Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 4/3/2020 and 5/27/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(4) because reference character “#308” has been used to designate both “new ransomware attack” and “Expose computer system with predetermined sample data to ransonware attack”.  
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.
The drawings are objected to because “ransonware” should read “ransomware” in Figure 3 #308. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is 

Specification
The disclosure is objected to because of the following informalities:
Pg. 6 ln. 5-6, “ransomware identifier 218” should be “ransomware identifier 216”
Pg. 15 ln. 14, “operating system 40” should be “operating system 640”
Pg. 16 ln. 12, “algorithm determined ate” should be “algorithm determined at”
Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:


Claims 1-10 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1 and 9 recite the limitation, “intercepting an index of the searchable encryption algorithm.” Claims 2-8 and 10 fall together accordingly.
The limitation in question does not satisfy the written description requirement under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph. The specification does not describe the limitation in sufficient detail so that one of ordinary skill in the art would recognize that the applicant had possession of the claimed invention.
In MPEP 2163 (I)(A), while “There is a presumption that an adequate written description of the claimed invention is present when the application is filed”, it also states “, issues of adequate written description may arise even for original claims, for example, when an aspect of the claimed invention has not been described with sufficient particularity such that one skilled in the art would recognize that the
applicant had possession of the claimed invention at the time of filing.”
In MPEP 2161.01, "computer-implemented functional claim language must still be evaluated for sufficient disclosure under the written description". And MPEP 2161.01(I) "generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed." For computer-implemented inventions, the determination of the sufficiency of disclosure will require an inquiry into the sufficiency of both the disclosed hardware and the disclosed 
Similarly, original claims may lack written description when the claims define the invention in functional language specifying a desired result but the specification does not sufficiently describe how the function is performed or the result is achieved. For software, this can occur when the algorithm or steps/procedure for performing the computer function are not explained at all or are not explained in sufficient detail (simply restating the function recited in the claim is not necessarily sufficient).
In this case, the specification does not provide sufficient details to “intercepting an index of the searchable encryption algorithm.” No algorithm or steps/procedure for performing the function can be found, explained at all or in sufficient detail. The portions of the specification relating to “intercepting an index of the searchable encryption algorithm” are found in Figures 2-3, Pg. 2 ln. 1-2, Pg. 6 ln. 11-13, Pg. 7 ln. 8-11, Pg. 10 ln. 3-4. The specification merely repeats the functionality found in the claim language.
	As in MPEP 2161.01 (I), “a specification cannot always support expansive claim language and satisfy the requirements of 35 U.S.C. 112 "merely by clearly describing one embodiment of the thing claimed." LizardTech v. Earth Resource Mapping, Inc., 424 F.3d 1336, 1346, 76 USPQ2d 1731, 1733 (Fed. Cir. 2005). A person skilled in the art would not understand that the applicant have invented, and been in possession of, the invention as broadly claimed. The description of “intercepting” does not entitle the inventor to claim any and all means for achieving the objective as claimed.
Furthermore, as in MPEP 2161.01 (I), "The description requirement of the patent statute requires a description of an invention, not an indication of a result that one might achieve if one made that invention." It is not enough that one skilled in the art could write a program to achieve the claimed function because the specification must explain how the inventor intends to achieve the claimed 
While some generic ways of “intercepting” might be known in related arts, description as to how the applicant intends to implement “intercepting an index of the searchable encryption algorithm” is not described. Therefore, the specification does not provide a disclosure of the computer and algorithm in sufficient detail to demonstrate to one of ordinary skill in the art that the inventor possessed the invention under 35 U.S.C. 112(a). 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-3, and 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Tamir et al. (US-PGPUB 2018/0212987 A1), hereinafter Tamir, in view of Wang, G. et al. “Leakage Models and Inference Attacks on Searchable Encryption for Cyber-Physical Social Systems.” IEEE Access 6 (2018): 21828-21839, hereinafter Wang.
	
