DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 12/12/2019 wherein claims 1 – 20 are pending and ready for examination.  

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/21/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9-13, and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Obando et al, US 20210029108 A1 in view of Brown; Daniel W, US 20180121650 A1, May 03, 2018 hereafter referred to as Brown.

           As to claim 1, Obando teaches a method - Obando [0270] FIG. 9 illustrates a method 900 comprising:
           receiving an artifact comprising a portion of a file - Obando [0168] 702 computational derivation relationship, namely, one asset is computationally derived at least in part from at least part of another asset. Here, the claimed ‘received’ is taught by Obando as ‘derived’.  The claimed ‘artifact’ is taught by Obando as ‘another asset’ whereby the claimed ‘portion of a file’ is taught by Obando as ‘one asset’ because the ‘one asset’ is received when it is derived from  the portion of the ‘another asset’);
           detecting that commit information for the portion of the file is not found in a Version Control System (VCS) - Obando [0171] 708 version control relationship: one asset resides in a version control system 318 (VCS) and the other asset includes content applicable to at least a portion of the VCS-resident asset, e.g., a development tool applicable to the VCS-resident asset, or a history of actions taken on the VCS-resident asset.  Here, the claimed ‘file is not found’ is taught b Obando as ‘other asset’ because although the content relates to the VCS resident asset the content is not in the VCS hence no commit would be found);
          storing the portion of the file in a non-transitory computer readable storage medium - Obando [0174] … large file relationship: one asset references the other asset, e.g., by name or handle or GUID or pointer or other identifier, and the referenced asset resides in large file storage 716.  OBANDO DOES NOT TEACH generating a malicious probability for the portion of the file; and
communicating the portion of the file and the malicious probability for review, HOWEVER IN AN ANALAGROUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR BROWN TEACHES generating a malicious probability for the portion of the file - Brown [0055] the event analysis module 136 can calculate a confidence score that a process is malicious based at least in part on one or more of the directory traversal event(s) 104b and/or the file access pattern event(s) 106b and/or the file access record 114); and
communicating the portion of the file and the malicious probability for review - Brown [0038] … the event generation module 134 can generate and/or transmit observation event(s) 104b and/or 106b and/or the file access record 114. In some examples, the event analysis module 136 can determine from one or more of the detection event(s) 104a and/or 106a and/or the file access record 114 that a process associated with one or more of the events is malware and generate and/or transmit a malicious process detection event (138). To provide the computing system 102 of Obando the ability to generate a malicious probability for the portion of the file would have been obvious to one of ordinary skill in the art, in view of the teachings of Brown, since all the claimed elements were known in the prior art and one skilled in the art could have combined the elements as claimed by known methods (i.e. calculating, generating, and reporting malicious scores for analysis) with no change in their respective functions, and the combination would have yielded nothing more than predictable results to one of ordinary skill in the art before the effective filing date of the claimed invention would have recognized that the generating of probabilities of maliciousness used in Brown would allow computing system 102 of Obando greater control over portions of the file not present in the VCS based on confidence scoring). 

            As to claim 2, the combination of Obando and Brown teaches a method as in claim 1 wherein the generating is based upon a presence in the portion of the file of at least one of:        a security-critical API call - Brown [0038] … In some examples, the event analysis module 136 can determine from one or more of the detection event(s) 104a and/or 106a and/or the file access record 114 that a process associated with one or more of the events is malware and generate and/or transmit a malicious process detection event (138).  Here, the claimed ‘security-critical API call’ is taught by Brown as ‘transmit…detection event’.  The claimed ‘API’ is illustrated by Brown in Figure 1 as communicating arrow between the module 136 and filter/logic module 128; and
         a file extension - Brown [0073] … the determining can be based on correlating the first event information with multiple instances of second event information specified by the second event information. For example, at 308, a security agent 102 can determine that the first process is malicious after receiving second event information that specifies that the first process and/or the second process(es) are accessing, according to a DAP, files of multiple file types, a high number of files, files located in multiple locations in the directory, or files located in sequential locations in a hierarch disk);
         an obfuscation technique - Brown [0071] … … For example, the first process might traverse the directory to enumerate file locations and call instances of a second process to encrypt that files that the first process has found. In some examples, the first process might rename the files encrypted by instances of the second process to overwrite the original files.  Here, the claimed ‘obfuscation technique’ is taught by Brown as ‘rename the files’. The rationale for Obando considering scoring features of Brown in claim 1 apply here in claim 2 as they related to the types of artifacts to be analyzed).

            As to claim 3, the combination of Obando and Brown teaches a method as in claim 1 wherein the generating is based upon a stored configurable pattern - Obando [0026] More recently, IntelliCode™ technology offers artificial intelligence-enabled autocompletion assistance with software development. Within a Visual Studio® development environment, Visual Studio IntelliCode™ technology uses machine learning and other techniques to learn from source code to spot irregular patterns, missed refactorings, and other opportunities for improving the code that is being developed).

           As to claim 4, the combination of Obando and Brown teaches a method as in claim 1 wherein the generating is based upon a machine learning
Technique - Obando [0026] More recently, IntelliCode™ technology offers artificial intelligence-enabled autocompletion assistance with software development. Within a Visual Studio® development environment, Visual Studio IntelliCode™ technology uses machine learning and other techniques to learn from source code to spot irregular patterns, missed refactorings, and other opportunities for improving the code that is being developed).

