Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
1.	Claims 1 and 16 have been amended. Claims 1-20 have been examined.

2.	Applicant's arguments filed 02/23/2022 have been fully considered but they are not persuasive.

Claim Interpretation
3.	For claims 4, 8 and 17, the phrases “at least one of” and “or” have been given the broadest, reasonable interpretation of only requiring a single element from the given list in order to satisfy the requirements of the limitation.

4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

5.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.


Claim Rejections - 35 USC § 102
6.	Claims 1, 4, 7, 16-17 and 20 are rejected under pre-AIA  35 U.S.C. 102(b) as being anticipated by Ungar (U.S. Patent 6,282,702).
	For claims 1 and 16, Ungar teaches a method and computing device, comprising:
	a processor; and
	a non-transitory computer-readable medium having instructions stored thereon that, when executed by the processor, cause the processor to perform operations comprising:
	monitoring a native code module for an occurrence of a security event while the native code module is running, the security event indicating a bug in the native code module (note column 10, line 63 through column 11, line 5, execution of native code includes the insertion of checks for memory access bugs and replacement of blocking system calls),
	detecting the occurrence of the security event (note column 11, lines 38-48, memory access calls are detected); and
	in response to the detecting, performing one or more procedures to reduce a risk associated with the security event (note column 11, lines 38-48, signals are created to reduce risk of illegal memory access events; column 11, lines 52-58, non-blocking variants of blocking calls are inserted and yield() functions are inserted, which reduces risk of synchronization and concurrency-related bugs).

	For claims 4 and 17, Ungar teaches claims 1 and 16, wherein the security event is at least one of an infinite loop, the native code module attempts to allocate excessive 

	For claims 7 and 20, Ungar teaches claim 17, wherein the operations performed by the processor further comprise using data integrity checkers when the security event is the data output by the native code module that does not follow a valid format (note column 13, lines 10-23, read/write output pointer is check to see if it is valid).


Claim Rejections - 35 USC § 103
7.	Claim 2 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Ungar and further in view of Yu et al. (U.S. Patent Application Publication 2006/0143689; hereafter “Yu”), and further in view of Liu (U.S. Patent Application Publication 2007/0266373).
	For claim 2, Ungar differs from the claimed invention in that they fail to teach:
receiving, by the computing device, the native code module, wherein the native code module includes a set of program instructions that match an instruction set architecture of the computing device;
loading the native code module into a memory of the computing device;
identifying, by the computing device, a set of validation criteria that are to ensure safe execution of the native code module on the computing device, 


receiving, by the computing device, the native code module, wherein the native code module includes a set of program instructions that match an instruction set architecture of the computing device (note paragraph [0065], block 101, receiving the native code);
loading the native code module into a memory of the computing device (note paragraph [0065], block 101, receiving the native code);
identifying, by the computing device, a set of validation criteria that are to ensure safe execution of the native code module on the computing device (note paragraph [0067], verification uses security policy and paragraph [0097], security policy contains three components).

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the native code translation of Ungar and the native code verification of Yu. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of validating native code complies with a security policy (Yu) and translating native code instructions that are to remove errors (Ungar).


The combination of Ungar and Yu differs from the claimed invention in that they fail to teach:


Liu teaches:
wherein the set of validation criteria is specific to the instruction set architecture of the computing device (note paragraphs [0025]-[0026], platform specific restricted instructions);

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the combination of Ungar and Yu and the platform specific restricted instructions of Liu. It would have been obvious because a simple substitution of one known element (restricted instructions of Liu) for another (policy restrictions of Yu) would yield the predictable results of verifying native code (Yu) by comparing instructions with policy list of restricted instructions (Liu).


8.	Claims 5, 8 and 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Ungar as applied to claims 4 and 17 above, and further in view of Yu (U.S. Patent Application Publication 2008/0072323; hereafter “‘323”)
	For claims 5 and 18, Ungar differs from the claimed invention in that they fail to teach:


	‘323 teaches:
	wherein the operations performed by the processor further comprise using a loop timer to stop execution of the native code module when the security event is the infinite loop (note paragraphs [0081]-[0082], a timing tag is used to prevent branches that result in infinite loops).

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the native code translation of Ungar and the timing enforcement of ‘323. One of ordinary skill would have been motivated to combine Ungar and ‘323 because performing timing enforcement of branches would prevent timing-related covert channel attacks (note paragraph [0010] of ‘323).


	For claim 8, the combination of Ungar and ‘323 teaches claim 4, further comprising applying techniques that eliminate or reduce bandwidth of at least one covert channel when the security event is an existence of the at least one covert channel (note paragraphs [0079]-[0082], [0116]-[0122], non-terminating loops and high variable outputs are eliminated to prevent timing channel leakage).

.


