DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
The rejection under 35 U.S.C. 101 has been withdrawn due to the cancellation of claims 7-11.
The claim object for claims 1 and 3 has been withdrawn due to the amended claims. 
Applicant's arguments filed 11/16/21 have been fully considered but they are not persuasive. Applicant argues that the prior art, Friedrich, does not disclose “on a multimedia system, making a decision as to whether the client application that initiates an invocation is a malicious application and if yes, return Selection failure to the client application”. Examiner disagrees and maintains that the prior art, Friedrich, discloses this limitation in claim 1, by its application determining whether it is malicious or not. The application assigns a disposition, which discloses whether it is good or bad. Therefore, the prior art, Friedrich, discloses the limitation in claim 1, disclosing making a decision as to whether an application is malicious or not.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-2 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Prakash (US 20140075496) in view of Friedrich (US 20160098560) in view of Vetillard (US 20140317686).
As per claim 1, Prakash discloses a method for access control of a multimedia system to a secure operation system, comprising: 
At the multimedia system, initiating an application access request for selecting a trusted application from a client application of a multimedia system to a secure operating system (Prakash, Para. 0027, Secure transactions (e.g., requests and responses from applications 104 b) may be processed through TEE middleware module 206 which provides an additional interface level between sensor access framework API 202 and the TEE access drivers 210); 
Prakash does not disclose; however, Friedrich discloses at the multimedia system, making a decision as to whether the client application that initiates an invocation is a malicious application, if yes, returning Selection Failure to the client application and performing an interrupt handling, and if not, the method further comprising: (Friedrich, Para. 0040, If an application is conclusively determined to be malicious (i.e., it corresponds to malware), then it is assigned a malign or bad disposition. In this case the application is either deleted outright from the system, though typically it is put in a special quarantine location so that it can be restored should there have been an error in calling it malicious. Also, Para. 0043-0044, If an application is conclusively determined to be non-malicious by anti-malware software, then it is assigned a disposition of clean or good. In this case, the application is typically allowed to continue its execution on the system. If the anti-malware software is unable to conclusively determine whether an application is good or bad, then a disposition of unknown is assigned. The extent to which a determination must be conclusive depends on the particular situation.); 
Therefore it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Friedrich with the system and method of Prakash given the benefit of detecting malicious software (malware) on a general purpose computing device.
Prakash and Friedrich do not disclose; however, Vetillard discloses at the multimedia system, sending the application access request from the multimedia system to the secure operating system (Vetillard, Para. 0027, a client application that is executed within rich operating system environment 210 can establish a connection with TEE proxy 245, and can send one or more requests to execute an operation to TEE proxy); and 
at the secure system acquiring a trusted application and returning the trusted application to the multimedia system based on the application access request at the secure operating system (Vetillard, Para. 0027, TEE proxy 245 can receive the one or more requests, and establish a connection with TEE 280. TEE proxy 245 can further send one or more requests to execute an operation to a trusted application that is executed within TEE 280. TEE proxy 245 can further receive one or more responses from the trusted application that is executed within TEE 280).
Therefore it is obvious to one ordinary skilled in the art before the effective filing

As per claim 2, Prakash discloses the method according to claim 1, wherein the step of making the decision comprises the sub-steps of: 
acquiring an application identification of the client application that initiates the invocation (Prakash, Para. 0028, The TEE firmware sensor drivers 212 may check the requests for sensor context data made by applications 104 b to verify that the applications are authorized to receive such data and/or process it securely. The verification may be accomplished through the use of private/public key encryption, digital signatures, passwords, credentials or any other suitable security technique.); 
Prakash and Vetillard does not disclose; however, Friedrichs discloses deciding whether the client application is a malicious application based on the application identification (Friedrich, Para. 0040, If an application is conclusively determined to be malicious (i.e., it corresponds to malware), then it is assigned a malign or bad disposition. In this case the application is either deleted outright from the system, though typically it is put in a special quarantine location so that it can be restored should there have been an error in calling it malicious. Also, Para. 0043, If an application is conclusively determined to be non-malicious by anti-malware software, then it is assigned a disposition of clean or good. In this case, the application is typically allowed to continue its execution on the system.); and
(Friedrich, Para. 0040, If an application is conclusively determined to be malicious (i.e., it corresponds to malware), then it is assigned a malign or bad disposition. In this case the application is either deleted outright from the system, though typically it is put in a special quarantine location so that it can be restored should there have been an error in calling it malicious. Also, Para. 0043-0044, If an application is conclusively determined to be non-malicious by anti-malware software, then it is assigned a disposition of clean or good. In this case, the application is typically allowed to continue its execution on the system. If the anti-malware software is unable to conclusively determine whether an application is good or bad, then a disposition of unknown is assigned. The extent to which a determination must be conclusive depends on the particular situation.);
Therefore it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Friedrich with the system and method of Prakash and Vetillard given the benefit of detecting malicious software (malware) on a general purpose computing device.
