DETAILED ACTION
I.	Claims 14-16, 19, 20, 22-26, 29, 32 and 33 were cancelled in a preliminary amendment.
II.	Claims 1-13, 17, 18, 21, 27, 28, 30, and 31 have been examined.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Priority
The current application is a national stage entry of PCT/CA2019/050991, International Filing Date: 07/17/2019 which claims priority from Provisional Application 62699108, filed 07/17/2018.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/25/2020 has been considered by the examiner.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-13, 17, 18, 21, 27, 28, 30, and 31 are rejected under 35 U.S.C. 103 as being unpatentable over United States Patent Application Publication No. US 20170098087 A1 to Li, hereinafter Li and further in view of United States Patent Application Publication No. US 20140373171 A1 to Grocutt, hereinafter Grocutt.
Regarding claim 1, Li teaches a method for securely operating a computer system, the method comprising: making a function call to a target function of a software component (paragraph 28).
Li teaches the claimed invention, as cited above.  However, Li does not teach the claim limitations directed to “calling, by the target function, a gateway function; querying, by the gateway function, an activation setting; and terminating, by the gateway function, the function call to the target function if the activation setting indicates an inactive status”.  Grocutt teaches said claim limitations, as cited below.
Further regarding claim 1, Grocutt teaches calling, by the target function, a gateway function; querying, by the gateway function, an activation setting; and terminating, by 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Grocutt with the teachings of Li to engage in software library management so as to protect the data within the libraries for improper access.
In assessing whether a claim to a combination of prior art elements/steps would have been obvious, the question to be asked is whether the improvement of the claim is more than the predictable use of prior art elements or steps according to their established functions. KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398, 418 (2007). “[T]he analysis need not seek out precise teachings directed to the specific subject matter of the challenged claim, for a court can take account of the inferences and creative steps that a person of ordinary skill in the art would employ.” Id. at 418.  It is well established that in evaluating references it is proper to take into account not only the specific teachings of the references but also the inferences which one skilled in the art would reasonably be expected to draw therefrom. In re Preda, 401 F.2d 825, 826 (CCPA 1968).
The obviousness to combine for claim 1 also pertains to claims 2, 4, 5, 7, 8, 10, 11, 27, 28, 30, and 31.
Regarding claim 2, Grocutt teaches returning, by the gateway function, to the target function if the activation setting indicates an active status (paragraph 13, “The library 
Regarding claim 3, Li teaches wherein the target function is a function of a software library, and the activation setting indicates an activation status of the software library (paragraph 28).
Regarding claim 4, Grocutt teaches wherein the activation setting indicates an activation status of the target function (paragraph 13, “The library managements software selects at least one of the software libraries as an active library and at least one other software library as an inactive software library. Software libraries which are designated as inactive are not executable by the processing circuitry, and security critical resources associated with that library are not accessible to the active library. If the processing circuitry attempts to call to an inactive software library, then the library management software controls the processing circuitry to switch which library is active so that the required library becomes active and the previously active library becomes inactive.”, paragraph 18, “Also, as the security protection hardware can enforce security between the secure domain and the less secure domain, it is possible to designate one active library in the secure domain and one active library in the less secure domain, which still cannot access each other without permission due to the protection provided by the hardware. Therefore, there are a number of reasons why it might be desirable to set multiple libraries as active simultaneously. In general, the library management software may ensure that an inactive library is prevented from being accessed inappropriately by 
Regarding claim 5, Grocutt teaches wherein the activation setting is stored in the software component (paragraph 34).
Regarding claim 6, Li teaches wherein terminating the function call comprises shutting down the computer system (paragraph 55, “terminate”).
Regarding claim 7, Grocutt teaches wherein terminating the function call comprises: identifying, by the gateway function, a data type expected to be returned by the target function; generating, by the gateway function, a default value of the data type; returning, by the gateway function, the default value; and terminating, by the gateway function, the function call to the target function (paragraph 70, “The fault handler 150 switches the 
Regarding claim 8, Grocutt teaches wherein terminating the function call comprises: returning, by the gateway function, an exception; and terminating, by the gateway function, the function call to the target function (paragraphs 63 and 70).
Regarding claim 9, Li teaches wherein returning an exception by the gateway function comprises returning an exception indicating an illegal access was attempted (paragraphs 37-39, 42, and 46, “identified attack”, and paragraph 47, “attack detection and protection”).
