DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claim 11 is  objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Claim Objections
Claims 2-16 are objected to because of the following informalities:  
Claim 2: states “the plurality of factors include” which should be “the plurality of factors includes”. 
Claims 3-4 are objected to based on their dependence on claim 2.
Claim 5: states “the plurality of factors include” which should be “the plurality of factors includes”. 
Claim 6 is objected to based on its dependence on claim 5.
Claim 7:  states “assigning an application score to each application of the applications, the application score indicating a degree of risk associated with the each application” – improper grammar, should state: “…associated with each plurality of applications”. These changes should be made throughout the claims. Claim 7 is also objected based on it’s dependence on claim 5.
Claim 8: Same issue as claim 7, “the each” should be changed to “each”. Claim 8 also is objected to based on its dependence on claims 5 and 7.
Claim 9: states “the plurality of factors include” which should be “the plurality of factors includes”. 
Claims 10-14 are objected to based on their dependence on objected claim 9.
Claim 15: states “the plurality of factors include” which should be “the plurality of factors includes”. 
Claim 16 is objected to based on its dependence on claim 15.
Appropriate correction is required.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –




(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-3, 5-10, 12-20 is/are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by U.S. PGPub. No. 2017/0346824 A1 to Mahabir et al. (hereinafter 'Mahabir').

Regarding claim 1:
Mahabir discloses:
a method comprising: evaluating, by a processor, security of a mobile device with respect to a plurality of factors (¶6: “providing a local risk assessment application to each of the mobile devices”); 
determining, by the processor, a temporal application score associated with the mobile device representing an evaluation of one or more applications on the mobile device over a time period (¶66: “The local risk assessment application can determine a plurality of application identifiers for a particular mobile device. Each application identifier identifies a mobile application installed on that mobile device. Each application identifier can include a plurality of identifying characteristics of a mobile device application, such as the application name, version, build, or other characteristics that may be used to identify the particular application and its expected operational characteristics.”); 
determining, by the processor, a vulnerability posture of the mobile device representing security exposures of an operating system version, a firmware version, or a hardware associated with the mobile device (¶78: “The risk assessment server may also determine a device risk level for a mobile device. The device risk level may be determined based on the application risk levels for that mobile device. The device risk level may be displayed in the local risk assessment application to inform a user of the level of risk their mobile device is currently exposed to.”);
determining, by the processor, security events associated with the mobile device and representing actions of a user associated with the mobile device (¶81: “In some cases, the local risk assessment application may also monitor device behavior on an ongoing basis. This may allow the local risk assessment application to identify risky user behaviors. Risky user behaviors generally refers to active steps taken by a user of the mobile device that may be risky, or may be risky in combination with other application risk factors. For example, the local risk assessment application may determine that the mobile device is located near to, or is in communication with networks in regions known to be more likely to be compromised. For example, the local risk assessment application may determine that the device is in communication with, or near to, cell networks that have been compromised. Risky user behaviors may also include actions such as the user accessing web locations using the device browser that may be compromised.”); 
determining, by the processor, a security score representing a security posture of the mobile device, the security score being based on the temporal application score, the vulnerability posture, and the security events associated with the mobile device (¶137: “For example, the plurality of application risk factors may be processed using an application risk model to determine the application risk level for the application. The application risk model may be stored in database 238. In general, the application risk model may be updated to reflect changes in the operations of mobile device 115, in network 110, or in behaviors of users or hackers. The application risk level may be determined as a score or rating using various scales or risk identifiers such as 0-10, 0-100, color scales (Red, Yellow, Green) etc.”); and 
providing, by the processor, the security score (¶139: “The local risk assessment application 218 may then generate a GUI to display to the user of mobile device 115 the current risk levels and risk factors. These GU ls may provide the user of mobile device 115 with an accurate rating of the level of risk that is represented by each of their apps, along with an explanation of what the impact of those risks could be to the user and their data, and recommendations on corrective actions the user can take to protect themselves.”).

Regarding claim 2:
Mahabir discloses:
the method of claim 1, wherein the plurality of factors include a comparison of current behavior with respect to the mobile device with prior-received behavior with respect to the mobile device (¶81).

