computing another message maliciousness score by providing the other message to the binary code; and providing the other message to the at least one software object to perform the message oriented task, subject to the other message maliciousness score. [0035][0048][0049] [0088], [0091]  (forward for further processing, or drop based on score)As per claim 10. Stolfo teaches The system of claim 1, wherein the at least one hardware processor is further adapted for: in at least one other iteration of the plurality of iterations: receiving from the remote server, via the network, another binary code for computing a maliciousness score in response to an input message; where the other binary code encapsulates the classification model further trained, using another plurality of historical messages collected by the remote server from the plurality of secured network connected devices, to compute the maliciousness score in response to the input message; and replacing the binary code with the other binary code. [0067][0075][0090]  (updating the classification model and repeating)
As per claim 11. Stolfo teaches The system of claim 1, wherein the at least one hardware processor is connected to the network via at least one other digital communication network interface. [0035]As per claim 12. Stolfo teaches The system of claim 1, wherein the at least one hardware processor is further adapted for: sending the message to the remote server for training the classification model. [0090]


As per claim 18. Stolfo teaches A method for a secured network connected device, comprising: in at least one iteration of a plurality of iterations: executing a binary code for computing a maliciousness score in response to an input message, where the binary code is received from a remote server via a network and encapsulates a classification model trained, using a plurality of historical messages collected by the remote server from a plurality of secured network connected devices, to compute the maliciousness score in response to the input message; receiving a message via the at least one digital communication network interface; computing a message maliciousness score by providing the message to the binary code; and providing the message to at least one software object executed by at least one hardware processor of the secured network connected device to perform a message oriented task, subject to the message maliciousness score. ; [0035] [0047] [0049][0048][0062][0067][0076][0090] [0088], [0091] (see claim 1)As per claim 19. Stolfo teaches A secure network system comprising: at least one server, comprising at least one hardware processor adapted for: in each of a plurality of server iterations: receiving from a plurality of secured network devices a plurality of messages; training a classification model to compute a maliciousness score in response to an input message; producing a binary code encapsulating the classification model; and sending the binary code, via a network, to at least one secured network connected device. ; [0035] [0047] [0049][0048][0062][0067][0076][0090] [0088], [0091] (see claim 1)

As per claim 22.  Stolfo teaches A method for a server of a secure network, comprising: in each of a plurality of server iterations: receiving from a plurality of secured network devices a plurality of messages; training a classification model to compute a maliciousness score in response to an input message; producing a binary code encapsulating the classification model; and sending the binary code, via a network, to at least one secured network connected device. [0035] [0047] [0049][0048][0062][0067][0076][0090] [0088], [0091] (see claim 1)
As per claim 23. Stolfo teaches A method for a secure network system, comprising: on at least one remote server: in each of a plurality of server iterations: receiving from a plurality of secured network devices a plurality of messages; training a classification model to compute a maliciousness score in response to an input message; producing a binary code encapsulating the classification model; and sending the binary code, via a network, to at least one secured network connected device; and on the at least one secured network connected device: in at least one iteration of a plurality of iterations: receiving the binary code from the at least one remote server; executing the binary code; receiving a message via at least one digital communication network interface; computing a message maliciousness score by providing the message to the binary code; and providing the message to at least one software object executed by the at least one hardware processor to perform a message oriented task, subject to the message maliciousness score. [0035] [0047] [0049][0048][0062][0067][0076][0090] [0088], [0091] (see claim 1)
As per claim 24. Stolfo teaches A secure network system comprising: at least one remote server, comprising at least one server hardware processor adapted for: in each of a plurality of server iterations: receiving from a plurality of secured network devices a plurality of messages; training a classification model to compute a maliciousness score in response to an input message; producing a binary code encapsulating the classification model; and sending the binary code, via a network, to at least one secured network connected device; and at least one secured network connected device, comprising at least one hardware processor connected to at least one digital communication network interface, and adapted for: in at least one iteration of a plurality of iterations: receiving the binary code from the at least one remote server; executing the binary code; receiving a message via at least one digital communication network interface; computing a message maliciousness score by providing the message to the binary code; and providing the message to at least one software object executed by the at least one hardware processor to perform a message oriented task, subject to the message maliciousness score. [0035] [0047] [0049][0048][0062][0067][0076][0090] [0088], [0091] (see claim 1)
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4-6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolfo US 2009/0193293 in view of Antonopoulos US 2016/0323435
As per claim 4.  Antonopoulos teaches The system of claim 3, wherein the wireless digital 
 It would have been obvious to one of ordinary skill in the art to use the network compatibility of Antonopoulos with Stolfo because it expands communications and compatibility [0028]As per claim 5. Antonopoulos teaches The system of claim 4, wherein the network based on IEEE 802.15.4 technical standard is a Zigbee Alliance Zigbee network. [0078]As per claim 6. Antonopoulos teaches The system of claim 4, where in the cellular network is a Global System for Mobile communications (GSM) network. [0078]