9.	Claims 6 and 19 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Ungar as applied to claims 4 and 17 above, and further in view of Burtscher (U.S. Patent Application Publication 2008/0028388).
	For claims 6 and 19, Ungar differs from the claimed invention that they fail to teach:
	wherein the operations performed by the processor further comprise using a memory limit and tracking system when the security event is the native code module attempts to allocate excessive amounts of memory.

	Burtscher teaches:
	wherein the operations performed by the processor further comprise using a memory limit and tracking system when the security event is the native code module attempts to allocate excessive amounts of memory (note paragraph [0040], process loader stops memory allocation request for an excessive amount of memory).

.


10.	Claim 10 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Ungar as applied to claim 1 above, and further in view of McCullough et al. (U.S. Patent Application Publication 2008/0134147; hereafter “McCullough”).
	For claim 10, Ungar differs from the claimed invention in that they fail to teach:
	wherein the native code module is configured to communicate with one or more other native code modules and external applications using shared memory buffers managed by a service runtime.

	McCullough teaches:
	wherein the native code module is configured to communicate with one or more other native code modules and external applications using shared memory buffers managed by a service runtime (note paragraphs [0021] and [0037], applications communicate by writing to shared memory).

.


11.	Claims 11-12 rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the combination of Ungar and McCullough as applied to claim 10 above, and further in view of Greiner et al. (U.S. Patent Application Publication 2009/0216963; hereafter “Greiner”).
	For claim 11, the combination of Ungar and McCullough differs from the claimed invention in that they fail to teach:
	further comprising providing an abstraction for memory handles used to access the shared memory buffers.

	Greiner teaches:
	further comprising providing an abstraction for memory handles used to access the shared memory buffers (note paragraphs [0015]-[0017], shared memory object (SMO) is an abstract index to system addresses that are shared by programs).




	For claim 12, the combination of Ungar, McCullough and Greiner teaches claim 11, further comprising translating the memory handles to addresses (note paragraphs [0017] and [0039] of Greiner, SMO is translated to address).

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the combination of Ungar and McCullough and the SMO of Greiner. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of allowing executing modules to communicate information by writing to a shared memory (McCullough) using an abstract index to the shared memory address (Greiner).


12.	Claim 13 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the combination of Ungar and McCullough as applied to claim 10 above, and further in Moser et al. (U.S. Patent Application Publication 2002/0188930; hereafter “Moser”).
	For claim 13, the combination of Ungar and McCullough differs from the claimed invention in that they fail to teach:
	wherein the native code modules and the external applications are multi-threaded, the computer-implemented method further comprising using mutex to ensure safe concurrent access to shared memory buffers and prevent data races.

	Moser teaches:
	wherein the native code modules and the external applications are multi-threaded, the computer-implemented method further comprising using mutex to ensure safe concurrent access to shared memory buffers and prevent data races (note paragraph [0052], multi-thread environment uses mutex to control access of shred memory and prevent race conditions).

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the combination of Ungar and McCullough and the mutex of Moser. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of allowing executing modules to communicate information by writing to a shared memory (McCullough) using a mutex to prevent race conditions when using the shared memory (Moser).


14 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the combination of Ungar and McCullough as applied to claim 10 above, and further in view of Praitis et al. (U.S. Patent Application Publication 2009/0183155; hereafter “Praitis”).
	For claim 14, the combination of Ungar and McCullough differs from the claimed invention in that they fail to teach:
	further comprising the native code module implementing a message loop that receives at least one of messages or requests from the external applications or the service runtime using the shared memory buffers.

	Praitis teaches:
	further comprising the native code module implementing a message loop that receives at least one of messages or requests from the external applications or the service runtime using the shared memory buffers (note paragraph [0032], a message loop is used for communication in the shared buffer).

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the combination of Ungar and McCullough and the message loop of Praitis. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of allowing executing modules to communicate information by writing to a shared memory (McCullough) using a message loop (Praitis).


14.	Claim 15 rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over the combination of Ungar, McCullough and Praitis as applied to claim 14 above, and further in view of Greiner.
	For claim 15, the combination of Ungar, McCullough and Praitis differs from the claimed invention in that they fail to teach:
	further comprising the native code module receives messages or requests from the external applications that include handles referring to the shared memory buffers.

	Greiner teaches:
	further comprising the native code module receives messages or requests from the external applications that include handles referring to the shared memory buffers (note paragraphs [0015]-[0017], shared memory object (SMO) is an abstract index to system addresses that are shared by programs).

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the combination of Ungar, McCullough and Praitis and the SMO of Greiner. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of allowing executing modules to communicate information by writing to a shared memory (McCullough) using an abstract index to the shared memory address (Greiner).