	Regarding claim 1, Tamir discloses a computer implemented method of identifying a ransomware algorithm (Fig. 6) the ransomware algorithm having associated a predetermined responsive action for mitigating effects of the ransomware algorithm in use ([0058]) the method comprising: 

and training an autoencoder ([0047], “neural network”) based on the index to provide a trained autoencoder adapted to identify the ransomware algorithm based on the index ([0047], “features”). 
If the ransomware has access to the sample data on the target computer, then the target computer system has been exposed to the ransomware. Changes made to the sample data by the ransomware includes the encryption of the sample data. Finally, the index is a feature of the encryption algorithm used by the ransomware.
Tamir fails to explicitly disclose a searchable encryption algorithm and intercepting an index of the searchable encryption algorithm.
However, Wang teaches a searchable encryption algorithm (Sect. I, Pg. 21828, Col. 1 ln. 1-10) and intercepting an index of the searchable encryption algorithm (Sect. II-A, Pg. 21830, Col 1 ln. 51-54, “communications”).
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Tamir to incorporate the teachings of Wang to include a searchable encryption algorithm to encrypt the sample data, and to include intercepting an index of the searchable encryption algorithm to use as the training data set for the autoencoder to detect new types of ransomware.

	Regarding claim 2, Tamir in view of Wang discloses the method of claim 1 as set forth above, and further comprising, responsive to a ransomware attack, exposing a computer system containing the 
and executing (Tamir, [0043], “is used”) the trained autoencoder using a searchable encryption algorithm index arising from the ransomware attack as input to determine that the ransomware attack uses the ransomware algorithm (Tamir, [0043], “to identify ransomware”) in order to effect the predetermined responsive action to mitigate effects of the ransomware attack (Tamir, [0058]).

Regarding claim 3, discloses Tamir in view of Wang discloses the method of claim 1 as set forth above, and wherein the predetermined set of sample data includes a plurality of types of data including one or more of: access control credentials (Tamir, [0033], “credentials”). 
It is noted that “one or more of” is an alternative form, therefore the prior art need only satisfy at least one of: personal data; financial information; payment information; data marked confidential; data marked secret; a private encryption key; a digital signature; username information; password information; or access control credentials. 

	 Regarding claim 9, the computer system of claim 9 performs the method of claim 1. Tamir in view of Wang discloses the method of claim 1 as set forth above, and a computer system comprising (Tamir, Fig. 3 #350, [0039]): a processor (Tamir, Fig. 3 #352) and memory (Tamir, Fig. 3 #362) storing computer program code for identifying a ransomware algorithm (Tamir, Fig. 3 #380), the ransomware algorithm having associated a predetermined responsive action for mitigating effects of the ransomware algorithm in use (Tamir, Fig. 3 #388).

	Regarding claim 10, Tamir in view of Wang discloses the method of claim 1 as set forth above, and a non-transitory computer-readable storage medium storing a computer program element .

Claim 4-7 are rejected under 35 U.S.C. 103 as being unpatentable over Tamir and Wang in view of CHEN Z.G., et al., "Automatic Ransomware Detection and Analysis Based on Dynamic API Calls Flow Graph", In Proceedings of the International Conference on Research in Adaptive and Convergent Systems, September 2017, pp. 196-201, hereinafter Chen.
 
	Regarding claim 4, Tamir in view of Wang discloses the method of claim 1 as set forth above, but fails to disclose, wherein the index is converted to an input vector for the autoencoder by normalizing index entries and applying discretization of the normalized index entries to allocate normalized index entries to discrete input units of the autoencoder.
However, Chen teaches, wherein the index is converted to an input vector for the autoencoder by normalizing index entries (Chen, Sect. 3.4 Pg. 198 Col 2, “rescaling data”) and 
applying discretization of the normalized index entries to allocate normalized index entries to discrete input units of the autoencoder (Chen Sect. 3.4 Pg. 198 Col 2, “After normalizing”).
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Tamir in view of Wang to incorporate the teachings of Chen to include, wherein the index is converted to an input vector for the autoencoder by normalizing index entries and applying discretization of the normalized index entries to allocate normalized index entries to discrete input units of the autoencoder. Such modifications would be motivated to 

