DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted 3/10/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0018961 to Kostyushko et al. (hereinafter, “Kostyushko”) in view of US 2018/0293379 to Dahan (hereinafter, “Dahan”). 
As per claim 1: Kostyushko discloses: A computer implemented method for determining a plurality of data sources providing seed parameters for generation of an encryption key by a ransomware algorithm (a system and method for protecting file data from malicious programs, such as ransomware; for example, techniques are described for intercepting requests to random number generator libraries or requests to retrieve system information for seeds to pseudorandom data [Kostyushko, ¶0007]), the method comprising: (a system monitoring agent 104 is configured to collect any requests for random or pseudorandom numbers from the system 100, such as requests for hardware identifiers to be used in generating encryption keys [Kostyushko, ¶0036-0038]; “In some aspects, the system monitoring agent 104 may detect a user process 102 invoking system calls or application programming interface (API) calls to library functions that provide random or pseudorandom data from the operating system 105.” [Kostyushko, ¶0037]).
Kostyushko does not disclose: “exposing a target computer system to the ransomware algorithm”. However, Dahan is directed to analogous art of an anti-ransomware application or component that detects, stops, and removes ransomware from a computing system [Dahan, ¶0005]. Dahan discloses: exposing a target computer system to the ransomware algorithm (a honeypot deployment module 208 implements honeypot drives and/or files to bait access by a process, such as ransomware programs [Dahan, ¶0072]).
Thus, it would have been obvious to a person having ordinary skill in the art before the claimed invention was effectively filed to implement honeypot files in the system of Kostyushko, such as suggested in Dahan, to bait (e.g. “exposing”) ransomware programs, thereby further improving the security of the system. Honeypots contain fake data that appear important and would have enabled the system to detect, deflect, or counteract attempts to gain unauthorized access by an attack without putting real files at risk [Dahan, ¶0072].

As per claim 2: Kostyushko in view of Dahan disclose all limitations of claim 1. Furthermore, Kostyushko discloses: wherein each of the one or more hardware components includes one or more of: a central processing unit; a memory; a storage device; a peripheral device; a basic input/output subsystem; an output device; an input device; or a network device of the target computer system (requesting hardware identifiers of devices in the computer hardware 106, such as a serial number of a hard disk drive, network interface card, PCI interface or device, USB interface or device [Kostyushko, ¶0038]).

As per claim 3: Kostyushko in view of Dahan disclose all limitations of claim 1. Furthermore, Kostyushko discloses: wherein the data about the one or more hardware components includes one or more of: a reference number; an identifier; a version; a date; a time; an address; a serial number; or unique information about the hardware component (“For example, the system monitoring agent 104 may detect and save when a user process 102 requests (113) for hardware identifiers of devices in the computer hardware 106, such as a serial number of a hard disk drive, network interface card, and PCI interface or device, USB interface or device. In other examples, the system monitoring agent 104 may detect when a user process 102 requests file metadata of one or more files stored in the system, such metadata file creation times (e.g., timestamp), file names, and data from the file header. In some aspects, the system monitoring agent 104 may be configured to intercept requests by a user process 102 to retrieve metadata related to one or more processes or threads executing in the system, metadata such as process identifiers (PID) or thread identifiers (tid).” [Kostyushko, ¶0038]).

As per claim 4: Kostyushko in view of Dahan disclose all limitations of claim 1. Furthermore, Kostyushko discloses: wherein the monitoring includes using a process monitor to determine operating system API calls are made (“…the system monitoring agent 104 may detect a user process 102 invoking system calls or application programming interface (API) calls to library functions that provide random or pseudorandom data from the operating system 105” [Kostyushko, ¶0037]).

As per claim 5: Claim 5 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 5 is directed to a computer system for performing steps corresponding to the method of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 5.

As per claim 6: Claim 6 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 6 is directed to a non-transitory computer-readable storage medium with code for performing steps corresponding to the method of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 5.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453. The examiner can normally be reached Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        5-05-2022