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 


15.	Claims 1-3 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10685123 in view of Ungar. 
For claims 2, 10685123 teaches:	receiving, by the computing device, the native code module, wherein the native code module includes a set of program instructions that match an instruction set architecture of the computing device (note claim 1, “receiving…”);
loading the native code module into a memory of the computing device (note claim 1, “loading…”);
identifying, by the computing device, a set of validation criteria that are to ensure safe execution of the native code module on the computing device (note claim 1, “identifying…”).

10685123 differs from the claimed invention in that they fail to teach:
the limitations of claim 1

Unger teaches the limitations of claim 1 as shown in the rejection above.

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the native code validation of 10685123 and the native code translation of Ungar. It would have been obvious because combining prior art elements according to known methods would yield the predictable results of validating native code complies with a security policy (10685123) and translating native code instructions that are to remove errors (Ungar).

For claim 3, the combination of 10685123 and Ungar teaches claim 2, further comprising:
determining, by the computing device, after the native code module has been loaded into the memory of the computing device but before the native code module is executed on the computing device (note claim 1 of 10685123, “determining…”), (1) whether the native code module complies with the set of validation criteria that are to ensure safe execution of the native code module on the computing device (note claim 1 of 10685123, “(1)…”), and (2) that a set of instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and a set of control flow instructions in the native code module have valid targets (note claim 1 of 10685123, “(2)…”); and in response to determining that the native code module complies with the set of validation criteria and that the set of instructions in the native code module are aligned along the byte .

16.	Claims 1-3 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 9710654 in view of Ungar. 
For claims 2, 9710654 teaches:	receiving, by the computing device, the native code module, wherein the native code module includes a set of program instructions that match an instruction set architecture of the computing device (note claim 11, “receiving…”);
loading the native code module into a memory of the computing device (note claim 11, “loading…”);
identifying, by the computing device, a set of validation criteria that are to ensure safe execution of the native code module on the computing device (note claim 11, “complies with a set of security constraints…”).

9710654 differs from the claimed invention in that they fail to teach:
the limitations of claim 1

Unger teaches the limitations of claim 1 as shown in the rejection above.

It would have been obvious to one of ordinary skill in the art at the time of the claimed invention to combine the native code validation of 9710654 and the native code translation of Ungar. It would have been obvious because combining prior art elements 

For claim 3, the combination of 9710654 and Ungar teaches claim 2, further comprising:
determining, by the computing device, after the native code module has been loaded into the memory of the computing device but before the native code module is executed on the computing device (note claim 11 of 9710654, “determining…”), (1) whether the native code module complies with the set of validation criteria that are to ensure safe execution of the native code module on the computing device (note claim 11 of 9710654, “set of constraints…”), and (2) that a set of instructions in the native code module are aligned along byte boundaries such that a specified set of byte boundaries always contain a valid instruction and a set of control flow instructions in the native code module have valid targets (note claim 19 of 9710654, “byte boundaries …”); and in response to determining that the native code module complies with the set of validation criteria and that the set of instructions in the native code module are aligned along the byte boundaries, executing the native code module on the computing device (note claim 19 of 9710654, “byte boundaries…”).


Allowable Subject Matter
17.	Claim 9 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

18.	Claim 3 would be allowable if rewritten to overcome the nonstatutory double patenting rejection(s) with a timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) and to include all of the limitations of the base claim and any intervening claims.

Response to Arguments
19.	For the double patenting rejection Applicant argues, “the Office Action does not point out how claims of any application or patent related to the instant application relate to the invention of independent claim 1” (note Remarks, page 6) and “the Office Action fails to show how independent claim 1 in the instant application includes obvious variations on a. claim in an earlier patent related to the instant application” (note Remarks, page 7).
	Examiner disagrees. While claim 1 was left out of the double patenting rejection headers due to typographical error, claim 1 of the instant was shown to be an obvious variation of claims of U.S. Patents 10685123 and 9710654 in the rejections above.
	As noted in the above rejections, the limitations of claims 2-3 of instant application are the same as limitations of claim 1 of 10685123 and claim 11 of 9710654. In both rejections, the difference between claims 2-3 of the instant application and the 
	Therefore, the combination of 10685123 and Ungar teaches claims 1-3 making claims 1-3 of the instant application an obvious variation of 10685123. Similarly, the combination of 9710654 and Ungar teaches claims 1-3 and claims 1-3 of the instant application are an obvious variation of 9710654.