	Regarding claim 5, Tamir and Wang in view of Chen discloses the method of claim 4 as set forth above, and wherein an input value for each input unit of the autoencoder is normalized prior to training the autoencoder (Chen, Fig. 1 below).
[AltContent: arrow][AltContent: arrow][AltContent: textbox (Normalization occurs before training)]
    PNG
    media_image1.png
    200
    400
    media_image1.png
    Greyscale


	Regarding claim 6, Tamir in view of Wang discloses the method of claim 1 as set forth above, but fails to disclose wherein the autoencoder is trained using multiple training examples based on indices generated from repeated exposures of the target computer system to the ransomware algorithm.
However, Chen teaches wherein the autoencoder is trained using multiple training examples based on indices generated from repeated exposures of the target computer system to the ransomware algorithm (Sect. 4.3 Pg. 200).
wherein the autoencoder is trained using multiple training examples based on indices generated from repeated exposures of the target computer system to the ransomware algorithm. Such modifications would be motivated to evaluate the performance of the classifier (Chen, Sect. 4.3 Pg. 200).

	Regarding claim 7, Tamir in view of Wang discloses the method of claim 1 as set forth above, but fails to disclose wherein the autoencoder is trained using multiple training examples based on indices from a plurality of ransomware algorithms to which the target computer system is exposed so as to discriminate the plurality of ransomware algorithms. 
However, Chen teaches wherein the autoencoder is trained using multiple training examples based on indices from a plurality of ransomware algorithms to which the target computer system is exposed so as to discriminate the plurality of ransomware algorithms (Sect. 4.1 Pg. 199).
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Tamir in view of Wang to incorporate the teachings of Chen to include wherein the autoencoder is trained using multiple training examples based on indices from a plurality of ransomware algorithms to which the target computer system is exposed so as to discriminate the plurality of ransomware algorithms. Such modifications would be motivated “since there is no standard dataset for comparison” (Chen, 4.1 Pg. 199).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Tamir and Wang in view of Krasser et al. (US-PGPUB 2019/0026466 A1), hereinafter Krasser.

	Regarding claim 8, Tamir in view of Wang discloses the method of claim 1 as set forth above, and wherein the target computer system is one of a set of target computer systems (Tamir, [0030], “using one or more servers”) but fails to disclose each containing a different predetermined set of sample data, and the autoencoder is trained using multiple training examples based on indices from each of the target computer systems in the set. 
However, Krasser teaches each containing a different predetermined set of sample data (Fig. 1 #118, [0048], “data streams”), and the autoencoder is trained using multiple training examples based on indices from each of the target computer systems in the set (Fig. 1 #112, [0048]).
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Tamir in view of Wang to incorporate the teachings of Krasser to include each containing a different predetermined set of sample data, and the autoencoder is trained using multiple training examples based on indices from each of the target computer systems in the set. Such modifications would be motivated to determine whether the sample data is associated with ransomware (Krasser, [0048]).


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US-PGPUB 2019/0273510 A1 – Regarding a machine learning system for classifying variable length source data that may include known or unknown or novel malware.
Yousefi-Azar, M. et al. “Autoencoder-based feature learning for cyber security applications.” 2017 International Joint Conference on Neural Networks (IJCNN) (2017): 3854-3861. – Regarding training an autoencoder for both detection and classification of malware. 
Bost, R. et al. “Thwarting Leakage Abuse Attacks against Searchable Encryption - A Formal Approach and Applications to Database Padding.” IACR Cryptol. ePrint Arch. 2017 (2017): 1060. – Regarding countermeasures to protect searchable encryption schemes against common classes of leakage abuse attacks.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA NEIL GONZALES whose telephone number is (571)272-0286. The examiner can normally be reached 10:00 AM-7:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and 





/J.N.G./Examiner, Art Unit 2496                                                                                                                                                                                                        
/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496