Regarding claim 10, Grocutt teaches calling a control function, wherein calling the control function comprises: retrieving, by the control function, an updated value for the activation setting from a control unit; and updating, by the control function, the activation 
Regarding claim 11, Grocutt teaches receiving, by the control unit, an indication from a user to deactivate the software component; and setting, by the control unit, the updated value for the activation setting to indicate that the software component is inactive 
Regarding claim 12, Li teaches identifying, by the control unit, the software component; querying, by the control unit, a vulnerability database for a list of vulnerabilities contained in the software component; displaying, by the control unit, an indication that the software component contains a vulnerability if the list of vulnerabilities contained in the software component contains at least one vulnerability (paragraph 35, “the vulnerability list” and paragraph 40, “a ranked list of vulnerabilities”).
Regarding claim 13, Li teaches setting, by the control unit, the updated value for the activation setting to indicate that the software component is inactive if the list of vulnerabilities contained in the software component contains at least one vulnerability (paragraph 35, “the vulnerability list” and paragraph 40, “a ranked list of vulnerabilities”).
Regarding claim 17, Li teaches adding the gateway function to the software component; and modifying the target function to call the gateway function (paragraph 28).
Regarding claim 18, Li teaches wherein the software component is a library (paragraphs 20-22, 28-31 and 46).
Regarding claim 21, Li discloses a computer readable memory having stored thereon machine executable instructions, which when executed by a processor, cause the processor to perform the method of claim 1 (paragraphs 6, 9, 24 and 56).
Regarding claim 27, Li discloses a computer system comprising: 
a control unit (Figure 1); 
and a hardware platform communicatively coupled to the control unit (Figure 1, paragraph 24); 
wherein the hardware platform is configured to execute a plurality of software components (Figure 1, paragraph 24).

a gateway function; and at least one base function configured to call the gateway function; and wherein the gateway function is configured to query an activation setting and terminate the base function if the activation setting indicates an inactive status; and wherein the control unit is configured to set the activation setting”.  Grocutt discloses said claim limitations, as cited below.
Further regarding claim 27, Grocutt discloses wherein each of the software components comprises: 
a gateway function; and at least one base function configured to call the gateway function; and wherein the gateway function is configured to query an activation setting and terminate the base function if the activation setting indicates an inactive status; and wherein the control unit is configured to set the activation setting (paragraph 13, “The library managements software selects at least one of the software libraries as an active library and at least one other software library as an inactive software library. Software libraries which are designated as inactive are not executable by the processing circuitry, and security critical resources associated with that library are not accessible to the active library. If the processing circuitry attempts to call to an inactive software library, then the library management software controls the processing circuitry to switch which library is active so that the required library becomes active and the previously active library becomes inactive.”, paragraph 18, “Also, as the security protection hardware can enforce security between the secure domain and the less secure domain, it is possible to designate one active library in the secure domain and one active library in the less 
Regarding claim 28, Grocutt discloses wherein the gateway function is further configured to return to the base function if the activation setting indicates an active status (paragraph 70, “The fault handler 150 switches the configuration of the secure MPU 50 based on the library configuration data 112 so that subsequent function calls to the newly active library will be allowed and function calls to the old library which is now inactive will now trigger a fault. Also, the fault handler 150 changes the stack pointer in the secure stack pointer register 24 to indicate a stack in the data store 6 associated 
Regarding claim 30, Grocutt discloses wherein the gateway function is configured to terminate the base function by: identifying a data type expected to be returned by the base function; generating a default value of the data type; returning the default value; and terminating the base function (paragraph 70, “The fault handler 150 switches the configuration of the secure MPU 50 based on the library configuration data 112 so that subsequent function calls to the newly active library will be allowed and function calls to the old library which is now inactive will now trigger a fault. Also, the fault handler 150 changes the stack pointer in the secure stack pointer register 24 to indicate a stack in the data store 6 associated with the newly active library instead of a stack associated with the previously active library. This ensures that the new library can access the stack associated with it. If the new library does not already have a stack, then a stack is allocated in the secure region 44 of the data store 6. The library manager 110 can also perform some software security checks to determine whether the switch of libraries is permitted.”).
Regarding claim 31, Grocutt discloses wherein the gateway function is configured to terminate the base function by: returning an exception; and terminating the function call to the base function (paragraph 63 and 70).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The references cited on form PTO-892 are cited to further show the state of the art with respect to securing a computer system.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEREMIAH L AVERY whose telephone number is (571)272-8627. The examiner can normally be reached M-F 8:30am -5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/JEREMIAH L AVERY/Primary Examiner, Art Unit 2431