Regarding claim 3:
Mahabir discloses:
the method of claim 2, wherein the current behavior and the prior-received behavior describe at least one of: device holding position; device typing behavior; device tapping behavior; application usage behavior; and browsing behavior (¶81).

Regarding claim 5:
Mahabir discloses:
¶68: “The local risk assessment application may communicate directly with the device operating system of the mobile device on which it is installed. This may allow the local risk assessment application to determine the application identifiers for the plurality of mobile applications installed on the mobile device. Similarly, this may allow the local risk assessment application to determine the device-specific parameters for the mobile device on which it is installed, such as the permission settings granted to the mobile device applications and whether location services are activated for example.”; ¶70: “Application characteristics generally define inherent operational characteristics of a mobile application. That is, the application characteristics generally relate to the operations of a mobile application that are inherent to the mobile application and may be similar across various mobile devices on which the application is installed.”; ¶71: “The application characteristics may include an application communication pattern. An application communication pattern generally refers to the receiving locations (e.g., IP addresses) that an app normally communicates with, and may also include the type of data transmitted to particular IP addresses. The application characteristics may also include an operating system interaction level. The operating system interaction level generally refers to the level of device OS that the app is interacting with.”).

Regarding claim 6:
Mahabir discloses:
the method of claim 5, wherein the characterization of the applications installed on the mobile device includes at least one of: 

evaluating a total number of the applications (¶68); 
evaluating a number of the applications that are not available from a trusted
application source; 
evaluating popularity of the applications; and 
evaluating a reputation score of developers of the applications.

Regarding claim 7:
Mahabir discloses:
discloses the method of claim 5, wherein the characterization of the applications installed on the mobile device includes: 
assigning an application score to each application of the applications, the application score indicating a degree of risk associated with the each application (¶139); and 
assigning a device score to the mobile device according to the application scores of the applications (¶139).

Regarding claim 8:
Mahabir discloses:
discloses the method of claim 7, wherein assigning the application score to the each application comprises assigning the application score according to factors including at least one of: 
¶67:“The local risk assessment application can also determine a plurality of device-specific parameters, each device-specific parameter defining operational characteristics of at least one of the mobile device and an application installed on the mobile device. The device-specific parameter can reflect operational aspects of a mobile application on a particular mobile device that may be altered by a user of the device, or may be different for different mobile devices. For example, the at least one device-specific parameter can include a permission setting defining a current permission setting for a particular mobile application on that mobile device”); 
whether network communication of the each application is encrypted; 
a reputation score of at least one of a software developers kit (SOK) and a library used by the each application; whether the each application is a current version (¶66); and 
a reputation score of a signer of the each application.

Regarding claim 9:
Mahabir discloses:
the method of claim 1, wherein the plurality of factors include a characterization of network activity of the mobile device (¶74: “The application risk factors can include inherent application risk factors and device-specific risk factors. Inherent application risk factors may be determined based on the application characteristics of a mobile application. For example, the inherent risk factors may include an application communication pattern with communications to receiving locations known to be malicious or comprised. The inherent risk factors may also include a particular operating system interaction level, as compromised apps will often communicate at a dangerously low level.").
Regarding claim 10:
Mahabir discloses:
the method of claim 9, wherein the characterization of the network activity of the mobile device includes at least one of:
a quantity of data transmitted using a wireless local area network; 
a quantity of data transmitted using a cellular communication network; 
a quantity of data received using a wireless local area network (¶81); and 
a quantity of data received using a cellular communication network.

Regarding claim 12:
Mahabir discloses:
discloses the method of claim 9, wherein the characterization of the network activity of the mobile device
includes at least one of: a reputation score of addresses referenced in the network activity; a number of browsing requests in the network
activity that are blocked; a reputation score of wireless networks referenced by the network activity; and presence of suspicious name
resolution traffic in the network activity (¶81).

Regarding claim 13:
Mahabir discloses:
the method of claim 9, wherein the characterization of the network activity of the mobile device includes at least one of: whether the mobile device is functioning as a wireless network ¶139).  

Regarding claim 14:
Mahabir discloses:
the method of claim 9, wherein the characterization of the network activity of the mobile device includes: a location of the mobile device at a first location while accessing a wireless network associated with a second location different from the first location (¶81).


