DETAILED ACTION


1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending.  Claims 1, 16 and 19 are independent.  

3.	The IDS submitted on 8/6/2019 has been considered.

Claim Objections

4.	Claims 7, 12 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.









Claim Rejections - 35 USC § 103

5.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

6.	The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


7.	Claims 1-6, 8-11 and 13-19 are rejected under 35 U.S.C. 103(a) as being unpatentable over Waghorn (US PG Pub. 2019/0081963) in view of Golovkin (US PG Pub. 2011/0010697). 
	As regarding claims 1, 16 and 19, Waghorn discloses A method of engine-based computer security, the method comprising: 
receiving, at a engine sensor of a computing device executing an operating system, first data from the operating system that represents occurrence of a monitored event [para. 176-186; receiving monitored events]; 
sending, from the sensor, second data corresponding to the monitored event to a engine logic controller [para. 176-186; receiving monitored events]; 
determining, at a first logic block of the engine logic controller based on the second data and third data representing a system state associated with the computing device, that a first predicate condition is satisfied [para. 176-186; determining sequences of events]; 
determining, at a second logic block of the engine logic controller based on the second data and the third data, that a second predicate condition is satisfied [para. 176-186; determining sequences of events]; 
detecting a computer security threat based on the first and second predicate conditions being satisfied [para. 176-186; detecting malware]; and 
based on detecting the computer security threat, instructing at least one engine actuator to perform at least one action responsive to the computer security threat [para. 176-186; initiating a response].
Waghorn does not explicitly disclose computer system including game computer.  However, Golovkin discloses it [para 26].
It would have been obvious to one of ordinary skill in the art at the time of filing of the invention to modify Waghorn’s computer system to further comprise game computer, as disclosed by Golovkin, as one of alternative electronic devices that need to be protected from malware.
As regarding claims 2, Waghorn and Golovkin further disclose The method of claim 1, wherein the game engine sensor comprises a file system monitor, a process monitor, an authentication monitor, a download monitor, a screenshot monitor, a removable media monitor, a synthetic click monitor, a volume monitor, a user activity resumption monitor, a camera monitor, a microphone monitor, or any combination thereof [Waghorn para 184].  

As regarding claims 3, Waghorn and Golovkin further disclose The method of claim 1, wherein the second data includes a type of the monitored event, a path of the monitored event, directory information associated with the monitored event, app information associated with the monitored event, or any combination thereof [Waghorn para 184].  

As regarding claims 4, Waghorn and Golovkin further disclose The method of claim 1, wherein the second data includes information regarding a file associated with the monitored event, whether the file is modified, information regarding content of the file, or any combination thereof [Waghorn para. 184].  

As regarding claims 5, Waghorn and Golovkin further disclose The method of claim 1, wherein the second data includes information regarding an executing process associated with the monitored event [Waghorn para. 176-186].  

As regarding claims 6, Waghorn and Golovkin further disclose The method of claim 1, wherein the second data includes tag data associated with the monitored event, the tag data determined by at least one of the first logic block or the second logic block [Waghorn para. 176-186].  

As regarding claims 8, Waghorn and Golovkin further disclose The method of claim 1, wherein the at least one action comprises updating the system state [Waghorn para. 171].  

As regarding claims 9, Waghorn and Golovkin further disclose The method of claim 1, wherein the at least one action comprises generating an alert [Waghorn para. 23].  

As regarding claims 10, Waghorn and Golovkin further disclose The method of claim 1, wherein the at least one action comprises quarantining a file, deleting a file, gathering additional data regarding the monitored event, terminating a process, adjusting a firewall, terminating a network connection, or any combination thereof [Waghorn para. 23].  

As regarding claims 11, Waghorn and Golovkin further disclose The method of claim 1, wherein the game engine logic controller is executed by a mobile device management (MDM) server, and wherein the monitored event occurs at a first managed computing device remote from the MDM server [Waghorn para. 43 and 46].  

As regarding claims 13, Waghorn and Golovkin further disclose The method of claim 11, wherein the system state comprises state information associated with a plurality of managed computing devices [Waghorn para. 176-186].  

As regarding claims 14, Waghorn and Golovkin further disclose The method of claim 1, wherein the at least one action comprises initiating sending of a command to a plurality of managed computing devices [Waghorn para. 141].  

As regarding claims 15, Waghorn and Golovkin further disclose The method of claim 1, further comprising querying the system state based on at least a portion of the second data [Waghorn para. 176-186].  

As regarding claims 17, Waghorn and Golovkin further disclose The system of claim 16, further comprising a mobile device management (MDM) server that includes the at least one processor and the memory [Waghorn para. 64-67].  

As regarding claims 18, Waghorn and Golovkin further disclose The system of claim 17, wherein the monitored event occurs at a first managed computing device remote from the MDM server [para. 43 and 46], and wherein the at least one action comprises initiating sending of a command to a second managed computing device that is distinct from the first managed computing device [Waghorn para. 141].  










Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433