DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is in response to the correspondence filed on 12/22/20.  Claims 1-20 are still pending and have been considered below.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 9 and 17 recite the limitation "blocking said/the call to said/the source of randomness" throughout the claims.  There is insufficient antecedent basis for this limitation in the claims.  Examiner notes that the preceding claim language merely appears to establish an instance of a “permissible call to said/the/a source of randomness” in addition to a separate and distinct instance of a “call” in general (see lines 8 and 13 of Claim 1; lines 9 and 13 of Claim 9; and lines 4 and 8 of Claim 17), and does not necessarily appear to establish any first instance of a specific “call to said/the source of randomness” by itself; thus, render the claims indefinite in that it is unclear as to what the limitation in question is in reference to.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 4-10, 12-18 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kostyushko et al. (2019/0018961) in view of Sadika et al. (2016/0308900).  Examiner notes that due to the intervening priority dates, Kostyushko et al. has been cited in view of the Specification filed on 07/12/17 in the corresponding provisional application, U.S. Application No. 62/531,430.
Claim 1:  Kostyushko et al. discloses a computer-implemented method for preventing ransomware attacks on a computing system, the computing system having access to computing resources including a source of randomness, which comprises random number or pseudo-random number generation means, and which are accessible through a calling interface means [page 5, paragraph 0021], the computer-implemented method comprising the following steps:
collecting and tracking calls to said source of randomness comprising random number or pseudo-random number generation means through said calling interface means in a memory element(system monitoring agent detecting a user process invoking system calls and/or API calls to functions that provide random or pseudo random data) [page 5, paragraphs 0022-0023];
monitoring a usage of said calling interface means using a monitoring means, wherein monitoring the usage includes obtention of data identifying a call(monitor user processes and/or OS thread processes and check them against database of known malicious software) [page 7, paragraphs 0031-0032]; and
determining if the data identifying the call is associated with a malicious program [page 8, paragraph 0033];
but does not explicitly disclose providing predetermined requirements describing a permissible call to said source of randomness; and determining if data identifying a call complies with predetermined requirements and blocking said call to said source of randomness when it is determined that the data identifying said call does not comply with said predetermined requirements.
However, Sadika et al. discloses a similar invention [page 1, paragraph 0002 | page 4, paragraph 0042] and further discloses providing predetermined requirements describing a permissible call to a source of data through a calling interface means(characteristics data models of expected behavior with respect to each API call) [page 5, paragraphs 0047-0048]; monitoring a usage of the calling interface means using a monitoring means, wherein monitoring the usage includes obtention of data identifying a call(during protection stage all API calls are routed through system and parsed to learn/identify the composition of the request/response) [page 7, paragraphs 0082-0083]; and determining if the data identifying the call complies with the predetermined requirements and blocking the call to the source of data when it is determined that the data identifying the call does not comply with the predetermined requirements(validator module compares raw learned data to characteristic data points in characteristic data model to detect abnormal behavior, which can cause system to block the API call entirely depending on the severity of the detected invalidity/abnormality) [page 7, paragraphs 0085-0086].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Kostyushko et al. with the additional features of Sadika et al., in order to more effectively identify and prevent malicious API attacks from known and unknown vulnerabilities, as suggested by Sadika et al. [page 1, paragraphs 0005-0008].
Claim 2:  Kostyushko et al. and Sadika et al. disclose the computer-implemented method according to claim 1, and Kostyushko et al. further discloses wherein the data identifying said call comprises data identifying a calling process [page 7, paragraphs 0031-0032] [Sadika et al.: page 7, paragraphs 0083-0084].
Claim 4:  Kostyushko et al. and Sadika et al. disclose the computer-implemented method according to claim 1, and Kostyushko et al. further discloses wherein said source of randomness comprises a cryptographically secure random number generator [page 5, paragraph 0023].
Claim 5:  Kostyushko et al. and Sadika et al. disclose the computer-implemented method according to claim 1, and Kostyushko et al. further discloses wherein said calling interface means comprise an application programming interface providing access to said source of randomness [page 5, paragraph 0023] [Sadika et al.: page 3, paragraph 0028].
Claim 6:  Kostyushko et al. and Sadika et al. disclose the computer-implemented method according to claim 1, and Sadika et al. further discloses wherein blocking said call comprises terminating a corresponding calling process [pages 8-9, paragraph 0095].
Claim 7:  Kostyushko et al. and Sadika et al. disclose the computer-implemented method according to claim 1, and Kostyushko et al. further discloses wherein said monitoring means are part of the computing system's operating system [page 9, paragraph 0039] [Sadika et al.: page 3, paragraph 0032].
Claim 8:  Kostyushko et al. and Sadika et al. disclose the computer-implemented method according to claim 1, and Kostyushko et al. further discloses wherein the source of randomness comprises a source of entropy [page 5, paragraph 0023].
