DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Examiner Note

Claim limitation has been interpreted under 35 U.S.C. 112, sixth paragraph
Claim 14, limitations reciting various “unit” (e.g. “a patch area generation unit; a patch execution unit, …”; have been interpreted under 35 U.S.C. 112, sixth paragraph, because the limitation(s) uses a non-structural term (“unit”) coupled with functional language without reciting sufficient structure to achieve the function.  Furthermore, the non-structural term is not preceded by a structural modifier.
Since this claim limitation invokes 35 U.S.C. 112, sixth paragraph, claim(s) are interpreted to cover the corresponding structure described in the specification that achieves the claimed function, and equivalents thereof.  
A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112, sixth paragraph limitation.
If applicant wishes to provide further explanation or dispute the examiner’s interpretation of the corresponding structure, applicant must identify the corresponding structure with reference to the specification by page and line number, and to the drawing, if any, by reference characters in response to this Office action. 
not wish to have the claim limitation treated under 35 U.S.C. 112, sixth paragraph, applicant may amend the claim so that it will clearly not invoke 35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112, sixth paragraph.
For more information, see Supplementary Examination Guidelines for Determining Compliance with 35 U.S.C. § 112 and for Treatment of Related Issues in Patent Applications, 76 FR 7162, 7167 (Feb. 9, 2011).


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 4-8, 12-13 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Pappas (Pub. No. US 2015/0089656).

As per claim 1, Pappas discloses a method for patching a vulnerability of a binary, the method being performed on a computing device, and comprising: inserting a patch code block in a target binary (…applying selected binary patch…see par. 22-23); and replacing at least some instructions in an area where the vulnerability exists in the target binary with a first instruction to jump to the patch code block (…by applying a selected binary patch, i.e. by replacing in the binary files the portion identified to be defective with a patch, the system can modify insecure instruction patterns to transform them into more secure ones…see par. 23), wherein the patch code block comprises: a second instruction to resolve the vulnerability (the replacement patch can invoke the functions that may be vulnerable to unchecked data using the filtered, sanitized data…see par. 27); and a third instruction to jump to a fourth instruction next to the first instruction replaced in the area where the vulnerability exists (see par. 23).


As per claim 8, Pappas discloses a method for patching a vulnerability of a binary, the method being performed on a computing device, and comprising: inserting a patch code block in a target binary (…applying selected binary patch…see par. 22-23); and replacing at least some instructions in an area where the vulnerability exists in the target binary with a first instruction to jump to the patch code block (…by applying a selected binary patch, i.e. by replacing in the binary files the portion identified to be defective with a patch, the system can modify insecure instruction patterns to transform them into more secure ones…see par. 23), wherein the patch code block comprises a second instruction to determine whether a crash occurs at runtime (see par. 27-28).


As per claim 14, Pappas discloses a device for patching a vulnerability of a binary, comprising: a patch area generation unit; and a patch execution unit, wherein the patch area generation unit is configured to: search for a free area among text areas of a target binary; add an area for a patch code to the target binary based on a size of the free area being less than a size of the patch code; and determine a patch area into which the patch code is to be inserted in the target binary (see par. 23-24), wherein patch execution unit is configured to: insert the patch code in the patch area; and replace at least some instructions in an area where the vulnerability exists in the target binary with a first instruction to jump to the patch area (…by applying a selected binary patch, i.e. by replacing in the binary files the portion identified to be defective with a patch, the system can modify insecure instruction patterns to transform them into more secure ones…see par. 23), wherein the patch code comprises: a second instruction to resolve the vulnerability (the replacement patch can invoke the functions that may be vulnerable to unchecked data using the filtered, sanitized data…see par. 27); and a third instruction to jump to a fourth instruction next to the first instruction replaced in the area where the vulnerability exists (see par. 23).


As per claim 4, Pappas discloses wherein a size of the target binary does not change by the insertion of the patch code block (see par. 23).


As per claim 5, Pappas discloses wherein inserting the patch code block comprises: searching for a free area among text areas of the target binary; and writing the patch code block within the free area (see par. 23-24).


As per claim 6, Pappas discloses wherein inserting the patch code block comprises: adding an area for the patch code block to the target binary, and writing the patch code block within the added area (see par. 23-24).


As per claim 7, Pappas discloses wherein inserting the patch code block comprises: searching for a free area among text areas of the target binary; comparing a size of the free area with a size of the patch code block; and in response to determining that the size of the free area is less than the size of the patch code block, adding an area for the patch code block to the target binary, and writing the patch code block in the added area (see par. 23).


As per claim 12, Pappas discloses wherein inserting the patch code block comprises: searching for a free area among text areas of the target binary; and writing the patch code block within the free area (see par. 26-27).


As per claim 13, Pappas discloses wherein inserting the patch code block comprises adding an area for the patch code block to the target binary, and writing the patch code block within the added area (see par. 26).






Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 3, 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Pappas (Pub. No. US 2015/0089656) in view of Mantripradada et al (Pub. No. US 2006/0288420).

As per claim 2, Pappas does not disclose one of the instructions of the prologue of the function; and a fifth instruction to initialize a stack frame of the function. However Mantripradada discloses wherein the at least some instructions being replaced are instructions of a prologue of a function including the area where the vulnerability exists, wherein the patch code block further comprises: one of the instructions of the prologue of the function; and a fifth instruction to initialize a stack frame of the function (…an event generated by the protective software indicating an abnormal property detected, with the offending target location present on the stack, an area in memory that stores temporary register information parameter, and return addresses of subroutines for the protective software…see par. 40). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Mantripradada in Pappas for including the above limitations because one ordinary skill in the art would recognize it would further maintain 



As per claim 3, the combination of Pappas and Mantripradada discloses wherein the fifth instruction to initialize the stack frame comprises a sixth instruction to initialize data of the stack frame, the stack frame being identified by a value of a stack pointer register and a value of a base pointer register (Mantripradada: see par. 151). the motivation for claim 3 is the same motivation as in claim 2 above.


As per claim 9, the combination of Pappas and Mantripradada discloses wherein the patch code block comprises: a third instruction to stop execution of the target binary in response to determining that a crash occurs at runtime; and a fourth instruction to jump to a fifth instruction next to the first instruction replaced in the area where the vulnerability exists in response to determining that the crash does not occur at runtime (Mantripradada: see par. 39, 88). The motivation for claim 9 is the same motivation as in claim 2 above.


As per claim 10, the combination of Pappas and Mantripradada discloses wherein the crash comprises a crash due to abnormal memory access, and wherein the second instruction to determine comprises a sixth instruction to determine an execution flow of the binary based on a value of a register used as an operand of a seventh instruction that accesses a memory among at least some instructions in the area where the vulnerability exists (Mantripradada: see par. 90-91). The motivation for claim 10 is the same motivation as in claim 2 above.


As per claim 11, the combination of Pappas and Mantripradada discloses wherein the abnormal memory access comprises at least one of null pointer use, buffer over-write, and buffer under-write (Mantripradada: see par. 108). The motivation for claim 11 is the same motivation as in claim 2 above.





Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to inserting patch code that supplement a vulnerability of a binary into the binary.

Gochee (Pat. No. US 5732272); “Subroutine Execution Time Tracker”;



Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 5712724219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2436