DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 02/28/2022. In the instant Amendment, Claims 1, 6, 8, 13, 15 and 20 have been amended. Claims 2-4, 9-11 and 16-18 have been cancelled without prejudice. Claims 1, 8 and 15 are independent claims. Claims 1, 5-8, 12-15 and 19-20 have been examined and are pending. This Action is made FINAL.

	
	
Response to Arguments
Applicant’s arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 02/28/2022 with respect to the rejections of claims 1, 5-8, 12-15 and 19-20 have been fully considered but are not persuasive.
As to independent claims 1, 8 and 15, Applicants stated in arguments that the combination of Sakamoto (US 6279079) and BOULTON (20190205526) are not seen to disclose or to suggest “evaluation of a counter which indicates a number of times a first function having a first name has been called, executing a same first version of the first function in response to each call to the first function if the counter does not exceed a threshold value, and, if the counter exceeds the threshold value, executing a second version of the first function which is not identical to the first version and resetting the counter.” (Applicant Arguments/Remarks, 02/28/2022, pages 9-10).
The Examiner disagrees with the Applicants. The Examiner respectfully that the combination of Sakamoto (US 6279079) and BOULTON (20190205526) do disclose the cited limitations. For example, BOULTON discloses a first function having a first name has been called, executing a same first version of the first function in response to each call to the first function, executing a second version of the first function which is not identical to the first version and resetting the counter (BOULTON: par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] one classification (referred to as “type A”) assigned to functions that are not vulnerable to stack overflow. As such, type A functions not require stack protection. Another classification (referred to as “type B”) applied to functions identified by the developer as including a stack protection attribute; par 0044; the process ends so that the function can be updated with stack cookie protection; par 0046; the process may resume after, e.g., a new binary file is presented to the computer). Sakamoto further discloses evaluation of a counter which indicates a number of times, if the counter does not exceed a threshold value, and, if the counter exceeds the threshold value (Sakamoto: Col 18, lines 61-65; figs. 36A-B; determined that the number of times that the function codes was called does not exceed the number of times; Col 3, lines 44-47; fig. 36B; when the frequency of calls exceeds the predetermined count).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5-8, 12-15 and 19-20 are rejected under 35 U.S.C. 103 as being patentable over BOULTON et al. (“BOULTON,” US 20190205526, filed on 09/12/2018) in view of Sakamoto et al. (“Sakamoto,” US 6279079, published on 08/21/2001)

Regarding Claim 1; 
BOULTON discloses a system comprising: 
a memory storing executable code; and a hardware processor to execute the code to (par 0017; the binary analysis component includes a system for performing binary static analysis on software components to determine security characteristics of the components. The binary analysis component can include one or more computing devices, each having a memory and processor, executing software programs to perform the binary static analysis of software components and to determine the corresponding security characteristics): 
call a first function having a first name (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; one classification (referred to as “type A”) assigned to functions); and 
in response to each call to the first function having the first name (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] one classification (referred to as “type A”) assigned to functions): 
execute a same first version of the first function in response to each call to the first function (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] one classification (referred to as “type A”) assigned to functions that are not vulnerable to stack overflow); and 
execute a second version of the first function which is not identical to the first version of the first function and reset the counter (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] another classification (referred to as “type B”) applied to functions identified by the developer as including a stack protection attribute; par 0041; the computer classifies the function [] the type A classification assigned to functions that are not vulnerable to stack overflow [] the type B classification applied to functions identified by the developer as including stack protection; par 0044; the process ends so that the function can be updated with stack cookie protection; par 0046; the process may resume after, e.g., a new binary file is presented to the computer),
wherein the second version of the first function is more secure and more resource- consuming than the first version of the first function (BOULTON: par 0036; the processor may be programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file [] the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow. As such, type A functions may not require stack protection. Another classification may be applied to functions identified by the developer as including a stack protection attribute; par 0021; the external system choose not to deploy a binary software component where the security manifest indicates that the component includes functions that do not implement stack cookie protection).
BOULTON discloses evaluate stack overflow to execute the function as recited above, but do not explicitly disclose evaluate a counter indicating a number of times the first function has been called; if the counter does not exceed a threshold value; if the counter exceeds the threshold value. 
However, in an analogous art, Sakamoto discloses program execution system system/method that includes:
evaluate a counter indicating a number of times the first function has been called (Sakamoto: Col 18, lines 61-65; determined that the number of times that the function codes was called);
if the counter does not exceed a threshold value (Sakamoto: Col 18, lines 61-65; determined that the number of times that the function codes was called does not exceed the number of times; Col 3, lines42-44; when the frequency of calls of the function code is lower than a predetermined count, the function code read from the second storage means is executed); 
if the counter exceeds the threshold value (Sakamoto: Col 3, lines 44-47; when the frequency of calls exceeds the predetermined count [] the function code is created in the first storage means so that the function code is executed).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sakamoto with the method/system of Sakamoto BOULTON to include evaluate a counter indicating a number of times the first function has been called; if the counter does not exceed a threshold value; if the counter exceeds the threshold value. One would have been motivated to each instruction which the CPU 1001 executes, this determination should be made at a sufficiently high speed to make the duration of determination negligible relative to the instruction execution rate (Sakamoto: Col 2, lines 1-5).



