DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



The following is a final office action in response to communications received 05/26/2022. Claims 1-17 have been amended. Therefore, claims 1-17 are pending and addressed below.

Response to Amendment
Applicant’s amendments and response to the claims are sufficient to overcome the 35 USC 101, 35 USC 112, 2nd, paragraph rejections set forth in the previous office action.

Response to Arguments
Applicant’s arguments filed 05/26/2022 have been fully considered but they are moot in view of new ground of rejections.




Claim Rejections – 35 USC § 101

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 

Claims 1-15 are rejected under 35 U.S.C. 101 because the examiner notes that the specification fails to provide a special definition that the processor must be hardware and the claim itself based on context fails to limit the processor to hardware.  By definition a processor can be hardware or software, additionally, either the blue or maroon Microsoft computer dictionary also supports a processor being software. Software is not a physical article or object and as such is not a machine or manufacture.  A software is not a combination of substances and therefore not a compilation of matter.  Thus, software by itself does not fall within any of the four categories of invention. Therefore, Claims 1-15 are not statutory.


Examiner’s notes

Claims 2, 11, 12, 13 are not rejected under prior art(s).


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-10, 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over Johns et al (Pub. No. US 2019/0132334) in view of Humble et al (Pub. No. US 2015/0186649).

As per claims 1, 16, 17, Johns discloses an information processing apparatus comprising: a processor configured to: extract security information from an assembler program obtained by disassembling a binary file of an application (the cyber security system extracts a section of binary code from the received executable file…see par. 68); generate security setting on a basis of the extracted security information (…producing a threat score that indicates a likelihood of the executable file being associated with a cyber-attack…where the threat score falls below a first threshold, the executable file is determined to be benign and where the threat score is equal to or exceeds the first threshold, the classifier determines that the executable file is malicious…see par. 69-70); and construct an isolated environment on a basis of the binary file of the application and the security setting (…responsive to the executable file being classified as malicious, the cyber security system may…quarantine the executable files…see par. 70). John discloses re-assembling…but does not explicitly discloses disassembling. However Humble discloses an assembler program obtained by disassembling… (generating function identification codes for functions contained in executable files is provided…an executable file is received…the executable file may be disassembled by a disassembled assembly code instructions into individual software functions…see par. 14). Therefore one ordinary skill in the art would have found it obvious before the effective filling date of the claimed invention to use Humble in Johns for including the above limitations because one ordinary skill in the art would recognize it would further enhance the security of a system for identifying whether an executable file may be a malicious executable file…by disassembling the received file into assembly code and breaking it into function groups…to determine a level of similarity between the received executable files…see Humble, par. 7.


As per claim 3, the combination of Johns and Humble discloses wherein the processor is further configured to: extract a function that is included in the binary file of the application and a system call that is directly executed, and output, as the security information, the extracted system call and a system call that is called by the extracted function (Johns: see par. 68).


As per claim 4, the combination of Johns and Humble discloses wherein the processor is further configured to: refer to a system call definition database that maps a plurality of functions and a plurality of system calls, and output, as the security information, the system call that is called by the function extracted from the binary file of the application (Johns: see par. 68-69).


As per claim 5, the combination of Johns and Humble discloses wherein the processor is further configured to: extract a processing flow that needs capability from the binary file of the application, and output, as security information, information of the capability corresponding to the processing flow (Johns: see par. 68-69).


As per claim 6, the combination of Johns and Humble discloses wherein the processor is further configured to: refer to a processing flow capability definition database that maps a binary code of a processing flow that needs capability and information of capability needed, and output, as the security information, information of the capability needed for the processing flow extracted from the binary file of the application (Johns: see par. 64-69).


As per claim 7, the combination of Johns and Humble discloses wherein the processor is further configured to: extract, from the binary file of the application, a file name of a file based on which the application is executed, and output, as the security information, the file name and information of access control applied to the file (Johns: see par. 68-69).


As per claim 8, the combination of Johns and Humble discloses wherein the processor is further configured to: refer to a file access function definition database that defines a file access function, extract a code position of a file access function from the binary file of the application, and output, as the security information, the file name accessed by the file access function and the information of access control specified at a time of file access (Johns: see par. 74-76).


As per claim 9, the combination of Johns and Humble discloses wherein the processor is further configured to add a function of analyzing the binary file of the application and a database for analysis in a plug-in format, for every piece of information that needs the security setting (Johns: see par. 105). 


As per claim 10, the combination of Johns and Humble discloses wherein the security setting is generated by combining an extraction result with a database in which security desired to be set to the application is defined in advance (Johns: see par. 74-76).


As per claim 14, the combination of Johns and Humble discloses wherein the processor is further configured to add a function of generating a new security setting in a plug-in format (Johns: see par. 105).


As per claim 15, the combination of Johns and Humble discloses wherein the binary file of the application is received from a first terminal via a network, and the isolated environment constructed on the basis of the binary file of the application and the security setting is transmitted to a second terminal via a network (Johns: see par. 68-69).





Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure (see PTO-form 892).
The following Patents and Papers are cited to further show the state of the art at the time of Applicant’s invention with respect to dynamic analysis of the program and automatic generation related to an access policy.

Saunders et al (Pub. No. US 20130185798); “Identifying Software Execution Behavior”;
-Teaches identifying software execution behavior…by accessing a portion of assembly code…the portion of assembly code was disassembled from a corresponding portion of binary code…see par. 10-11.


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHAZAL B SHEHNI whose telephone number is (571)270-7479. The examiner can normally be reached Mon-Fri 9am-5pm PCT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GHAZAL B SHEHNI/Primary Examiner, Art Unit 2499