DETAILED ACTION
This Office Action is in response to the Amendment filed on 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

TERMINAL DISCLAIMER
	The TD filed on 02/14/2020 is hereby acknowledged and approved.

Response to Amendment
	The objections to claims 3-9 and 9, and the 112 rejections to claims 14 and 16 made in the Non-Final Action dated 11/05/2021 are hereby withdrawn due to the amendments filed 02/04/2022.

Response to Arguments
Applicant's arguments filed 02/04/2022 have been fully considered but they are not persuasive. 
	Regarding claim 1, Applicant argues that Bowers does not disclose the newly added limitation “the determining including matching a permission setting on the computing device and a compromised permission setting in a compromised device model trained with a training set populated by information for a known compromised device;”
	In response, Examiner respectfully disagrees, and submits that a new detailed rejection is provided below.
	Claims 10 and 20 are also rejected for the same reason as claim 1 above.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1)as being anticipated by Bowers et al. (US 2017/0147827 A1-hereinafter Bowers.)
Regarding claim 1, Bowers discloses a computer-implemented method of determining whether a computing device has been compromised, the method comprising: 
obtaining file tree structure information for the computing device, wherein the file tree structure information details at least a portion of a tree-based structure of folders and files in a memory on the computing device (at least [0033][0037][0041][0043]-[0047], i.e.: information for operating system is obtained, operating system  details at least a portion of (system portion) folders and files stored on the communication device); 
determining from the file tree structure information that the computing device is compromised (at least [0047]-[0060][0078][0080], i.e.: from information for the operating system, the communication device is determined to be compromised) the determining including matching a permission setting on the computing device and a compromised permission setting in a compromised device model trained with a training set populated by information for a known compromised device (at least [0053]-[0055] [0060]-[0061][0066],i.e.: device is defined as being compromised or altered, when a permission which should be set as inaccessible has been altered and set to accessible as heuristically trained by the integrity checking module); and 
based on the determination that the computing device has been compromised, taking an action (at least [0087], based on information that the communication device is compromised, corrective action is taken.)

Regarding claim 2, Bowers discloses the computer-implemented method of claim 1. Bowers also discloses file tree structure information includes permissions associated with folders and files in the portion of the tree-based structure (i.e.: [0035][0043], the information for the operating system includes user profiles that users access and permissions in the operating system.)

Regarding claim 3, Bowers discloses the computer-implemented method of claim 2. Bowers also discloses the determining includes identifying a match between a permission setting of a file or folder on the computing device and a compromised permission setting for that file or folder in a model (at least [0053], i.e.: when a user who is not authorized to access a file, accesses the file.)

Regarding claim 4, The computer-implemented method of claim 2, wherein the determining includes identifying a difference between a permission setting of a file or folder on the computing device and an expected permission setting for that file or folder prescribed by an uncompromised device model (at least [0053], when a user accesses a file, but the user is not authorized to access the file.)

Regarding claim 5, Bowers discloses the computer-implemented method of claim 2. Bowers also discloses the determining includes determining that a file or folder within a privileged memory space is accessible (at least [0041], i.e.: system portion is accessible.)

Regarding claim 6, Bowers discloses the computer-implemented method of claim 1. Bowers also discloses a model prescribes an expected tree-based structure of an uncompromised device and wherein the determining includes identifying a deviation between the portion of the tree-based structure and the expected tree-based structure (at least [0046]-[0078], i.e. information found during integrity checks is not consistent with previous checks.)

Regarding claim 7, Bowers disclose the computer-implemented method of claim 1. Bowers also discloses one or more models prescribe expected tree-based structures of compromised devices and wherein the determining includes matching the portion of the tree-based structure to one of the expected tree-based structures (at least [0046]-[0078], one or more parameters that are outside of predefined threshold are set as compromised. So, when an integrity check is performed, and the result matches that of a parameter that is outside of the predefined threshold, the communicating device is determined to be compromised.) 

(at least figures3, 4A & 4B, [0039]-[0041], system portion does not include user portion.)

Regarding claim 9, Bowers discloses the computer-implemented method of claim 1.  Wherein the taking an action comprises at least one of sending a message to a remote device regarding the compromised computing device (at least [0087], output information identifying that the communicating device is compromised.)

Claim 10 is rejected for the same rationale as claim 1.  In addition, Bowers also discloses a processor, a memory, and a device analysis application (at least figures 1, 2 & 4B, [0019][0028], processor, memory, server and integrity checking module.)

Claim 11 is rejected for the same rationale as claim 2.
Claim 12 is rejected for the same rationale as claim 3.
Claim 13 is rejected for the same rationale as claim 4.
Claim 14 is rejected for the same rationale as claim 5. In addition, Bowers also discloses unprivileged space (at least figures 3 & 4A, user portion.)
Claim 15 is rejected for the same rationale as claim 6.
Claim 16 is rejected for the same rationale as claim 7.
Claim 17 is rejected for the same rationale as claim 8.
Claim 18 is rejected for the same rationale as claim 9.

Regarding claim 19, Bowers discloses the electronic device claimed in claim 10. Bowers also discloses the computing device comprises one of the computing device (at least figures 1 & 2, [0019]-[0020], communicating device.)

Claim 20 is rejected for the same rationale as claims 1 & 10 above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/Primary Examiner, Art Unit 2438