ALLOWABILITY NOTICE
The following claims are pending in this office action: 1, 3-5, 11, 13-15 and 20
The following claims are amended: 11 and 20
The following claims are new: -
The following claims are cancelled: 2, 6-10, 12, and 16-19.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with attorney of record Joel S. Simon on 05/10/2022.
1.	(Previously Presented) A computer-implemented method for detecting a security status of a computer system, comprising:
in response to satisfaction of a predetermined trigger condition associated with an electronic application installed on a memory of the computer system, performing a security check process on the computer system, wherein the security check process includes:
in response to determining that an indicator application is not present on the memory, determining whether an indicator directory is accessible in the memory by performing a search process on the memory to identify at least two indicator directories in the memory, wherein:
the at least two indicator directories includes "/etc/apt" and "/private/var/lib/apt/"; and
the search process identifies that at least the indicator directories "/etc/apt" and "/private/var/lib/apt/" are accessible on the memory; and 
in response to determining that at least the indicator directories "/etc/apt" and "/private/var/lib/apt/" are accessible on the memory, determining that the security status of the computer system is formerly compromised; and 
in response to the security check process determining that the security status is formerly compromised, performing a security action.

2.	(Canceled)

3.	(Previously Presented) The computer-implemented method of claim 1, wherein the security action includes: 
enabling access to a first portion of a functionality of the electronic application, and 
preventing access to a second portion of the functionality of the electronic application.

4.	(Previously Presented) The computer-implemented method of claim 3, wherein the security action further includes transmitting a report message to a server system associated with the electronic application that includes information associated with the security status of the computer system.

5.	(Original) The computer-implemented method of claim 1, wherein the predetermined trigger condition includes one or more of: 
receiving a launch application instruction associated with the electronic application; 
determining that a timer has expired; or
receiving an application security check instruction from a server system associated with the electronic application.

6-10.	(Cancelled) 

11.	(Currently Amended) A system for detecting a security status of a computer system, the system comprising:
a memory storing instructions and an electronic application; and
a processor operatively connected to the memory and configured to execute the instructions to perform acts, the acts including:
in response to satisfaction of a predetermined trigger condition associated with [[an]] the electronic application installed on [[a]] the memory of the computer system, performing a security check process on the computer system, wherein the security check process includes:
in response to determining that an indicator application is not present on the memory, determining whether an indicator directory is accessible in the memory by performing a search process on the memory to identify at least two indicator directories in the memory, wherein: 
the at least two indicator directories includes "/etc/apt" and "/private/var/lib/apt/"; and
the search process identifies that at least the indicator directories "/etc/apt" and "/private/var/lib/apt/" are accessible on the memory; and 
in response to determining that at least the indicator directories "/etc/apt" and "/private/var/lib/apt/" are accessible on the memory, determining that the security status of the computer system is formerly compromised; and 
in response to the security check process determining that the security status is formerly compromised, performing a security action.

12.	(Cancelled) 

13.	(Previously Presented) The system of claim 11, wherein the security action includes:
enabling access to a first portion of a functionality of the electronic application, and
preventing access to a second portion of the functionality of the electronic application.

14.	(Previously Presented) The system of claim 13, wherein the security action further includes transmitting a report message to a server system associated with the electronic application that includes information associated with the security status of the computer system.

15.	(Original) The system of claim 11, wherein the predetermined trigger condition includes one or more of:
receiving a launch application instruction associated with the electronic application;
determining that a timer has expired; or
receiving an application security check instruction from a server system associated with the electronic application.

16-19.	(Cancelled) 

20.	(Currently Amended) A non-transitory computer-readable medium comprising instructions that are executable by at least one processor of a computer system to perform operations for detecting a security status of the computer system, the operations including: 
in response to satisfaction of a predetermined trigger condition associated with an electronic application installed on a memory of the computer system, performing a security check process on the computer system, the security check process including: 
in response to determining that an indicator application is not present on the memory, determining whether an indicator directory is present on the memory of the computer system by performing a search process on the memory to identify at least two indicator directories in the memory, wherein: 
the at least two indicator directories include "/etc/apt" and "/private/var/lib/apt/"; and
the search process identifies that at least the indicator directories "/etc/apt" and "/private/var/lib/apt/" are accessible on the memory; and
in response to determining that at least the indicator directories "/etc/apt" and "/private/var/lib/apt/" are accessible on the memory, determining that the security status of the computer system is formerly compromised; and
in response to the security check process determining that the security status is formerly compromised, performing a security action.