           As to claim 5, the combination of Obando and Brown teaches a method as in claim 1 wherein the detecting is based upon a cryptographic digest of the file  - Obando [0168] 702 computational derivation relationship, namely, one asset is computationally derived at least in part from at least part of another asset, e.g., one asset includes a machine learning model trained using data of the other asset, one asset includes an index into the other asset, one asset includes a compression or encryption or encoding or translation or hash of the other asset, one asset includes object code or executable code produced from source code of the other asset by a compiler or an assembler, or one asset includes output produced by inputting the other asset into a tool 122 or an application 124).

           As to claim 6, the combination of Obando and Brown teaches a method as in claim 1 further comprising persisting the malicious probability - Obando [0743] … The ROM can store static data and instructions that are needed by processing unit(s) 3104. The permanent storage device can be a non-volatile read-and-write memory device that can store instructions and data even when module 3102 is powered down. The rationale for Obando to consider the Brown in claim 1 apply here in claim 6). 

            As to claim 7, the combination of Obando and Brown teaches a method as in claim 1 wherein the portion of the file is identical to another portion of a file present in a source code repository - Obando [0293 and at 0298] since at ‘93…The client will then have to traverse its git commit history 1004, starting in the commit 312 that matches the partial prefix and going backwards all the way to the initial commit, and provide 2014 a hash of this history to the IntelliCode™ service 210 as the client's proof-of-access 404. The service will compare 2044 this value to the one it has stored and if they match then it will provide 408 the client with a shared access signatures (SAS) token to a blob (binary large object) 310 holding the custom model.  Here, the claimed ‘portion’ is taught by Obando as ‘partial prefix’  whereby the claimed ‘identical’ is taught by Obando as ‘matches’ whereas the claimed ‘source code repository’ is taught by Obando as ‘commit history 1004’ because the git command fetches stored commit data for comparison.  Obando further teaches the source code repository at {0298]).

           As to claim 9, claim 9 is a non-transitory computer readable storage medium  that is directed to the features of claims 1 and 2.  Therefore, claim 9 is rejected for the reasons as set forth in claims 1 and 2.
           As to claim 10, claim 10 is a non-transitory computer readable storage medium  that is directed to the features of claim 3.  Therefore, claim 10 is rejected for the reasons as set forth in claim 3.

          As to claim 11, claim 11 is a non-transitory computer readable storage medium  that is directed to the features of claim 4.  Therefore, claim 11 is rejected for the reasons as set forth in claim 4.

           As to claim 12, claim 12 is a non-transitory computer readable storage medium  that is directed to the features of claim 5.  Therefore, claim 12 is rejected for the reasons as set forth in claim 5.

           As to claim 13, claim 13 is a non-transitory computer readable storage medium  that is directed to the features of claim 6.  Therefore, claim 13 is rejected for the reasons as set forth in claim 6.            

          As to claim 15, claim 15 is a computer system that is directed to the method of claim 1.  Therefore, claim 15 is rejected for the reasons as set forth in claim 1.

          As to claim 16, claim 16 is a computer system that is directed to the method of claim 2.  Therefore, claim 16 is rejected for the reasons as set forth in claim 2.

           As to claim 17, claim 17 is a computer system that is directed to the method of claim 3.  Therefore, claim 17 is rejected for the reasons as set forth in claim 3.
           As to claim 18, claim 18 is a computer system that is directed to the method of claim 4.  Therefore, claim 18 is rejected for the reasons as set forth in claim 4.
           As to claim 19, claim 19 is a computer system that is directed to the method of claim 5.  Therefore, claim 19 is rejected for the reasons as set forth in claim 5.
           As to claim 20, claim 20 is a computer system that is directed to the method of claim 6.  Therefore, claim 20 is rejected for the reasons as set forth in claim 6.

Claims 8 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Obando and Brown, in view of Saito; Ricardo Oleg et al, US 20140101177 A1, April 10, 2014 hereafter referred to as Saito.

            As to claim 8, the combination of Obando and Brown teaches a method as in claim 1.  THE COMBINATION OF OBANDO AND BROWN DO NOT TEACH wherein:
          the non-transitory computer readable storage medium comprises an in-memory
database; and
           the detecting is performed by an in-memory database engine of the in-memory
database, HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR SAITO TEACHES wherein:
            the non-transitory computer readable storage medium comprises an in-memory
database – Saito [0014] … An in-memory database is a database management system that primarily relies on main memory for computer data storage. It is contrasted with database management systems that employ a disk storage mechanism. One example of an in-memory database is the HANA system from SAP AG of Walldorf, Germany); and
           the detecting is performed by an in-memory database engine of the in-memory
database – Saito … [0043] A client computer 600 may generate a request to perform a data attribute calculation and, at 606, send the request to an index server 602 of an in-memory database management system 604. At 608, the index server 602 can perform the requested data attribute calculation on data stored in-memory in a main memory 610 of the in-memory database management system 604. At 612, the index server 602 can return the result of the data attribute calculation to the client computer 600). Thus, it would have been recognized by one of ordinary skill in the art that applying the known technique on an in-memory database engine as taught by Saito to the computing system 102 of Obando would have yielded predicable results and resulted in an improved system , namely, a version control system that now includes a database capable of performing parameter-matching away from the main processor as provided by the “technique” of Saito).

          As to claim 14, claim 14 is a non-transitory computer readable storage medium  that is directed to the features of claim 8.  Therefore, claim 14 is rejected for the reasons as set forth in claim 8.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 7:00 a.m. to 3:00 p.m.  If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-272-3900.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249105/09/2022
/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491