DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This action is in response to the communications and remarks filed on 02/10/2022. Claims 19-25 was previously canceled. Claims 1-18 have been examined and are pending.
Response to Arguments
Acknowledgement to applicant’s amendment to the specification has been noted. The claim has been reviewed, entered and found obviating to previously raised objection for minor informalities. Objection to the claims the specification is hereby withdrawn.
Acknowledgement to applicant's amendment to claims 1 and 4 have been noted. The claim has been reviewed, entered and found obviating to previously raised rejection under 35 USC 112 2nd. Rejection under 35 USC 112 2nd to claims 1 and 4 is hereby withdrawn.

Applicant’s arguments in the instant Amendment, filed on 02/10/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “Rejections Under 35 U.S.C. §103... The Maikowski/Rhoads/Li combination fails to teach or suggest such an apparatus. 
Maikowski describes a method for managing computer macros that include a plurality of hosted applications... a macro data store storing a plurality of macros... each defining a set of actions to be performed... and a processor... that... defines one or more objects... each compris[ing] communications from the plurality of macros. (Maikowski Abstract) Maikowski describes "[w]here several different applications are to be controlled by the macros and multiple services are to be accessed by the macros, a service interface may be provided so that a macro programmer can use a single macro language to communicate with all the various services and applications. (Maikowski para. [0004]) Finally, Maikowski describes "security layers 110a-B can protect the end user in a variety of ways, including Trojan horse attacks, phishing attacks, and other malicious code. In some implementations, the security layer may 110a after a dialog box has been delivered to the user. In such an example, a message included in the dialog may identify a macro as a potentially untrusted macro and may further identify what can happen when the macro is executed. (Maikowski para. [0037]) While Maikowski describes a method for managing computer macros, Maikowski does not describe a process detector or any logic that detects the execution of a macro-executing process. Additionally, Maikowski does not describe an image capturer to, in response to detection of the macro-execution process, capture an image of a user interface of the macro- executing process. Separately, Maikowski does not describe an image capturer, a macro- executing process, a macro-executing process detector, or any process involving images at all... As a result, Maikowski fails to teach or suggest the method of Claim 1.” 
Macros are described as a set of rule or command sequence that automates various business application tasks. Macros are heavily used in malware campaigns to run malicious code on an unsuspecting user’s computing device [specification, para 0012]. Applicant’s description of Maikowski sheds light on the capabilities of executed macros to be detected [Maikowski, ¶¶0004 and 0102].
The Examiner disagrees with the Applicant’s argument. The Examiner respectfully submits that Maikowski does disclose “...describe a process detector or any logic that detects the execution of a macro-executing process. Additionally, Maikowski does not describe an image capturer to, in response to detection of the macro-execution process, capture an image of a user interface of the macro- executing process.” As such, Maikowski still applies and will be maintained as rejected below.
Applicant’s arguments: “Rhoads fails to supply the elements missing from Maikowski. Rhoads describes "imaging architectures, in which a cell phone's image sensor is one in a chain of stages that successively act on instructions/data, to capture and later process imagery." (Rhoads Abstract) However, Rhoads fails to teach or suggest a process detector to detect execution of a macro-executing process; an image capturer to, in response to detection of the macro- execution process, capture an image of a user interface of the macro-executing process, as set forth in Claim 1. As a result, Rhoads fails to teach or suggest the elements of Claim 1 missing from Maikowski.”
Rhoads teaches aspects or features of: “a process detector to detect execution of a macro-executing process”; where the script executor 208 is responsible for macro execution and recovery; if there are syntactic or other errors detected can be reported. Additionally, a control processor module 36 provides automatic recognition of objects depicted in images [Rhoads, ¶¶0072-0073, 0285, and 0320]. Hence, Examiner interprets Rhoads teaching the control/management of macros processes, as analogous to detecting malicious code that may be part of executing macros, for example, encoding a delete function.
Applicant’s assertion that Rhoads does not disclose an image capturer to, in response to detection of the macro-execution process, capture an image of a user interface of the macro-executing process; appears to be correct. Hence, the primary reference of Maikowski teaches. 
“analyze the image to determine an image similarity to a stored image in [[a]] the database, the database to store .”  As such, Rhoads still applies and will be maintained as rejected below.
Applicant’s arguments: “Li fails to supply the elements missing from the combination of Maikowski and Rhoads. Li describes "[m]ethods [that] include generating a query list including a plurality of logo search queries, for each logo search query... generating a plurality of image search results... including image data, and clustering the plurality of image search results into a plurality of clusters... [and] extracting, for each cluster..., a representative image." (Li Abstract). Li does not teach or suggest a process detector to detect execution of a macro- executing process; an image capturer to, in response to detection of the macro-execution process, capture an image of a user interface of the macro-executing process, as set forth in Claim 1. As a result, Li fails to provide the elements of Claim 1 missing from the Maikowski/Rhoads combination.” 
Applicant’s assertion that Li does not teach or suggest “a process detector to detect execution of a macro- executing process; an image capturer to, in response to detection of the macro-execution process, capture an image of a user interface of the macro-executing process;” appears to be correct. However, Li does teach aspects or features of capture an image; where clients 102 retrieve one or more images, transmitting over the network 110 the graphical user interface interacts with implementation of disclosure functions therein [Li, ¶¶0022 and 0073]. 
Thus, the Examiner respectfully submits that Li does disclose the limitation  for which it was applied: “perform a responsive action in response to the image similarity meeting or exceeding a similarity threshold”.  As such, Li still applies and will be maintained as rejected below.
Applicant’s arguments: “Because each of Maikowski/Rhoads/Li is missing the same elements of claim 1, namely, a process detector to detect execution of a macro-executing process; an image capturer to, in response to detection of the macro-execution process, capture an image of a user interface of the macro-executing process, the alleged Maikowski/Rhoads/Li combination is missing those same elements. Therefore, the Maikowski/Rhoads/Li combination fails to establish a prima facie case of obviousness of the method of Claim 1. Withdrawal of the §103 rejections of Claim 1 and all claims dependent thereon is respectfully requested.”