As per claim 5, Prakash and Vetillard do not disclose; however, Friedrichs discloses the method according to claim 4, wherein the step of acquiring the trusted application further comprises: at the multimedia system, acquiring the trusted application selection result, deciding whether the client application is a malicious application based on a rule condition prestored therein, and if yes, registering the client application in the malicious application registry (Friedrich, Para. 0040, If an application is conclusively determined to be malicious (i.e., it corresponds to malware), then it is assigned a malign or bad disposition. In this case the application is either deleted outright from the system, though typically it is put in a special quarantine location so that it can be restored should there have been an error in calling it malicious. Also, Para. 0043, If an application is conclusively determined to be non-malicious by anti-malware software, then it is assigned a disposition of clean or good. In this case, the application is typically allowed to continue its execution on the system.; Also, Para.0059, logging data ); 
Therefore it is obvious to one ordinary skilled in the art before the effective filing
date of the claimed invention to incorporate the teaching of Friedrich with the system and method of Prakash and Vetillard given the benefit of detecting malicious software (malware) on a general purpose computing device.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Prakash (US 20140075496) in view of Friedrich (US 20160098560) in view of Vetillard (US 20140317686) in view of Baumhof (US 20130007838).
As per claim 6, Prakash, Friedrichs and Vetillard do not disclose; however, Baumhof discloses the method according to claim 5, wherein the rule condition is set as: 
the times that the client application fails to acquire the trusted applications exceeds a prescribed number (Baumhof, Para. 0086, The evaluation of how and whether the client computer 20 complies with a particular security policy may be in the form of binary yes/no attributes, but are not limited in this manner and could also involve a percentage threshold). 
Therefore it is obvious to one ordinary skilled in the art before the effective filing
.
Allowable Subject Matter
Claims 3 and 4 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Honkasalo (US 20040223602): A mechanism for controlling connection parameters for a communication connection between network elements is disclosed. When the communication connection is initialized, an authorization for the connection parameters of services is requested from a policy control entity which decides on connection parameters to be authorized for the communication connection and on service types which can be provided for the communication connection. A decision message is sent to a communication control network element wherein the decision message comprises the authorization for the connection parameters, service types usable for the communication connection, and an information portion indicating, for each service, whether or not the policy control entity controls a further authorization regarding at least one of the indicated service types in the communication connection. The decision message is enforced in the communication connection by the communication control network element.
Widegren (US 20020120749): Using session signaling, a multimedia session with plural media data streams is initiated between the mobile terminal and a remote host coupled to a packet data network. The mobile terminal is coupled to the packet data network and to a multimedia system that provides multimedia session services by way of an access point. A plurality of packet access bearers is established between the mobile terminal and the access point to transport corresponding ones of the media data streams between the mobile terminal and the access points. The media binding information is created for each media data stream. The media binding information associates each media data stream in the session to one of the media packet access bearers and is used to provide session-based control of each of the media packet access bearers. Different example techniques for generating/providing the media information are disclosed.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANGELA R HOLMES whose telephone number is (571)270-3357. The examiner can normally be reached Monday-Friday 8:00AM-4:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANGELA R HOLMES/Examiner, Art Unit 2498                                                                                                                                                                                                        
/THANHNGA B TRUONG/Primary Examiner, Art Unit 2498