	For claims 1 and 16, Applicant argues, “the Office Action does not cite any portions of Ungar to support these allegations with regard to claim 16. Further, the Office Action does not even mention the computing device of claim 1 or where such a feature is disclosed by Ungar” (note Remarks, page 8).
	Examiner disagrees. While Examiner did not give an explicit citation for a “computing device” or a “processor” and “non-transitory medium”, Examiner did cite column 10, line 63 through column 11, line 5 for the “monitoring” method step which in the claim is performed “by a computing device”. In column 10, lines 62-64, Ungar states, “…the native code of the linked library is processed and executed by components of the virtual machine…” As this is code executed by a virtual machine, it is clearly performed “by a computing device” comprising “a processor” and “a non-transitory medium” which stores instructions executed by the processor. This can further be seen throughout the 


	For claims 1 and 16, Applicant further argues, “Ungar does not teach or suggest monitoring the ‘linked library’ (i.e., a native code module) for an occurrence of a security event while the native code module is running, the security event indicating a bug in the native code module. Rather, Ungar discloses ‘the insertion of checks for memory access bugs’, but Ungar is silent with regard to monitoring for an occurrence of a security event that indicates that there is a bug in the linked library (i.e., a native code module)” (note Remarks, pages 8-9).
	Examiner disagrees. As noted in above, in column 10, line 63 through column 11, line 5 discloses enhanced debugging of native code functions within a linked library which includes a binary translation procedure.
	The binary translation may be performed at all times including during normal operation (note column 11, lines 12-15) and in some instances is performed after execution of portions or branches of other code are executed (note column 12, lines 17-26). In other words, the binary translation may occur “while the native code is running”.
	The binary translation determines locations of memory access calls (i.e. security events). Memory access calls may be memory access bugs, such as wild pointers (note 
	The processing of the memory access call and check operation can further be seen in Fig. 6B and column 13, lines 4-24. When a read or write operation is attempted, a check operation determines whether the pointer value is within legal range.
	In other words, the processing and execution of native code of the linked library (i.e. native code module) includes binary translation which determines locations of memory access calls and inserts checks for memory access bugs (i.e. security events indicating a bug). When the code is executed and the check operations are inserted and then performed it teaches “monitoring, by a computing device, a native code module for an occurrence of a security event while the native code is running, the security event indicating a bug in the native code module” as required the claims.

	The check operation checks if the pointer is within legal range or if it is illegal. If the pointer is illegal, the system teaches “detecting, by the computing device, the occurrence of the security event” as required by the claims.

	If the check operation detects that the pointer is invalid, a flag operation is performed to signal an access violation (note column 13, lines 10-24). The signal is used to reduce the risk associated with the memory access bug by displaying an error message, logging an error, throwing an exception or some combination used in debugging (note column 11, lines 41-47). Therefore, Ungar teaches, “in response to the 

	In addition to the memory access checks, Ungar discloses the identification of blocking system class (note column 11, lines 52-54). Blocking system calls may be indicative of synchronization or concurrency-related bugs (note column 11, lines 66-67). In other words, blocking system calls are a “security event indicating a bug in the native code module”.
	Therefore, in step 503, the identification of blocking system calls further discloses “detecting, by the computing device, the occurrence of the security event”.

	Then in column 11, lines 52-58, Ungar discloses non-blocking variants of blocking calls are inserted and yield() functions are inserted, which reduces risk of synchronization and concurrency-related bugs. In other words, Ungar teaches “in response to the detecting, performing, by the computing device, one or more procedures to reduce a risk associated with the security event” as required by the claims.


	For claims 1 and 16, Applicant asserts, “Ungar does not teach or suggest where the ‘checks’ are inserted, and certainly does not teach that a bug has been detected in the native code module. Instead, the ‘checks’ are inserted incase a bug may exist in a 
	Examiner disagrees. As noted above, the “checks” are inserted where memory access calls are made and the check operations detect the occurrence of memory access bugs, i.e. security events indicating a bug in the native code module.


	For claims 1 and 16, Applicant further argues, “Ungar discloses a method for performing binary translation … whereby a signal is generated to report when an attempt to access a restricted portion of a memory is made. However, Ungar fails to teach or suggest detecting an occurrence of a security event indicating a bug in the native code module, as recited by claims 1 and 16” (note Remarks, page 9).
	Examiner disagrees. As shown above, Ungar teaches “detecting, by the computing device, the occurrence of the security event” as required by the claims.


	For claims 1 and 16, Applicant further argues, “since Ungar fails to teach or suggest detecting an occurrence of a security event indicating a bug in the native code module, Ungar cannot possibly teach ‘in response to the detecting, performing, by the computing device, one or more procedures to reduce a risk associated with the security event’” (note Remarks, page 11).


Conclusion
20.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Shukla (U.S. Patent Application Publication 2008/0016339) teaches monitoring API function calls of an application (note paragraphs [0039]-[0041]) which in response to detecting malicious actions, performs operations to reduce their risk (note paragraphs [0103]-[0104]).

Chess et al. (U.S. Patent Application Publication 2007/0074169) teaches detecting buffer overflow events in native code (note paragraph [0068]).

Wu (U.S. Patent Application Publication 2009/0077544) teaches detection of a long loop event (note paragraph [0019]).

21.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 6:00 - 5:30 pm; Monday through Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 





/David J Pearson/Primary Examiner, Art Unit 2438