In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  In this case, the combination of Maikowski, Rhoads, and Li are all from the same endeavor as the instant application: electrical digital data processing G06F.
Applicant’s arguments: “Independent Claim 7 Independent Claim 7 sets forth at least one non-transitory computer readable medium comprising instructions that, when executed, cause at least one processor to at least: detect execution of a macro-executing process; in response to detection of the macro-execution process, capture an image of a user interface of the macro-executing process. (Applicant's Claim 7) (Emphasis added). The alleged Maikowski/Rhoads/Li combination does not teach or suggest such a computer readable medium. Thus, withdrawal of the §103 rejections of Claim 7 and all claims dependent thereon is respectfully requested.” 

Applicant’s arguments: “Independent Claim 13 Independent Claim 13 sets forth a method for detecting a malicious macro including detecting execution of a macro-executing process; in response to detection of the macro- execution process, capturing an image of a user interface of the macro-executing process. (Applicant's Claim 13) (Emphasis added). The alleged Maikowski/Rhoads/Li combination does not teach or suggest such a method. Thus, withdrawal of the §103 rejections of Claim 13 and all claims dependent thereon is respectfully requested.”
The Examiner respectfully submits that independent claim 13 cites the same scope yet different statutory class. As such, the arguments provided above for independent claim 1 apply. Thus, the combination of Maikowski, Rhoads and Li will be maintained.

Claim Rejections - 35 USC § 103
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-3, 6-9, 12-15, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Google LLC/Maikowski et al, hereinafter ("Maikowski"), German Patent Application, (DE20201008488U1), in view of, Rhoads et al, hereinafter ("Rhoads"), US PG Publication (20130295894 A1), in view of Li et al, hereinafter ("Li"), US PG Publication (20150169634 A1).
Regarding currently amended claims 1, 7, and 13, Maikowski teaches an apparatus for detecting a malicious macro, the apparatus comprising; At least one non-
a database;  [Maikowski, ¶0072]
at least one memory; [Maikowski, ¶0072]
instructions;  [Maikowski, ¶0026]
processor circuitry to execute the instructions to:  [Maikowski, ¶¶0201 and 0204: processor 752]
 ¶¶0003-0004, 0037, and 0039: security layers 110a-b protect and have the ability to manage macros a macro server subsystem. ¶¶0072-0073: script executor 208 is responsible for macro execution and recovery; if there are syntactic or other errors detected can be reported.]
Maikowski, ¶¶0118-0119 and 0125-0126: a process 400 shows where a user runs a spreadsheet application; executed macros or scripts performed by script executor 420 as a continuous, series of steps or sequence; where the sequence serves as a "snapshot" of the execution state of the script interpreter. Hence, Examiner interprets the snapshot taken is analogous to image of a user interface of the macro-executing process]
However, Maikowski fails to explicitly teach but Rhoads teaches the database, the database to store ¶¶0087-0088 and 0127-0128: a universal pixel segmenter process of image sensor uses pattern and template matching of downloaded applications through SIFT object recognition image data/ image 43 captured by users' cell phone device user interface, can be analyzed to determine matches with harvested image data/ image 43 and their metadata. ¶0285: provides automatic recognition of objects depicted in images. ¶¶0032 and 00349-0350: image data submitted by user identifies matches from any image data stored in database to perform search. a system responds to images captured or wirelessly received from cell phones/related portable device 110, which can be buffered for analysis of metadata, textual metadata and/or patterns inferred from displayed images of its user interface. Hence, Examiner interprets the ] 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of method of virtual object referencing in a hosted computing environment of ¶0088].  
However, the combination of Maikowski and Rhoads fail to explicitly teach but Li teaches exceeding a similarity threshold.  [Li, ¶0048 a reference image similarity score is greater than a reference image similarity threshold]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Maikowski and Rhoads before him or her by including the teachings of an Automatic Learning of Logos For Visual Recognition of Li. The motivation/suggestion would have been obvious to try to modify the system of  SIFT object recognition/pattern matching operation taught by Maikowski by adding image similarity functionality as to likely produce an image similarity score as taught by Li [Li, ¶0048].
  