Regarding Claim 5; 
The combination of BOULTON and Sakamoto disclose the system according to Claim 1, 
BOULTON further discloses wherein the security-related feature comprises one or more of stack cookie protection, extended logging, and buffers size checks (BOULTON: par 0012; in response to determining that the function utilizes stack cookie protection, a security report for the binary software component is updated to indicate that the function utilizes stack cookie protection; par 0036; the processor may be programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file).  

Regarding Claim 6; 
The combination of BOULTON and Sakamoto disclose the system according to Claim 1, 
BOULTON discloses the processing unit to execute the code to (BOULTON: par 0026; when function is called, the assembly language instructions included in function are executed): call a second function having a second name (BOULTON: par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; Another classification (referred to as “type C”) apply to functions); in response to each call to the second function having the second name (BOULTON: par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] classification (referred to as “type C”) apply to functions): execute a same first version of the second function in response to each call to the second function (BOULTON: par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] classification (referred to as “type C”) apply to functions that contain a local character array); execute a second version of the second function which is not identical to the first version of the second function (BOULTON: par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] another classification (referred to as “type D”) apply to functions with one or more of the following characteristics), wherein the second version of the second function is more secure and more resource- consuming than the first version of the second function (BOULTON: par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file; par 0041; the type C classification apply to functions that contain a local character array. The type D classification apply to functions with one or more of the following characteristics: a local variable's address is used as part of the right hand side of an assignment or function argument, a local variable is an array regardless of the array type or length, or the function uses register local variables).
Sakamoto further discloses evaluate a second counter indicating a number of times the second function has been called (Sakamoto: Col 18, lines 33-37; a table listing frequency of calls [] process executed by the program execution system; when the frequency of calls of the function code is lower than a predetermined count, the function code read from the second storage means is executed); if the second counter does not exceed a threshold value; if the second counter exceeds the second threshold value (Sakamoto: Col 18, lines 33-37; a table listing frequency of calls [] process executed by the program execution system; Col 18, lines 61-65; determined that the number of times that the function codes was called does not exceed the number of times; Col 3, lines 44-47; when the frequency of calls exceeds the predetermined count). 
One would have been motivated to each instruction which the CPU 1001 executes, this determination should be made at a sufficiently high speed to make the duration of determination negligible relative to the instruction execution rate (Sakamoto: Col 2, lines 1-5).

Regarding Claim 7; 
The combination of BOULTON and Sakamoto disclose the system according to Claim 6, 
Sakamoto further discloses the processing unit to execute the code to: call a third function (Sakamoto: Col 18, lines 33-37; figs 36 A-B; a table listing frequency of calls [] process executed by the program execution system); and in response to the call to the third function, determine whether to execute a first version of the third function, a second version of the third function, or a third version of the third function (Sakamoto: Col 18, lines 33-37; figs 36 A-B; a table listing frequency of calls [] process executed by the program execution system; Col 18, lines 61-65; figs. 36A-B; determined that the number of times that the function codes was called does not exceed the number of times triggering duplication, a determination that the duplication is not required; Col 3, lines 44-47; fig. 36B; when the frequency of calls exceeds the predetermined count, the duplicate of the function code is created in the first storage means so that the function code is executed).
One would have been motivated to each instruction which the CPU 1001 executes, this determination should be made at a sufficiently high speed to make the duration of determination negligible relative to the instruction execution rate (Sakamoto: Col 2, lines 1-5).
BOULTON further discloses wherein the third version of the third function comprises a first set of security-related features (BOULTON: par 0036; the processor may be programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file [] the processor may be programmed to classify each function based on its type; par 0037; the settings may include an option to disable stack protection for all functions, an option to provide stack protection for all functions, an option to provide stack protection for type C functions, an option to provide stack protection for type C and type D functions, and an option to provide stack protection for type B and type C functions), the second version of the third function comprises a second set of security-related features (BOULTON: par 0036; the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow. Another classification may be applied to functions identified by the developer as including a stack protection attribute; par 0013; binary static analysis method of reliably identifying the presence of stack cookie protection in a binary file. Some compilers provide an option for run-time detection of stack buffer overflows; par 0037; the settings may include an option to disable stack protection for all functions, an option to provide stack protection for all functions, an option to provide stack protection for type C functions, an option to provide stack protection for type C and type D functions, and an option to provide stack protection for type B and type C functions), and the first version of the third function does not comprise the first set or the second set of security-related features (BOULTON: par 0036; the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow; par 0037; the settings may include an option to disable stack protection for all functions, an option to provide stack protection for all functions, an option to provide stack protection for type C functions, an option to provide stack protection for type C and type D functions, and an option to provide stack protection for type B and type C functions).