Claim 9:  Kostyushko et al. discloses A system for preventing ransomware attacks on a computing system, the computing system having access to computing resources including a source of randomness, which comprises random number or pseudo-random number generation means, and which are accessible through a calling interface means [page 5, paragraph 0021], the system comprises a memory storing instructions when executed by a processor cause the processor to:
collect and track calls to the source of randomness comprising random number or pseudo-random number generation means through the calling interface means in a memory element [page 5, paragraphs 0022-0023];
monitor a usage of the calling interface means using a monitoring means, wherein monitoring the usage includes obtention of data identifying a call [page 7, paragraphs 0031-0032]; and
determine if the data identifying the call is associated with a malicious program [page 8, paragraph 0033];
but does not explicitly disclose provide predetermined requirements describing a permissible call to the source of randomness; determine if the data identifying a call complies with predetermined requirements and blocking the call to the source of randomness when it is determined that the data identifying the call does not comply with the predetermined requirements.
However, Sadika et al. discloses a similar invention [page 1, paragraph 0002 | page 4, paragraph 0042] and further discloses provide predetermined requirements describing a permissible call to a source of data through the calling interface means in a memory element [page 5, paragraphs 0047-0048]; monitor a usage of the calling interface means using a monitoring means, wherein monitoring the usage includes obtention of data identifying a call [page 7, paragraphs 0082-0083]; and determine if the data identifying the call complies with the predetermined requirements and blocking the call to the source of data when it is determined that the data identifying the call does not comply with the predetermined requirements [page 7, paragraphs 0085-0086].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Kostyushko et al. with the additional features of Sadika et al., in order to more effectively identify and prevent malicious API attacks from known and unknown vulnerabilities, as suggested by Sadika et al. [page 1, paragraphs 0005-0008].
Claim 10:  Kostyushko et al. and Sadika et al. disclose the system of claim 9, and Kostyushko et al. further discloses wherein the data identifying the call comprises data identifying a calling process [page 7, paragraphs 0031-0032] [Sadika et al.: page 7, paragraphs 0083-0084].
Claim 12:  Kostyushko et al. and Sadika et al. disclose the system of claim 9, and Kostyushko et al. further discloses wherein the source of randomness comprises a cryptographically secure random number generator [page 5, paragraph 0023].
Claim 13:  Kostyushko et al. and Sadika et al. disclose the system of claim 9, and Kostyushko et al. further discloses wherein the calling interface means comprise an application programming interface providing access to the source of randomness [page 5, paragraph 0023] [Sadika et al.: page 3, paragraph 0028].
Claim 14:  Kostyushko et al. and Sadika et al. disclose the system of claim 9, and Sadika et al. further discloses wherein blocking the call comprises terminating a corresponding calling process [pages 8-9, paragraph 0095].
Claim 15:  Kostyushko et al. and Sadika et al. disclose the system of claim 9, and Kostyushko et al. further discloses wherein the monitoring means are part of the computing system's operating system [page 9, paragraph 0039] [Sadika et al.: page 3, paragraph 0032].
Claim 16:  Kostyushko et al. and Sadika et al. disclose the system of claim 9, and Kostyushko et al. further discloses wherein the source of randomness comprises a source of entropy [page 5, paragraph 0023].
Claim 17:  Kostyushko et al. discloses a non-transitory computer readable storage medium storing instructions that when executed by a computer, which includes a processor perform a method, the method comprising:
collecting and tracking calls to a source of randomness of a computing system that includes a random number or pseudo-random number generation means through a calling interface means [page 5, paragraphs 0022-0023];
monitoring a usage of the calling interface means using a monitoring means, wherein monitoring the usage includes obtention of data identifying a call [page 7, paragraphs 0031-0032]; and
determining if the data identifying the call is associated with a malicious program [page 8, paragraph 0033];
but does not explicitly disclose providing predetermined requirements describing a permissible call to the source of randomness; and determining if the data identifying the call complies with the predetermined requirements and blocking the call to the source of randomness when it is determined that the data identifying the call does not comply with the predetermined requirements.
However, Sadika et al. discloses a similar invention [page 1, paragraph 0002 | page 4, paragraph 0042] and further discloses providing predetermined requirements describing a permissible call to a source of data of a computing system through a calling interface means [page 5, paragraphs 0047-0048]; monitoring a usage of the calling interface means using a monitoring means, wherein monitoring the usage includes obtention of data identifying a call [page 7, paragraphs 0082-0083]; and determining if the data identifying the call complies with the predetermined requirements and blocking the call to the source of data when it is determined that the data identifying the call does not comply with the predetermined requirements [page 7, paragraphs 0085-0086].
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the disclosure of Kostyushko et al. with the additional features of Sadika et al., in order to more effectively identify and prevent malicious API attacks from known and unknown vulnerabilities, as suggested by Sadika et al. [page 1, paragraphs 0005-0008].
Claim 18:  Kostyushko et al. and Sadika et al. disclose the non-transitory computer readable storage medium of claim 17, and Kostyushko et al. further discloses wherein the data identifying the call comprises data identifying a calling process [page 7, paragraphs 0031-0032] [Sadika et al.: page 7, paragraphs 0083-0084].
Claim 20:  Kostyushko et al. and Sadika et al. disclose the non-transitory computer readable storage medium of claim 17, and Sadika et al. further discloses wherein blocking the call comprises terminating a corresponding calling process [pages 8-9, paragraph 0095].

Allowable Subject Matter
Claims 3, 11 and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Yablokov et al. (2014/0181974).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD ZEE whose telephone number is (571)270-1686. The examiner can normally be reached Monday-Friday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/EDWARD ZEE/Primary Examiner, Art Unit 2435