Regarding claim 15:
Mahabir discloses:
the method of claim 1, wherein the plurality of factors include a characterization of browsing activity of the mobile device (¶81).

Regarding claim 16:
Mahabir discloses:
the method of claim 15, wherein the characterization of browsing activity includes at least one of: 
a type of browser used; categories of sites visited; 
a number of browsing requests that are blocked; and 
references to known suspicious addresses in the browsing activity (¶81).

Regarding claim 17:
Mahabir discloses:
the method of claim 1, wherein the security score is a single numerical value from a range of numerical values. (¶137).

Regarding claim 18:
Mahabir discloses:
the method of claim 1, further comprising: displaying, on the mobile device, values for the plurality of factors and the security score and interface elements for promoting improvement of the security score (¶79: “The risk assessment server may also determine a corrective action for a mobile device. The corrective action may be determined in order to reduce the device risk level for the mobile device. In some cases, the corrective action may be determined to reduce the application risk level for one or more mobile application installed on the mobile device. For example, corrective action may be determined to reduce the application risk level for one or more mobile applications having the highest risk level on a particular mobile device. In some cases, the corrective action may be removing the risky mobile application or modifying the application permission setting for a mobile application.”).

Regarding claim 19:
In addition to the citations given in claim 1 which are analogous to those found in claim 19, Mahabir also discloses:
a mobile device comprising: one or more processing devices (¶6); 

evaluate security of a mobile device with respect to a plurality of factors (¶6);  
determine a temporal application score associated with the mobile device representing an evaluation of one or more applications on the mobile device over a time period (¶66); 
determine a vulnerability posture of the mobile device representing security exposures of an operating system version, a firmware version, or a hardware associated with the mobile device (¶781);
determine security events associated with the mobile device and representing actions of a user associated with the mobile device (¶81); 
determine a security score representing a security posture of the mobile device, the security score being based on the temporal application score, the vulnerability posture, and the security events associated with the mobile device (¶137); and 
provide the security score (¶139).

Regarding claim 20:
In addition to the citations given in claim 1 which are analogous to those found in claim 20, Mahabir also discloses:
a non-transitory computer-readable medium storing executable code that, when executed by one or more processing devices of a mobile device, causes the one or more processing devices to: evaluate security of a mobile device with respect to a plurality of factors (¶6); 
66); 
determine a vulnerability posture of the mobile device representing security exposures of an operating system version, a firmware version, or a hardware associated with the mobile device (¶78); 
determine security events associated with the mobile device and representing actions of a user associated with the mobile device (¶81); 
determine a security score representing a security posture of the mobile device, the security score being based on the temporal application score, the vulnerability posture, and the security events associated with the mobile device (¶137); and provide the security score (¶139).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Mahabir, and further in view of US 2013/0318613 A1 to ARCHER et al. (hereinafter “Archer”).

Regarding claim 4:
Mahabir discloses:
the method of claim 2. 
However, Mahabir does not disclose further comprising: 


However, Archer discloses further comprising: 
training, on the mobile device, a machine learning model according to the prior-received behavior; and inputting, on the mobile device, the current behavior to the machine learning model to obtain a characterization of the current behavior (¶9: “Techniques described herein may provide for systems and/or methods that assess the security and/or other attributes (e.g., reliability) of mobile applications. The security assessment may be implemented as a security score that is generated for mobile applications. The security score, for a mobile application, may be based on a automated predictive analytics applied to mobile application data. A user may be able to view the security score of a mobile application that the user is considering installing"; claim 3 " The method of claim 2; w here the predictive analytic techniques include techniques based on regression-based models, discrete choice models, machine learning techniques, or neural network-based techniques.”). 

It would have been obvious to one of ordinary skill in the art to combine the mobile device application monitoring of Mahabir with the machine learning functionality of Archer to implement enhanced application characterization and analysis. (See Archer ¶3).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Alexander Lagor whose telephone number is (571)270-5143. The examiner can normally be reached Monday thru Friday, 9:00 AM to 5:00 PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashokkumar B. Patel can be reached on (571) 272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALEXANDER LAGOR/            Primary Examiner, Art Unit 2491