Claims 7, 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolfo US 2009/0193293 in view of Zhang US 2020/0045063
As per claim 7.  Zhang teaches The system of claim 1, wherein the classification model is a neural network. [0006][0034][0036] (teaches malware classifer is a neural network)
It would have been obvious to one of ordinary skill in the art to use the neural network of Zhang with the previous art because it provides better feedback and more accurate malware detection.As per claim 8. Zhang teaches The system of claim 7, wherein the neural network comprises a plurality of computation units and a plurality of node connections, each node connection having a source node of the plurality of computation units, a target node of the plurality of computation units, and a plurality of connection values; wherein the binary code encapsulates a plurality of compressed computation units, each a compressed representation of one of the plurality of computation units, and a plurality of compressed node connections, each a compressed representation of one of the plurality of node connections; and wherein executing the binary code comprises: expanding at least some of the compressed computation units to produce a plurality 

Claims 13, 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolfo US 2009/0193293 in view of Zuk US 2007/0297333

As per claim 13. Stolfo teaches The system of claim 1, wherein the at least one hardware processor is further adapter for: identifying at least one signature-based anomaly by computing a match between the message and at least one identified signature value; and refraining from providing the message to the binary code subject to identifying the at least one signature based anomaly. [0062] [0067]  (teaches using anomaly signatures)
Zuk explicitly teaches matching signatures [0032][0040].
It would have been obvious at the time the invention was filed to use the string matching methods of Zuk with Stolfo because they enhance and expand the malware detection of the system.Claims  15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolfo US 2009/0193293 in view of Ben-Itzhak US 2003/0204719
As per claim 15. Ben-Itzhak teaches The system of claim 1, wherein the at least one hardware processor is further adapted for: classifying the message as malformed, subject to a result of applying at least one message-format test to the message; sending a validation request, comprising at least part of the message, to the remote server for classification; receiving from the remote server a validation value; and refraining from providing the message to the other software object subject to the validation value. [0159] (teaches a validation of the message syntax format and refraining from forwarding subject to validation value)
It would have been obvious to one of ordinary skill in the art to use the system of Ben-Itzhack with Stolfo because it ensures that messages are properly formatted before any other checks are needed.As per claim 16. Ben-Itzhak teaches The system of claim 1, wherein the at least one hardware processor is further adapted for: classifying the message as verified, subject to a result of applying at least one syntax test to the message; and providing the message to the at least one software object instead of computing the message maliciousness score and providing the message to the at least one software object subject to the message maliciousness score. (teaches a validation of the message syntax format and refraining from forwarding subject to validation  

Claims  17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolfo US 2009/0193293 in view of Antonopoulos US 2016/0323435 in view of Ben-Itzhak US 2003/0204719

As per claim 17. Antonopoulos teaches GSM network.  
Ben-Itzhak teaches The system of claim 16, wherein the at least one digital communication interface is connected to a GSM network; and wherein applying the at least one syntax test comprises at least one of: comparing a command value extracted from the message to an identified command value; comparing a flag value extracted from the message to an identified flag value; comparing an amount of bytes of the message to an identified amount of bytes, comparing an encryption method value identified in the message to an identified encryption method value, and comparing a routing attribute value extracted from the message to an identified routing attribute value. (teaches a validation of the message syntax format and refraining from forwarding subject to validation value) [0159] 
It would have been obvious to one of ordinary skill in the art to use the system of Ben-Itzhack with Stolfo because it ensures that messages are properly formatted before any other checks are needed.
Claims  20, 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Stolfo US 2009/0193293 in view of Jakobsson US 11,102,244

As per claim 20. Jakobsson teaches The system of claim 19, wherein the at least one hardware processor is further adapted for: computing a plurality of digital signatures, each computed using one of the plurality of messages; associating a maliciousness score to each of the plurality of messages; and storing the plurality of messages as a plurality of historical messages in at least one non-volatile digital storage connected to the at least one hardware processor, each of the plurality of messages stored with respective maliciousness score and respective digital signature. (Column 68 lines 26-35) (Column 70 lines 30-35; 50-55) 
    It would have been obvious to one of ordinary skill at the time the invention was filed to use the history of Jakobsson with Stolfo because it increases the accuracy of the system.As per claim 21. Jakobsson teaches The system of claim 20, wherein the at least one hardware processor is further adapted for: in at least one of a plurality of validation iterations: receiving from the at least one secured network connected device a validation request, comprising at least part of a message; computing a digital signature using the at least part of the message; computing a validation value by comparing the digital signature to a plurality of digital signatures of the plurality of historical messages; and sending the validation value to the at least one secured network connected device. (Column 72 lines 58-65; Column 75 lines 10-20)
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439