Regarding currently amended claims 2, 8, and 14, the combination of Maikowski, Rhoads, and Li teach claim 1 as described above.
processor circuitry  [Rhoads, ¶0096: processing circuitry; ¶0211 image data matched against to be acquired image data with feature recognition data of cache]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Maikowski and Li before him or her by including the teachings image processing architectures and methods of Rhoads. The motivation/suggestion would have been obvious to try to modify the system clustering of the image search results overlapped through querying taught by Maikowski by adding the cache of the SIFT object recognition/pattern matching operation to likely yield access to collected images as taught by Rhoads [Rhoads, ¶0211].

Regarding claims 3, 9, and 15, the combination of Maikowski, Rhoads, and Li teach claim 2 as described above.
Maikowski teaches wherein the local cache is to be synchronized with a central repository of known malicious macro interface images. [Maikowski, ¶0187: two-way synchronization]

Regarding claims 6, 12, and 18, the combination of teach claim 1 as described above.
[See Maikowski ¶0004 security wrappers to prevent malicious or hogging code ] and, store the image of the user interface in the database 

Claims 4, 10, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Google LLC/Maikowski et al, hereinafter ("Maikowski"), German Patent Application, (DE20201008488U1), in view of, Rhoads et al, hereinafter ("Rhoads"), US PG Publication (20130295894 A1), in view of Li et al, hereinafter ("Li"), US PG Publication (20150169634 A1), in view of Jing et al, hereinafter ("Jing"), US Patent (B1).

Regarding currently claims 4, 10, and 16, the combination of Maikowski, Rhoads, and Li teach claim 1 as described above.
However, the combination of Maikowski, Rhoads, and Li fails to explicitly teach but Jing teaches wherein the similarity threshold is a first similarity threshold, and wherein the processor circuitry is further or exceeding the similarity threshold, perform character recognition to identify text present in the image of the user interface; [Jing et al 8832096, Col 5, lines 39-41: Search system 110 identifies resources 105 and returns search results 111 to user devices 106. Col 6, lines 2-5 and 16-17: Labels are textual content (or data flags that indicate a topic to which the image belongs) and are also associated with an image. Col 6, lines 26-35 and 54-58:  for example, if a selection rate of 10% where image of Arc de Triomphe is exceeded, the label “Paris landmarks” now associates in search results. See Col 15, lines 50-51: circuitry] and 
a text analyzer to compare the identified text to stored text, wherein the responder is to perform, in response to a second similarity score of the identified text and the stored text meeting or exceeding a second similarity threshold, the responsive action. [col 8, lines 26-33 the image feature value Vector for an image can include image feature values that respectively rep resent color information for the image, brightness information, texture information, edge location information, and other visual information for the image. Thus, the visual distance between the image feature value Vectors can provide a value (i.e., an image similarity score) that is indicative of the visual similarity of the images.]
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Maikowski, Rhoads, and Li before him or her by including the teachings image processing architectures and methods of Jing. The motivation/suggestion would have .  

Claims 5, 11, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Google LLC/Maikowski et al, hereinafter ("Maikowski"), German Patent Application, (DE20201008488U1), in view of, Rhoads et al, hereinafter ("Rhoads"), US PG Publication (20130295894 A1), in view of Li et al, hereinafter ("Li"), US PG Publication (20150169634 A1), in view of Varsanyi et al., hereinafter (‘Varsanyi’), US PG Publication (20140201838 A1). 
Regarding claims 5, 11, and 17, the combination of teach claim 1 as described above.
However, the combination of Maikowski, Rhoads, and Li fail to teach but Varsanyi teaches wherein the responder is to at least one of: 
prevent further input from the user to the macro-executing process; 
display an error message to the user; or 
transmit an alert to a central monitoring facility. [Varsanyi, ¶0180 if the threat determination for an event (e.g., score calculated by the master scoring module 1365) exceeds a threshold, the event is flagged. Each event may contain forensic information supplied by all or a portion of the analytical algorithms, details from the language system, and/or the details of the semantic traffic model itself; as event log 1380, for later examination and/or signaled to an operator by an event notification module 1390 via a visual user interface 1395. Alternatively or 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to combine the teachings of Maikowski, Rhoads, and Jing before him or her by including the teachings of a Systems and methods for detecting and mitigating threats to a structured data storage system of Varsanyi. The motivation/suggestion would have been obvious to try to visual user interface to exchange notification/signaling of in response to flagged events [Varsanyi, ¶0180].  
	
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAKINAH W TAYLOR whose telephone number is (571)270-0682.  The examiner can normally be reached on Monday-Friday, 9:45-5:45.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.