Reasons for Allowance
Claims 1, 3-5, 11, 13-15, and 20 are allowed.  
The following is an examiner’s statement of reasons for allowance:  The cited prior art references, do not alone or in combination teach the recited features of the independent claims 1, 11 and 20.  In this case, the allowance is based on the combination of the recited steps and the features of the recited steps, which distinguish the claimed invention from the prior art.  For example, the independent claims all require determining that an indicator direction is accessible in memory by performing a search process on the memory:
1) Identify at least two indicator directories:  "/etc/apt" and "/private/var/lib/apt/" (for example, see claim 1, ln. 10-11; claim 11, ln. 13-14; and claim 20, ln. 11-12 of amended claims above); and 
2) determining that the security status is formerly compromised as a result of the identification (for example, see claim 1, ln. 17-18; claim 11, ln. 20-21; and claim 20, ln. 18-19)
In particular, the prior art does not describe determining that a phone was formerly compromised by identifying that, specifically, the two directories "/etc/apt" and "/private/var/lib/apt/" are both present in memory.  

Barton et al. (US Pub. 2014/0032758) teaches methods of detecting whether a device is jailbroken or rooted, but does not teach searching for the two indicator directories “/etc/apt” and “/private/var/lib/apt/”.  
Trelis; iOS Pentesting - Reversing Jailbreak; Trelis Blog, March 12, 2019 [retrieved on November 6, 2021]; <URL: https://trelis24.github.io/2019/03/12/Pentesting-iOS-Reversing-Jailbreak/>; discloses searching for the indicator directories “/etc/apt” and “/private/var/lib/apt/”, and determining that the phone is jailbroken if said directories are found, but does not disclose determining that the phone was formerly compromised on finding that both directories are present.
Bouchard; Pro tip: clean up leftover preference files after uninstalling jailbreak tweaks;  Download Blog, August 9, 2016 [retrieved on November 6, 2021]; <URL: https://trelis24.github.io/2019/03/12/ Pentesting-iOS-Reversing-Jailbreak/> discloses that even after reversing jailbreak, the phone can leave remnants such as indicator directories, but does not disclose determining that the phone was formally compromised by finding that both  “/etc/apt” and “/private/var/lib/apt/” are present.  
Other NPL such as Choudhary; Best way to check if your iOS App is running on a Jailbroken Phone; Developer Insider, Feb 23, 2020 [retrieved on May 10, 2022]; <URL: https://developerinsider.co/best-way-to-check-if-your-ios-app-is-running-on-a-jailbroken-phone/> and Is there any updated check for jailbroken devices (in swift or Objective-C); Apple Developer Forums 2020 [retrieved on May 10, 2022]; <URL: https://developer.apple.com/forums/thread/119491> similar to Trelis and Bouchard, at best, describe determining that the phone was formerly compromised on finding either “/etc/apt” or “/private/var/lib/apt/”, and even suggest that there is no reliable way of detecting whether a device was jailbroken.  
Kellner et al.; False Sense of Security: A Study on the Effectivity of Jailbreak Detection in Banking Apps; 2019 IEEE European Symposium on Security and Privacy (Euro&P), June 01, 2019; pg. 1-14 describes the general environment for detecting Jailbreak Detection in Banking Apps, which includes the most common files/apps checks, file system checks, and platform functionality checks, which but does not disclose determining that the phone was formerly compromised by finding both “/etc/apt” and “/private/var/lib/apt/” in memory.  
These along with the other recited features of independent claims 1, 11, and 20 and their dependent claims make the claimed inventions allowable over the prior arts of record.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZHE LIU whose telephone number is (571) 272-3634.  The examiner can normally be reached on Monday - Friday: 8:30 AM to 5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at (866) 217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call (800) 786-9199 (IN USA OR CANADA) or (571) 272-1000.
/Z.L./Examiner, Art Unit 2493         

/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493