Regarding Claim 8; 
BOULTON discloses a method comprising: 
calling a first function having a first name (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; one classification (referred to as “type A”) assigned to functions); and 
in response to each call to the first function having the first name (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] one classification (referred to as “type A”) assigned to functions): 
executing a same first version of the first function in response to each call to the first function (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] one classification (referred to as “type A”) assigned to functions that are not vulnerable to stack overflow); and
executing a second version of the second function which is not identical to the first version of the first function (par 0026; when function is called, the assembly language instructions included in function are executed; par 0036; the processor programmed to identify stack cookie protection by evaluating the functions called during execution [] another classification (referred to as “type B”) applied to functions identified by the developer as including a stack protection attribute; par 0041; the computer classifies the function [] the type A classification assigned to functions that are not vulnerable to stack overflow [] the type B classification applied to functions identified by the developer as including stack protection; par 0044; the process ends so that the function can be updated with stack cookie protection; par 0046; the process may resume after, e.g., a new binary file is presented to the computer),
wherein the second version of the first function is more secure and more resource- consuming than the first version of the first function (BOULTON: par 0036; the processor may be programmed to identify stack cookie protection by evaluating the functions called during execution of the binary file [] the processor may be programmed to classify each function based on its type. one classification may be assigned to functions that are not vulnerable to stack overflow. As such, type A functions may not require stack protection. Another classification may be applied to functions identified by the developer as including a stack protection attribute; par 0021; the external system choose not to deploy a binary software component where the security manifest indicates that the component includes functions that do not implement stack cookie protection).
BOULTON discloses evaluate stack overflow to execute the function as recited above, but do not explicitly disclose evaluating a counter indicating a number of times the first function has been called; if the counter does not exceed a threshold value; 
However, in an analogous art, Sakamoto discloses program execution system system/method that includes:
evaluating a counter indicating a number of times the first function has been called (Sakamoto: Col 18, lines 61-65; determined that the number of times that the function codes was called);
if the counter does not exceed a threshold value (Col 18, lines 61-65; determined that the number of times that the function codes was called does not exceed the number of times; Col 3, lines42-44; when the frequency of calls of the function code is lower than a predetermined count, the function code read from the second storage means is executed). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sakamoto with the method/system of Sakamoto BOULTON to include evaluate a counter indicating a number of times the first function has been called; if the counter does not exceed a threshold value. One would have been motivated to each instruction which the CPU 1001 executes, this determination should be made at a sufficiently high speed to make the duration of determination negligible relative to the instruction execution rate (Sakamoto: Col 2, lines 1-5).

Regarding Claim 12;
This Claim recites a method that perform the same steps as system of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  

Regarding Claim 13;
This Claim recites a method that perform the same steps as system of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  



Regarding Claim 14;
This Claim recites a method that perform the same steps as system of Claim 7, and has limitations that are similar to Claim 7, thus are rejected with the same rationale applied against claim 7.  

Regarding Claim 15;
This Claim recites a non-transitory computer-readable medium that perform the same steps as system of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

Regarding Claim 19;
This Claim recites a medium that perform the same steps as system of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  

Regarding Claim 20;
This Claim recites a medium that perform the same steps as system of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  






Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/C.W./Examiner, Art Unit 2439    


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439